From 4da1addfb34d511576e2e294a670ebe34a4314df Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Wed, 22 Apr 2026 21:54:53 +0300 Subject: [PATCH] fix: invert scope filter in import-to-ida.py so function-scope rules are annotated The condition was skipping FUNCTION-scope rules instead of keeping them, causing the script to never annotate any functions. Invert to match the correct logic in import-to-bn.py. --- CHANGELOG.md | 1 + scripts/import-to-ida.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f7686a6..25b46128 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -50,6 +50,7 @@ - fix: correct wrong dict key in VMRay _compute_monitor_threads assertion (used thread_id instead of process_id) @williballenthin fix: replace assert with isinstance guard in get_callee for invalid MethodSpec tokens @williballenthin - fix: replace assert with isinstance guard in get_callee for invalid MethodSpec tokens @williballenthin +- fix: invert scope filter in import-to-ida.py so function-scope rules are annotated instead of skipped @williballenthin (SURF-81) - fix: remove dead string literal in test_detect_duplicate_features @williballenthin (SURF-80) - fix: remove duplicate Rule.from_yaml call in test_scope_instruction_description @williballenthin (SURF-79) - fix: remove unused imports of capa.helpers, capa.features.basicblock, and redundant bare capa.features.extractors.base_extractor from test_freeze_dynamic.py @williballenthin (SURF-78) diff --git a/scripts/import-to-ida.py b/scripts/import-to-ida.py index 3c468c41..4aba6894 100644 --- a/scripts/import-to-ida.py +++ b/scripts/import-to-ida.py @@ -96,7 +96,7 @@ def main(): continue if rule.meta.is_subscope_rule: continue - if rule.meta.scopes.static == capa.rules.Scope.FUNCTION: + if rule.meta.scopes.static != capa.rules.Scope.FUNCTION: continue ns = rule.meta.namespace