gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-21 23:00:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

dynamic: fix some tests

Browse Source
This commit is contained in:
Willi Ballenthin
2023-10-17 11:41:40 +00:00
parent bf233c1c7a
commit 44d05f9498
6 changed files with 15 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
capa/features/freeze/__init__.py
View File

@@ -658,6 +658,7 @@ def main(argv=None):
parser.add_argument("output", type=str, help="Path to output file") parser.add_argument("output", type=str, help="Path to output file")
args = parser.parse_args(args=argv) args = parser.parse_args(args=argv)
capa.main.handle_common_args(args) capa.main.handle_common_args(args)
capa.main.handle_signatures_arg(args)
sigpaths = capa.main.get_signatures(args.signatures) sigpaths = capa.main.get_signatures(args.signatures)

3
capa/main.py
View File

@@ -1556,9 +1556,6 @@ def main(argv: Optional[List[str]] = None):
# and use those for extracting. # and use those for extracting.
try: try:
if format_ not in DYNAMIC_FORMATS:
# signatures are loaded only for static anaylsis
handle_signatures_arg(args)
if format_ == FORMAT_PE: if format_ == FORMAT_PE:
sig_paths = get_signatures(args.signatures) sig_paths = get_signatures(args.signatures)
else: else:

3
capa/rules/__init__.py
View File

@@ -931,12 +931,13 @@ class Rule:
def from_dict(cls, d: Dict[str, Any], definition: str) -> "Rule": def from_dict(cls, d: Dict[str, Any], definition: str) -> "Rule":
meta = d["rule"]["meta"] meta = d["rule"]["meta"]
name = meta["name"] name = meta["name"]
# if scope is not specified, default to function scope. # if scope is not specified, default to function scope.
# this is probably the mode that rule authors will start with. # this is probably the mode that rule authors will start with.
# each rule has two scopes, a static-flavor scope, and a # each rule has two scopes, a static-flavor scope, and a
# dynamic-flavor one. which one is used depends on the analysis type. # dynamic-flavor one. which one is used depends on the analysis type.
if "scope" in meta: if "scope" in meta:
raise InvalidRule("rule is in legacy mode (has scope meta field). please update to the new syntax.") raise InvalidRule(f"legacy rule detected (rule.meta.scope), please update to the new syntax: {name}")
elif "scopes" in meta: elif "scopes" in meta:
scopes_ = meta.get("scopes") scopes_ = meta.get("scopes")
else: else:

2
rules

Submodule rules updated: 9cb8848b03...796b5b3a22

8
scripts/lint.py
View File

@@ -216,8 +216,8 @@ class InvalidScopes(Lint):
recommendation = "At least one scope (static or dynamic) must be specified" recommendation = "At least one scope (static or dynamic) must be specified"
def check_rule(self, ctx: Context, rule: Rule): def check_rule(self, ctx: Context, rule: Rule):
return (rule.meta.get("scope").get("static") in ("unspecified", "unsupported")) and ( return (rule.meta.get("scopes").get("static") in ("unspecified", "unsupported")) and (
rule.meta.get("scope").get("dynamic") in ("unspecified", "unsupported") rule.meta.get("scopes").get("dynamic") in ("unspecified", "unsupported")
) )
@@ -979,10 +979,6 @@ def main(argv=None):
default_samples_path = str(Path(__file__).resolve().parent.parent / "tests" / "data") default_samples_path = str(Path(__file__).resolve().parent.parent / "tests" / "data")
# TODO(yelhamer): remove once support for the legacy scope field has been added
# https://github.com/mandiant/capa/pull/1580
return 0
parser = argparse.ArgumentParser(description="Lint capa rules.") parser = argparse.ArgumentParser(description="Lint capa rules.")
capa.main.install_common_args(parser, wanted={"tag"}) capa.main.install_common_args(parser, wanted={"tag"})
parser.add_argument("rules", type=str, action="append", help="Path to rules") parser.add_argument("rules", type=str, action="append", help="Path to rules")

15
tests/test_rules.py
View File

@@ -420,8 +420,11 @@ def test_rules_flavor_filtering():
def test_meta_scope_keywords(): def test_meta_scope_keywords():
for static_scope in sorted(capa.rules.STATIC_SCOPES): static_scopes = list(sorted(map(lambda e: e.value, capa.rules.STATIC_SCOPES)))
for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES): dynamic_scopes = list(sorted(map(lambda e: e.value, capa.rules.DYNAMIC_SCOPES)))
for static_scope in static_scopes:
for dynamic_scope in dynamic_scopes:
_ = capa.rules.Rule.from_yaml( _ = capa.rules.Rule.from_yaml(
textwrap.dedent( textwrap.dedent(
f""" f"""
@@ -439,7 +442,7 @@ def test_meta_scope_keywords():
) )
# its also ok to specify "unsupported" # its also ok to specify "unsupported"
for static_scope in sorted(capa.rules.STATIC_SCOPES): for static_scope in static_scopes:
_ = capa.rules.Rule.from_yaml( _ = capa.rules.Rule.from_yaml(
textwrap.dedent( textwrap.dedent(
f""" f"""
@@ -455,7 +458,7 @@ def test_meta_scope_keywords():
""" """
) )
) )
for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES): for dynamic_scope in dynamic_scopes:
_ = capa.rules.Rule.from_yaml( _ = capa.rules.Rule.from_yaml(
textwrap.dedent( textwrap.dedent(
f""" f"""
@@ -473,7 +476,7 @@ def test_meta_scope_keywords():
) )
# its also ok to specify "unspecified" # its also ok to specify "unspecified"
for static_scope in sorted(capa.rules.STATIC_SCOPES): for static_scope in static_scopes:
_ = capa.rules.Rule.from_yaml( _ = capa.rules.Rule.from_yaml(
textwrap.dedent( textwrap.dedent(
f""" f"""
@@ -489,7 +492,7 @@ def test_meta_scope_keywords():
""" """
) )
) )
for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES): for dynamic_scope in dynamic_scopes:
_ = capa.rules.Rule.from_yaml( _ = capa.rules.Rule.from_yaml(
textwrap.dedent( textwrap.dedent(
f""" f"""