cape: detect OS via info.machine.platform

2026-02-04 19:12:01 -08:00 · 2025-03-19 15:06:42 +00:00
parent 1572dd87ed
commit 3acc0fe147
2 changed files with 9 additions and 0 deletions
--- a/capa/features/extractors/cape/global_.py
+++ b/capa/features/extractors/cape/global_.py
@@ -81,6 +81,10 @@ def extract_os(report: CapeReport) -> Iterator[tuple[Feature, Address]]:
            # if the operating system information is missing from the cape report, it's likely a bug
            logger.warning("unrecognized OS: %s", file_output)
            raise ValueError(f"unrecognized OS from the CAPE report; output of file command: {file_output}")
+    elif report.info.machine and report.info.machine.platform == "windows":
+        yield OS(OS_WINDOWS), NO_ADDRESS
+    elif report.info.machine and report.info.machine.platform == "linux":
+        yield OS(OS_LINUX), NO_ADDRESS
    else:
        # the sample is shellcode
        logger.debug("unsupported file format, file command output: %s", file_output)
--- a/capa/features/extractors/cape/models.py
+++ b/capa/features/extractors/cape/models.py
@@ -71,8 +71,13 @@ Emptydict: TypeAlias = BaseModel
 EmptyList: TypeAlias = list[Any]


+class Machine(FlexibleModel):
+    platform: Optional[str] = None
+
+
 class Info(FlexibleModel):
    version: str
+    machine: Optional[Machine] = None


 class ImportedSymbol(FlexibleModel):