Update dotnet-main (#979)

* Sync capa rules submodule * Sync capa-testfiles submodule * Sync capa rules submodule * changelog * *: remove /x32 and /x64 flavors from number and offset features * *: remove more references to /x32 and /x64 * linter: accept instruction scope * rules: fix max operand index (4) * API: better support A/W functions * vverbose: show lib rule matches * main: accept multiple paths to rules * main: fix removal of default rules path * lint: fix rules path * changelog * capa_as_library: fix rules path is list now * main: better handle multiple rules paths * main: bail if python 3.6 or below closes #964 * ida: readme: remove python 3.6 support * capa2yara: fix rules paths * render: meta: display rule paths on separate lines closes #971 * render: verbose: add doc * verbose: make rule path multiline more concise * vverbose: don't show examples in output closes #970 * vverbose: render subscope name, like "basic block:" closes #963 * build(deps-dev): bump pytest from 7.0.1 to 7.1.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.1 to 7.1.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.1.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * ci: build: update pip and setuptools * ci: build: bump pyinstall to v4.10 * Sync capa rules submodule * Dotnet mixed mode detect (#969) * feat: start dotnet detection (#955) * feat: start dotnet detection * Apply suggestions from code review Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com> * refactor: dn instead of dotnet * refactor: format branches, extractor reorg * refactor: format selection and dotnet detect * feat: get format, arch, os * refactor: log errors and exceptions * ci: also test and build for dotnet-main dev * fix: import path * fix: circular dep * fix: remove buf argument feat: get runtime meta data * fix: log unsupported runtime error * fix: type ignore Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com> * fix: imports and add tests * feat: detect mixed mode and tests * feat: start dotnet detection (#955) * feat: start dotnet detection * Apply suggestions from code review Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com> * refactor: dn instead of dotnet * refactor: format branches, extractor reorg * refactor: format selection and dotnet detect * feat: get format, arch, os * refactor: log errors and exceptions * ci: also test and build for dotnet-main dev * fix: import path * fix: circular dep * fix: remove buf argument feat: get runtime meta data * fix: log unsupported runtime error * fix: type ignore Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com> * fix: imports and add tests Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com> * test: checkout submodules recursively Co-authored-by: Capa Bot <capa-dev@mandiant.com> Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-26 03:04:56 -08:00 · 2022-04-07 17:45:29 +02:00
parent 97e76a88e3
commit 65552575f8
26 changed files with 147 additions and 280 deletions
--- a/scripts/capa2yara.py
+++ b/scripts/capa2yara.py
@@ -43,7 +43,7 @@ import capa.rules
 import capa.engine
 import capa.features
 import capa.features.insn
-from capa.features.common import BITNESS_X32, BITNESS_X64, String
+from capa.features.common import String

 logger = logging.getLogger("capa2yara")

@@ -703,7 +703,7 @@ def main(argv=None):
    logging.getLogger("capa2yara").setLevel(level)

    try:
-        rules = capa.main.get_rules(args.rules, disable_progress=True)
+        rules = capa.main.get_rules([args.rules], disable_progress=True)
        namespaces = capa.rules.index_rules_by_namespace(list(rules))
        rules = capa.rules.RuleSet(rules)
        logger.info("successfully loaded %s rules (including subscope rules which will be ignored)", len(rules))
--- a/scripts/capa_as_library.py
+++ b/scripts/capa_as_library.py
@@ -17,7 +17,7 @@ from capa.engine import *
 RULES_PATH = "/tmp/capa/rules/"

 # load rules from disk
-rules = capa.rules.RuleSet(capa.main.get_rules(RULES_PATH, disable_progress=True))
+rules = capa.rules.RuleSet(capa.main.get_rules([RULES_PATH], disable_progress=True))

 # == Render ddictionary helpers
 def render_meta(doc, ostream):
--- a/scripts/lint.py
+++ b/scripts/lint.py
@@ -162,10 +162,10 @@ class MissingScope(Lint):

 class InvalidScope(Lint):
    name = "invalid scope"
-    recommendation = "Use only file, function, or basic block rule scopes"
+    recommendation = "Use only file, function, basic block, or instruction rule scopes"

    def check_rule(self, ctx: Context, rule: Rule):
-        return rule.meta.get("scope") not in ("file", "function", "basic block")
+        return rule.meta.get("scope") not in ("file", "function", "basic block", "instruction")


 class MissingAuthor(Lint):
@@ -963,7 +963,7 @@ def main(argv=None):

    parser = argparse.ArgumentParser(description="Lint capa rules.")
    capa.main.install_common_args(parser, wanted={"tag"})
-    parser.add_argument("rules", type=str, help="Path to rules")
+    parser.add_argument("rules", type=str, action="append", help="Path to rules")
    parser.add_argument("--samples", type=str, default=samples_path, help="Path to samples")
    parser.add_argument(
        "--thorough",