From 51d606bc0d5c10f2df7b0e036b3b951c7c1cfbb5 Mon Sep 17 00:00:00 2001 From: mr-tz Date: Fri, 13 Dec 2024 11:51:47 +0000 Subject: [PATCH] use default emptry list for ElfFileSection --- capa/features/extractors/vmray/__init__.py | 10 +++++----- capa/features/extractors/vmray/models.py | 2 +- tests/test_vmray_model.py | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/capa/features/extractors/vmray/__init__.py b/capa/features/extractors/vmray/__init__.py index 71d9afd1..94226a5a 100644 --- a/capa/features/extractors/vmray/__init__.py +++ b/capa/features/extractors/vmray/__init__.py @@ -151,9 +151,8 @@ class VMRayAnalysis: for pefile_section in self.sample_file_static_data.pe.sections: self.sections[pefile_section.virtual_address] = pefile_section.name elif self.sample_file_static_data.elf: - if self.sample_file_static_data.elf.sections: - for elffile_section in self.sample_file_static_data.elf.sections: - self.sections[elffile_section.header.sh_addr] = elffile_section.header.sh_name + for elffile_section in self.sample_file_static_data.elf.sections: + self.sections[elffile_section.header.sh_addr] = elffile_section.header.sh_name def _compute_monitor_processes(self): for process in self.sv2.processes.values(): @@ -193,13 +192,14 @@ class VMRayAnalysis: # for the other fields we've observed cases with slight deviations, e.g., # the ppid for a process in flog.xml is not set correctly, all other data is equal sv2p = self.monitor_processes[monitor_process.process_id] + if self.monitor_processes[monitor_process.process_id] != vmray_monitor_process: + logger.debug("processes differ: %s (sv2) vs. %s (flog)", sv2p, vmray_monitor_process) + assert (sv2p.pid, sv2p.monitor_id, sv2p.origin_monitor_id) == ( vmray_monitor_process.pid, vmray_monitor_process.monitor_id, vmray_monitor_process.origin_monitor_id, ) - if self.monitor_processes[monitor_process.process_id] != vmray_monitor_process: - logger.debug("processes differ: %s (sv2) vs. %s (flog)", sv2p, vmray_monitor_process) def _compute_monitor_threads(self): for monitor_thread in self.flog.analysis.monitor_threads: diff --git a/capa/features/extractors/vmray/models.py b/capa/features/extractors/vmray/models.py index 36cd261e..761a879b 100644 --- a/capa/features/extractors/vmray/models.py +++ b/capa/features/extractors/vmray/models.py @@ -276,7 +276,7 @@ class ElfFileHeader(BaseModel): class ElfFile(BaseModel): # file_header: ElfFileHeader - sections: Optional[list[ElfFileSection]] = None + sections: list[ElfFileSection] = [] class StaticData(BaseModel): diff --git a/tests/test_vmray_model.py b/tests/test_vmray_model.py index 58d8a9cc..c693b663 100644 --- a/tests/test_vmray_model.py +++ b/tests/test_vmray_model.py @@ -103,8 +103,8 @@ def test_vmray_model_elffile(): """ ) - assert elffile.sections and elffile.sections[0].header.sh_name == "abcd1234" - assert elffile.sections and elffile.sections[0].header.sh_addr == 2863311530 + assert elffile.sections[0].header.sh_name == "abcd1234" + assert elffile.sections[0].header.sh_addr == 2863311530 def test_vmray_model_pefile():