dynamic: fix some tests

2025-12-21 23:00:29 -08:00 · 2023-10-17 11:41:40 +00:00
parent bf233c1c7a
commit 44d05f9498
6 changed files with 15 additions and 17 deletions
--- a/capa/features/freeze/init.py
+++ b/capa/features/freeze/init.py
@@ -658,6 +658,7 @@ def main(argv=None):
    parser.add_argument("output", type=str, help="Path to output file")
    args = parser.parse_args(args=argv)
    capa.main.handle_common_args(args)
+    capa.main.handle_signatures_arg(args)

    sigpaths = capa.main.get_signatures(args.signatures)

--- a/capa/main.py
+++ b/capa/main.py
@@ -1556,9 +1556,6 @@ def main(argv: Optional[List[str]] = None):
            # and use those for extracting.

            try:
-                if format_ not in DYNAMIC_FORMATS:
-                    # signatures are loaded only for static anaylsis
-                    handle_signatures_arg(args)
                if format_ == FORMAT_PE:
                    sig_paths = get_signatures(args.signatures)
                else:
--- a/capa/rules/init.py
+++ b/capa/rules/init.py
@@ -931,12 +931,13 @@ class Rule:
    def from_dict(cls, d: Dict[str, Any], definition: str) -> "Rule":
        meta = d["rule"]["meta"]
        name = meta["name"]
+
        # if scope is not specified, default to function scope.
        # this is probably the mode that rule authors will start with.
        # each rule has two scopes, a static-flavor scope, and a
        # dynamic-flavor one. which one is used depends on the analysis type.
        if "scope" in meta:
-            raise InvalidRule("rule is in legacy mode (has scope meta field). please update to the new syntax.")
+            raise InvalidRule(f"legacy rule detected (rule.meta.scope), please update to the new syntax: {name}")
        elif "scopes" in meta:
            scopes_ = meta.get("scopes")
        else:
--- a/2
+++ b/2
--- a/scripts/lint.py
+++ b/scripts/lint.py
@@ -216,8 +216,8 @@ class InvalidScopes(Lint):
    recommendation = "At least one scope (static or dynamic) must be specified"

    def check_rule(self, ctx: Context, rule: Rule):
-        return (rule.meta.get("scope").get("static") in ("unspecified", "unsupported")) and (
-            rule.meta.get("scope").get("dynamic") in ("unspecified", "unsupported")
+        return (rule.meta.get("scopes").get("static") in ("unspecified", "unsupported")) and (
+            rule.meta.get("scopes").get("dynamic") in ("unspecified", "unsupported")
        )


@@ -979,10 +979,6 @@ def main(argv=None):

    default_samples_path = str(Path(__file__).resolve().parent.parent / "tests" / "data")

-    # TODO(yelhamer): remove once support for the legacy scope field has been added
-    # https://github.com/mandiant/capa/pull/1580
-    return 0
-
    parser = argparse.ArgumentParser(description="Lint capa rules.")
    capa.main.install_common_args(parser, wanted={"tag"})
    parser.add_argument("rules", type=str, action="append", help="Path to rules")
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -420,8 +420,11 @@ def test_rules_flavor_filtering():


 def test_meta_scope_keywords():
-    for static_scope in sorted(capa.rules.STATIC_SCOPES):
-        for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
+    static_scopes = list(sorted(map(lambda e: e.value, capa.rules.STATIC_SCOPES)))
+    dynamic_scopes = list(sorted(map(lambda e: e.value, capa.rules.DYNAMIC_SCOPES)))
+
+    for static_scope in static_scopes:
+        for dynamic_scope in dynamic_scopes:
            _ = capa.rules.Rule.from_yaml(
                textwrap.dedent(
                    f"""
@@ -439,7 +442,7 @@ def test_meta_scope_keywords():
            )

    # its also ok to specify "unsupported"
-    for static_scope in sorted(capa.rules.STATIC_SCOPES):
+    for static_scope in static_scopes:
        _ = capa.rules.Rule.from_yaml(
            textwrap.dedent(
                f"""
@@ -455,7 +458,7 @@ def test_meta_scope_keywords():
                """
            )
        )
-    for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
+    for dynamic_scope in dynamic_scopes:
        _ = capa.rules.Rule.from_yaml(
            textwrap.dedent(
                f"""
@@ -473,7 +476,7 @@ def test_meta_scope_keywords():
        )

    # its also ok to specify "unspecified"
-    for static_scope in sorted(capa.rules.STATIC_SCOPES):
+    for static_scope in static_scopes:
        _ = capa.rules.Rule.from_yaml(
            textwrap.dedent(
                f"""
@@ -489,7 +492,7 @@ def test_meta_scope_keywords():
                """
            )
        )
-    for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
+    for dynamic_scope in dynamic_scopes:
        _ = capa.rules.Rule.from_yaml(
            textwrap.dedent(
                f"""