Merge pull request #278 from fireeye/fix-268

ida: use ida-settings to persist rules directory
2026-02-04 19:12:01 -08:00 · 2020-09-02 09:27:57 +02:00
parent bf90dc075e 3d6d38c4fb
commit 76ab5da49b
2 changed files with 27 additions and 7 deletions
--- a/capa/ida/plugin/form.py
+++ b/capa/ida/plugin/form.py
@@ -12,6 +12,7 @@ import logging
 import collections

 import idaapi
+import ida_settings
 from PyQt5 import QtGui, QtCore, QtWidgets

 import capa.main
@@ -25,6 +26,7 @@ from capa.ida.plugin.model import CapaExplorerDataModel
 from capa.ida.plugin.proxy import CapaExplorerSortFilterProxyModel

 logger = logging.getLogger("capa")
+settings = ida_settings.IDASettings("capa")


 class CapaExplorerForm(idaapi.PluginForm):
@@ -303,12 +305,16 @@ class CapaExplorerForm(idaapi.PluginForm):
    def load_capa_results(self):
        """ run capa analysis and render results in UI """
        if not self.rule_path:
-            rule_path = self.ask_user_directory()
-            if not rule_path:
-                capa.ida.helpers.inform_user_ida_ui("You must select a rules directory to use for analysis.")
-                logger.warning("no rules directory selected. nothing to do.")
-                return
-            self.rule_path = rule_path
+            if "rule_path" in settings:
+                self.rule_path = settings["rule_path"]
+            else:
+                rule_path = self.ask_user_directory()
+                if not rule_path:
+                    capa.ida.helpers.inform_user_ida_ui("You must select a rules directory to use for analysis.")
+                    logger.warning("no rules directory selected. nothing to do.")
+                    return
+                self.rule_path = rule_path
+                settings.user["rule_path"] = rule_path

        logger.info("-" * 80)
        logger.info(" Using rules from %s." % self.rule_path)
@@ -520,6 +526,9 @@ class CapaExplorerForm(idaapi.PluginForm):
        if not rule_path:
            logger.warning("no rules directory selected. nothing to do.")
            return
+
        self.rule_path = rule_path
+        settings.user["rule_path"] = rule_path
+
        if 1 == idaapi.ask_yn(1, "Run analysis now?"):
            self.reload()
--- a/setup.py
+++ b/setup.py
@@ -12,7 +12,18 @@ import sys
 import setuptools

 # halo==0.0.30 is the last version to support py2.7
-requirements = ["six", "tqdm", "pyyaml", "tabulate", "colorama", "termcolor", "ruamel.yaml", "wcwidth", "halo==0.0.30"]
+requirements = [
+    "six",
+    "tqdm",
+    "pyyaml",
+    "tabulate",
+    "colorama",
+    "termcolor",
+    "ruamel.yaml",
+    "wcwidth",
+    "halo==0.0.30",
+    "ida-settings==1.0.1",
+]

 if sys.version_info >= (3, 0):
    # py3