gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 23:26:21 -08:00
Code Issues Packages Projects Releases Wiki Activity

main: dont save .viv by default, unless CAPA_SAVE_WORKSPACE set

Browse Source 
closes #507
This commit is contained in:
William Ballenthin
2021-06-15 12:24:01 -06:00
parent 9484fadd0f
commit 7f03db9fe4
6 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/bulk-process.py
View File

@@ -95,9 +95,10 @@ def get_capa_results(args):
capabilities (dict): the matched capabilities and their result objects
"""
rules, format, path = args
should_save_workspace = os.environ.get("CAPA_SAVE_WORKSPACE") not in ("0", "no", "NO", "n", None)
logger.info("computing capa results for: %s", path)
try:
extractor = capa.main.get_extractor(path, format, capa.main.BACKEND_VIV, args.signatures, disable_progress=True)
extractor = capa.main.get_extractor(path, format, capa.main.BACKEND_VIV, args.signatures, should_save_workspace, disable_progress=True)
except capa.main.UnsupportedFormatError:
# i'm 100% sure if multiprocessing will reliably raise exceptions across process boundaries.
# so instead, return an object with explicit success/failure status.

2
scripts/capa_as_library.py
View File

@@ -193,7 +193,7 @@ def render_dictionary(doc):
def capa_details(file_path, output_format="dictionary"):
# extract features and find capabilities
extractor = capa.main.get_extractor(file_path, "auto", capa.main.BACKEND_VIV, sigpaths=[], disable_progress=True)
extractor = capa.main.get_extractor(file_path, "auto", capa.main.BACKEND_VIV, [], False, disable_progress=True)
capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True)
# collect metadata (used only to make rendering more complete)

2
scripts/lint.py
View File

@@ -220,7 +220,7 @@ class DoesntMatchExample(Lint):
try:
extractor = capa.main.get_extractor(
path, "auto", capa.main.BACKEND_VIV, sigpaths=DEFAULT_SIGNATURES, disable_progress=True
path, "auto", capa.main.BACKEND_VIV, DEFAULT_SIGNATURES, False, disable_progress=True
)
capabilities, meta = capa.main.find_capabilities(ctx["rules"], extractor, disable_progress=True)
except Exception as e:

3
scripts/show-capabilities-by-function.py
View File

@@ -152,9 +152,10 @@ def main(argv=None):
extractor = capa.features.freeze.load(f.read())
else:
format = args.format
should_save_workspace = os.environ.get("CAPA_SAVE_WORKSPACE") not in ("0", "no", "NO", "n", None)
try:
extractor = capa.main.get_extractor(args.sample, args.format, args.backend, args.signatures)
extractor = capa.main.get_extractor(args.sample, args.format, args.backend, args.signatures, should_save_workspace)
except capa.main.UnsupportedFormatError:
logger.error("-" * 80)
logger.error(" Input file does not appear to be a PE file.")