fix: loader.py reads entire file for magic byte check

Closes #3029
2026-04-28 11:53:20 -07:00 · 2026-04-22 09:58:56 +03:00
parent b130e48f7a
commit 53b79fa1d6
2 changed files with 4 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -47,6 +47,8 @@

 - fix: freeze/__init__.py: logically impossible condition @williballenthin #3030

+- fix: loader.py reads entire file for magic byte check @williballenthin #3029
+
 ### capa Explorer Web

 ### capa Explorer IDA Pro plugin
--- a/capa/loader.py
+++ b/capa/loader.py
@@ -23,6 +23,7 @@ from rich.console import Console
 from typing_extensions import assert_never

 import capa.rules
+import capa.helpers
 import capa.version
 import capa.features.common
 import capa.features.freeze as frz
@@ -496,8 +497,7 @@ def _get_binexport2_file_extractors(input_file: Path) -> list[FeatureExtractor]:
        input_file, be2, [Path(os.environ.get("CAPA_SAMPLES_DIR", "."))]
    )

-    with sample_path.open("rb") as f:
-        taste = f.read()
+    taste = capa.helpers.get_file_taste(sample_path)

    if taste.startswith(capa.features.extractors.common.MATCH_PE):
        return get_file_extractors(sample_path, FORMAT_PE)