From dac103c621177eb3e967e781583d910859e9c0ec Mon Sep 17 00:00:00 2001 From: Yacine Elhamer <16624109+yelhamer@users.noreply.github.com> Date: Fri, 9 Jun 2023 09:03:09 +0000 Subject: [PATCH 1/3] fix bad comment Co-authored-by: Moritz --- capa/features/extractors/base_extractor.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capa/features/extractors/base_extractor.py b/capa/features/extractors/base_extractor.py index e3b780d1..b006c762 100644 --- a/capa/features/extractors/base_extractor.py +++ b/capa/features/extractors/base_extractor.py @@ -341,7 +341,7 @@ class DynamicExtractor(FeatureExtractor): """ Yields all the features of a thread. These include: - sequenced api traces - - files/registris interacted with + - file/registry interactions - network activity """ raise NotImplementedError() From f243749d38bb831c429c9d717cc6c5700b1c3845 Mon Sep 17 00:00:00 2001 From: Yacine Elhamer <16624109+yelhamer@users.noreply.github.com> Date: Fri, 9 Jun 2023 09:03:49 +0000 Subject: [PATCH 2/3] get_threads(): fix mypy typing Co-authored-by: Moritz --- capa/features/extractors/base_extractor.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capa/features/extractors/base_extractor.py b/capa/features/extractors/base_extractor.py index b006c762..9911fd13 100644 --- a/capa/features/extractors/base_extractor.py +++ b/capa/features/extractors/base_extractor.py @@ -327,7 +327,7 @@ class DynamicExtractor(FeatureExtractor): raise NotImplementedError() @abc.abstractmethod - def get_threads(self, ph: ProcessHandle) -> Iterator[ProcessHandle]: + def get_threads(self, ph: ProcessHandle) -> Iterator[ThreadHandle]: """ Yields all the threads that a process created. From a6ca3aaa666d80614d8b700abac36c46f439e629 Mon Sep 17 00:00:00 2001 From: Yacine Elhamer Date: Tue, 13 Jun 2023 14:23:50 +0100 Subject: [PATCH 3/3] remove from_trace() and submit_sample() methods --- capa/features/extractors/base_extractor.py | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/capa/features/extractors/base_extractor.py b/capa/features/extractors/base_extractor.py index 9911fd13..c3d04736 100644 --- a/capa/features/extractors/base_extractor.py +++ b/capa/features/extractors/base_extractor.py @@ -345,22 +345,3 @@ class DynamicExtractor(FeatureExtractor): - network activity """ raise NotImplementedError() - - @abc.abstractclassmethod - def from_trace(cls, trace: TextIO) -> "DynamicExtractor": - """ - Most sandboxes provide reports in a serialized text format (i.e. JSON for Cuckoo and CAPE). - This routine takes a file descriptor of such report (analysis trace) and returns a corresponding DynamicExtractor object. - """ - raise NotImplementedError() - - @abc.abstractclassmethod - def submit_sample(cls, sample: BinaryIO, api: Dict[str, str]) -> "DynamicExtractor": - """ - This routine takes a sample and submits it for analysis to the provided api. The trace should then ideally be passed to the from_trace() method. - - Attributes: - sample: file descriptor of the sample - api: contains information such as the uri, api key, etc. - """ - raise NotImplementedError()