From 51ad526cfc98d573559706e22bb80c005204f2b0 Mon Sep 17 00:00:00 2001
From: doomedraven <doomedraven@users.noreply.github.com>
Date: Tue, 1 Dec 2020 11:20:49 +0100
Subject: [PATCH 1/2] Simple example how to use capa as library

Just quick example how to use capa as library, to save time to someone, reading code and scripts
---
 scripts/capa_as_library.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 scripts/capa_as_library.py

diff --git a/scripts/capa_as_library.py b/scripts/capa_as_library.py
new file mode 100644
index 00000000..8f7b564c
--- /dev/null
+++ b/scripts/capa_as_library.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+import json
+import capa.main
+import capa.rules
+import capa.engine
+import capa.features
+from capa.engine import *
+
+sample_path = "path/to/file"
+
+capa.main.RULES_PATH_DEFAULT_STRING = "/tmp/capa/rules/"
+rules = capa.main.get_rules(capa.main.RULES_PATH_DEFAULT_STRING, disable_progress=True)
+rules = capa.rules.RuleSet(rules)
+
+extractor = capa.main.get_extractor(sample_path, "auto", disable_progress=True)
+meta = capa.main.collect_metadata("", sample_path,capa.main.RULES_PATH_DEFAULT_STRING, "auto", extractor)
+capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True)
+meta["analysis"].update(counts)
+
+capa_json = json.loads(capa.render.render_json(meta, rules, capabilities))
+capa_texttable = capa.render.render_default(meta, rules, capabilities)

From eac7e2b7496ad37b90e3c235c6153441b4a6a5e9 Mon Sep 17 00:00:00 2001
From: Willi Ballenthin <willi.ballenthin@gmail.com>
Date: Tue, 1 Dec 2020 06:54:55 -0700
Subject: [PATCH 2/2] capa_as_library: style and comments

---
 scripts/capa_as_library.py | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/scripts/capa_as_library.py b/scripts/capa_as_library.py
index 8f7b564c..6190c377 100644
--- a/scripts/capa_as_library.py
+++ b/scripts/capa_as_library.py
@@ -1,22 +1,31 @@
 #!/usr/bin/env python3
 
 import json
+
 import capa.main
 import capa.rules
 import capa.engine
 import capa.features
 from capa.engine import *
 
-sample_path = "path/to/file"
+# edit this to set the path for file to analyze and rule directory
+SAMPLE_PATH = "path/to/file"
+RULES_PATH = "/tmp/capa/rules/"
 
-capa.main.RULES_PATH_DEFAULT_STRING = "/tmp/capa/rules/"
-rules = capa.main.get_rules(capa.main.RULES_PATH_DEFAULT_STRING, disable_progress=True)
+# load rules from disk
+rules = capa.main.get_rules(RULES_PATH, disable_progress=True)
 rules = capa.rules.RuleSet(rules)
 
-extractor = capa.main.get_extractor(sample_path, "auto", disable_progress=True)
-meta = capa.main.collect_metadata("", sample_path,capa.main.RULES_PATH_DEFAULT_STRING, "auto", extractor)
+# extract features and find capabilities
+extractor = capa.main.get_extractor(SAMPLE_PATH, "auto", disable_progress=True)
 capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True)
+
+# collect metadata (used only to make rendering more complete)
+meta = capa.main.collect_metadata("", SAMPLE_PATH, RULES_PATH, "auto", extractor)
 meta["analysis"].update(counts)
 
+# render results
+# ...as json
 capa_json = json.loads(capa.render.render_json(meta, rules, capabilities))
+# ...as human readable text table
 capa_texttable = capa.render.render_default(meta, rules, capabilities)