rules: scopes can now have subscope blocks with same scope (#2584)

2025-12-05 20:40:05 -08:00 · 2025-02-03 19:54:05 +01:00
parent 923e5e1130
commit 6d19226ee9
4 changed files with 80 additions and 27 deletions
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -515,6 +515,36 @@ def test_meta_scope_keywords():
        )


+def test_subscope_same_as_scope():
+    static_scopes = sorted(
+        [e.value for e in capa.rules.STATIC_SCOPES if e not in (capa.rules.Scope.FILE, capa.rules.Scope.GLOBAL)]
+    )
+    dynamic_scopes = sorted(
+        [e.value for e in capa.rules.DYNAMIC_SCOPES if e not in (capa.rules.Scope.FILE, capa.rules.Scope.GLOBAL)]
+    )
+
+    for static_scope in static_scopes:
+        for dynamic_scope in dynamic_scopes:
+            _ = capa.rules.Rule.from_yaml(
+                textwrap.dedent(
+                    f"""
+                    rule:
+                        meta:
+                            name: test rule
+                            scopes:
+                                static: {static_scope}
+                                dynamic: {dynamic_scope}
+                        features:
+                            - or:
+                                - {static_scope}:
+                                    - format: pe
+                                - {dynamic_scope}:
+                                    - format: pe
+                    """
+                )
+            )
+
+
 def test_lib_rules():
    rules = capa.rules.RuleSet(
        [