gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-23 07:28:34 -08:00
Code Issues Packages Projects Releases Wiki Activity

update capa_as_library for capa v2

Browse Source
This commit is contained in:
doomedraven
2021-08-18 14:23:36 +02:00
committed by GitHub
parent dfe2dbea6d
commit 5af59cecda
1 changed files with 11 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
scripts/capa_as_library.py
View File

@@ -85,7 +85,6 @@ def render_capabilities(doc, ostream):
ostream["CAPABILITY"].setdefault(rule["meta"]["namespace"], list()) ostream["CAPABILITY"].setdefault(rule["meta"]["namespace"], list())
ostream["CAPABILITY"][rule["meta"]["namespace"]].append(capability) ostream["CAPABILITY"][rule["meta"]["namespace"]].append(capability)
def render_attack(doc, ostream): def render_attack(doc, ostream):
""" """
example:: example::
@@ -104,28 +103,16 @@ def render_attack(doc, ostream):
for rule in rutils.capability_rules(doc): for rule in rutils.capability_rules(doc):
if not rule["meta"].get("att&ck"): if not rule["meta"].get("att&ck"):
continue continue
for attack in rule["meta"]["att&ck"]: for attack in rule["meta"]["att&ck"]:
tactic, _, rest = attack.partition("::") tactics[attack["tactic"]].add((attack["technique"], attack.get("subtechnique"), attack["id"]))
if "::" in rest:
technique, _, rest = rest.partition("::")
subtechnique, _, id = rest.rpartition(" ")
tactics[tactic].add((technique, subtechnique, id))
else:
technique, _, id = rest.rpartition(" ")
tactics[tactic].add((technique, id))
for tactic, techniques in sorted(tactics.items()): for tactic, techniques in sorted(tactics.items()):
inner_rows = [] inner_rows = []
for spec in sorted(techniques): for (technique, subtechnique, id) in sorted(techniques):
if len(spec) == 2: if subtechnique is None:
technique, id = spec
inner_rows.append("%s %s" % (technique, id)) inner_rows.append("%s %s" % (technique, id))
elif len(spec) == 3:
technique, subtechnique, id = spec
inner_rows.append("%s::%s %s" % (technique, subtechnique, id))
else: else:
raise RuntimeError("unexpected ATT&CK spec format") inner_rows.append("%s::%s %s" % (technique, subtechnique, id))
ostream["ATTCK"].setdefault(tactic.upper(), inner_rows) ostream["ATTCK"].setdefault(tactic.upper(), inner_rows)
@@ -150,34 +137,20 @@ def render_mbc(doc, ostream):
if not rule["meta"].get("mbc"): if not rule["meta"].get("mbc"):
continue continue
mbcs = rule["meta"]["mbc"] for mbc in rule["meta"]["mbc"]:
if not isinstance(mbcs, list): objectives[mbc["objective"]].add((mbc["behavior"], mbc.get("method"), mbc["id"]))
raise ValueError("invalid rule: MBC mapping is not a list")
for mbc in mbcs:
objective, _, rest = mbc.partition("::")
if "::" in rest:
behavior, _, rest = rest.partition("::")
method, _, id = rest.rpartition(" ")
objectives[objective].add((behavior, method, id))
else:
behavior, _, id = rest.rpartition(" ")
objectives[objective].add((behavior, id))
for objective, behaviors in sorted(objectives.items()): for objective, behaviors in sorted(objectives.items()):
inner_rows = [] inner_rows = []
for spec in sorted(behaviors): for (behavior, method, id) in sorted(behaviors):
if len(spec) == 2: if method is None:
behavior, id = spec inner_rows.append("%s [%s]" % (behavior, id))
inner_rows.append("%s %s" % (behavior, id))
elif len(spec) == 3:
behavior, method, id = spec
inner_rows.append("%s::%s %s" % (behavior, method, id))
else: else:
raise RuntimeError("unexpected MBC spec format") inner_rows.append("%s::%s [%s]" % (behavior, method, id))
ostream["MBC"].setdefault(objective.upper(), inner_rows) ostream["MBC"].setdefault(objective.upper(), inner_rows)
def render_dictionary(doc): def render_dictionary(doc):
ostream = dict() ostream = dict()
render_meta(doc, ostream) render_meta(doc, ostream)