Merge pull request #109 from fireeye/set-rule-scopes

set rule scopes
2026-01-17 15:22:53 -08:00 · 2020-07-06 07:36:41 -06:00
parent 4f6bf0675c 50d82f98ad
commit 7ee7b143e0
2 changed files with 5 additions and 15 deletions
--- a/capa/rules.py
+++ b/capa/rules.py
@@ -58,24 +58,11 @@ SUPPORTED_FEATURES = {
        capa.features.String,
    },
    FUNCTION_SCOPE: {
-        capa.features.MatchedRule,
-        capa.features.insn.API,
-        capa.features.insn.Number,
-        capa.features.String,
-        capa.features.Bytes,
-        capa.features.insn.Offset,
-        capa.features.insn.Mnemonic,
+        # plus basic block scope features, see below
        capa.features.basicblock.BasicBlock,
        capa.features.Characteristic("switch"),
-        capa.features.Characteristic("nzxor"),
-        capa.features.Characteristic("peb access"),
-        capa.features.Characteristic("fs access"),
-        capa.features.Characteristic("gs access"),
-        capa.features.Characteristic("cross section flow"),
-        capa.features.Characteristic("stack string"),
        capa.features.Characteristic("calls from"),
        capa.features.Characteristic("calls to"),
-        capa.features.Characteristic("indirect call"),
        capa.features.Characteristic("loop"),
        capa.features.Characteristic("recursive call"),
    },
@@ -98,6 +85,9 @@ SUPPORTED_FEATURES = {
    },
 }

+# all basic block scope features are also function scope features
+SUPPORTED_FEATURES[FUNCTION_SCOPE].update(SUPPORTED_FEATURES[BASIC_BLOCK_SCOPE])
+

 class InvalidRule(ValueError):
    def __init__(self, msg):
--- a/2
+++ b/2