diff --git a/capa/engine.py b/capa/engine.py index d7ff81f6..601ddd34 100644 --- a/capa/engine.py +++ b/capa/engine.py @@ -87,11 +87,11 @@ class And(Statement): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.and"] += 1 + capa.perf.counters["evaluate.feature.and"] += 1 results = [] for child in self.children: - result = child.evaluate(ctx) + result = child.evaluate(ctx) results.append(result) if not result: # short circuit @@ -103,7 +103,7 @@ class And(Statement): class Or(Statement): """ match if any of the children evaluate to True. - + the order of evaluation is dicated by the property `Or.children` (type: List[Statement|Feature]). a query optimizer may safely manipulate the order of these children. @@ -115,7 +115,7 @@ class Or(Statement): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.or"] += 1 + capa.perf.counters["evaluate.feature.or"] += 1 results = [] for child in self.children: @@ -137,8 +137,8 @@ class Not(Statement): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.not"] += 1 - + capa.perf.counters["evaluate.feature.not"] += 1 + results = [self.child.evaluate(ctx)] success = not results[0] return Result(success, self, results) @@ -160,8 +160,8 @@ class Some(Statement): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.some"] += 1 - + capa.perf.counters["evaluate.feature.some"] += 1 + results = [] for child in self.children: result = child.evaluate(ctx) @@ -184,8 +184,8 @@ class Range(Statement): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.range"] += 1 - + capa.perf.counters["evaluate.feature.range"] += 1 + count = len(ctx.get(self.child, [])) if self.min == 0 and count == 0: return Result(True, self, []) diff --git a/capa/features/common.py b/capa/features/common.py index 0f01ef52..a40201e3 100644 --- a/capa/features/common.py +++ b/capa/features/common.py @@ -190,7 +190,7 @@ class Substring(String): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.substring"] += 1 + capa.perf.counters["evaluate.feature.substring"] += 1 # mapping from string value to list of locations. # will unique the locations later on. @@ -278,8 +278,8 @@ class Regex(String): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.regex"] += 1 - + capa.perf.counters["evaluate.feature.regex"] += 1 + # mapping from string value to list of locations. # will unique the locations later on. matches = collections.defaultdict(list) @@ -364,8 +364,8 @@ class Bytes(Feature): def evaluate(self, ctx): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.bytes"] += 1 - + capa.perf.counters["evaluate.feature.bytes"] += 1 + for feature, locations in ctx.items(): if not isinstance(feature, (Bytes,)): continue diff --git a/capa/rules.py b/capa/rules.py index 038f4d73..b49f7ee1 100644 --- a/capa/rules.py +++ b/capa/rules.py @@ -622,7 +622,7 @@ class Rule: def evaluate(self, features: FeatureSet): capa.perf.counters["evaluate.feature"] += 1 - capa.perf.counters["evaluate.feature.rule"] += 1 + capa.perf.counters["evaluate.feature.rule"] += 1 return self.statement.evaluate(features) @classmethod @@ -1053,7 +1053,7 @@ class RuleSet: # # this should be all hash-lookup features. # see below. - + elif isinstance(node, (capa.features.common.Substring, capa.features.common.Regex)): # substring and regex features require a full scan of each string # which we anticipate is more expensive then a hash lookup feature (e.g. mnemonic or count). @@ -1070,7 +1070,7 @@ class RuleSet: # the cost of these nodes is the full cost of their children # as this is the worst-case scenario. return sum(map(RuleSet._get_node_cost, node.children)) - + else: # this should be all hash-lookup features. # we give this a arbitrary weight of 1.