Functioning parse_raw

2026-02-04 11:07:53 -08:00 · 2023-03-24 10:29:37 +05:30
parent 0ff22d319f
commit 248229a383
2 changed files with 32 additions and 4 deletions
--- a/capa/main.py
+++ b/capa/main.py
@@ -1126,7 +1126,9 @@ def main(argv=None):
                return E_FILE_LIMITATION
    if format_ == FORMAT_RESULT:
        with open(args.sample, "rb") as f:
-            buf = f.read()      
+            buf = f.read()
+        buf.decode("utf-8")    
+        meta, rules, capabilities = capa.render.result_document.ResultDocument.parse_raw(buf)
    elif format_ == FORMAT_FREEZE:
        with open(args.sample, "rb") as f:
            extractor = capa.features.freeze.load(f.read())
@@ -1156,8 +1158,7 @@ def main(argv=None):
        except UnsupportedOSError:
            log_unsupported_os_error()
            return E_INVALID_FILE_OS
-    
-    if not FORMAT_RESULT:
+
        meta = collect_metadata(argv, args.sample, args.rules, extractor)

        capabilities, counts = find_capabilities(rules, extractor, disable_progress=args.quiet)
--- a/capa/render/result_document.py
+++ b/capa/render/result_document.py
@@ -6,6 +6,7 @@
 #  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and limitations under the License.
 import datetime
+import json
 from typing import Any, Dict, Tuple, Union, Optional

 from pydantic import Field, BaseModel
@@ -16,7 +17,7 @@ import capa.features.common
 import capa.features.freeze as frz
 import capa.features.address
 import capa.features.freeze.features as frzf
-from capa.rules import RuleSet
+from capa.rules import Rule, RuleSet
 from capa.engine import MatchResults
 from capa.helpers import assert_never

@@ -540,3 +541,29 @@ class ResultDocument(BaseModel):
            )

        return ResultDocument(meta=Metadata.from_capa(meta), rules=rule_matches)
+
+    @classmethod
+    def parse_raw(cls, raw: str):
+        data = json.loads(raw)
+        result_doc = ResultDocument(**data)
+        meta = result_doc.meta
+
+        rules = {}
+        capabilities = {}
+        for rule_name, rule_match in result_doc.rules.items():
+            # Extract the rule definition and metadata
+            rule_definition = rule_match.source
+            rule_metadata = rule_match.meta
+        
+            # Add the rule to the rules dictionary
+            rules[rule_name] = (rule_metadata, rule_definition)
+
+            # Extract the capabilities from the RuleMatches object
+        for address, match in rule_match.matches:
+            if address not in capabilities:
+                capabilities[address] = []
+
+            capabilities[address].append((rule_name, match))
+        return meta , rules, capabilities
+
+