gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-21 23:00:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

black

Browse Source
This commit is contained in:
Willi Ballenthin
2022-12-14 10:48:00 +01:00
parent b819033da0
commit 81500a4d1d
7 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
capa/engine.py
View File

@@ -8,7 +8,7 @@
import copy
import collections
from typing import TYPE_CHECKING, Set, Dict, List, Tuple, Mapping, Iterable, Iterator, Union, cast
from typing import TYPE_CHECKING, Set, Dict, List, Tuple, Union, Mapping, Iterable, Iterator, cast
import capa.perf
import capa.features.common

2
capa/features/extractors/dnfile_.py
View File

@@ -109,7 +109,7 @@ class DnfileFeatureExtractor(FeatureExtractor):
assert self.pe is not None
assert self.pe.net is not None
assert self.pe.net.struct is not None
return self.pe.net.struct.MajorRuntimeVersion, self.pe.net.struct.MinorRuntimeVersion
def get_meta_version_string(self) -> str:

7
capa/features/extractors/null.py
View File

@@ -68,10 +68,5 @@ class NullFeatureExtractor(FeatureExtractor):
yield InsnHandle(address, None)
def extract_insn_features(self, f, bb, insn):
for address, feature in (
self.functions[f.address]
.basic_blocks[bb.address]
.instructions[insn.address]
.features
):
for address, feature in self.functions[f.address].basic_blocks[bb.address].instructions[insn.address].features:
yield feature, address

4
capa/ida/plugin/form.py
View File

@@ -11,7 +11,7 @@ import copy
import logging
import itertools
import collections
from typing import Set, Dict, Optional, List, Any
from typing import Any, Set, Dict, List, Optional
import idaapi
import ida_kernwin
@@ -1108,7 +1108,7 @@ class CapaExplorerForm(idaapi.PluginForm):
_, file_matches = capa.engine.match(
capa.rules.RuleSet(list(capa.rules.get_rules_and_dependencies(rules, rule.name))).file_rules,
file_features,
NO_ADDRESS
NO_ADDRESS,
)
except Exception as e:
self.set_rulegen_status("Failed to match rule (%s)" % e)

2
capa/ida/plugin/view.py
View File

@@ -18,7 +18,7 @@ import capa.ida.helpers
import capa.features.common
import capa.features.basicblock
from capa.ida.plugin.item import CapaExplorerFunctionItem
from capa.features.address import _NoAddress, AbsoluteVirtualAddress
from capa.features.address import AbsoluteVirtualAddress, _NoAddress
from capa.ida.plugin.model import CapaExplorerDataModel
MAX_SECTION_SIZE = 750

10
tests/test_engine.py
View File

@@ -5,16 +5,17 @@
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and limitations under the License.
import capa.features.address
from capa.engine import *
from capa.features import *
from capa.features.insn import *
import capa.features.address
ADDR1 = capa.features.address.AbsoluteVirtualAddress(0x401001)
ADDR2 = capa.features.address.AbsoluteVirtualAddress(0x401002)
ADDR3 = capa.features.address.AbsoluteVirtualAddress(0x401003)
ADDR4 = capa.features.address.AbsoluteVirtualAddress(0x401004)
def test_number():
assert Number(1).evaluate({Number(0): {ADDR1}}) == False
assert Number(1).evaluate({Number(1): {ADDR1}}) == True
@@ -50,7 +51,12 @@ def test_some():
assert Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}}) == False
assert Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}}) == False
assert Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}}) == True
assert (
Some(2, [Number(1), Number(2), Number(3)]).evaluate(
{Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}}
)
== True
)
assert (
Some(2, [Number(1), Number(2), Number(3)]).evaluate(
{Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}, Number(3): {ADDR1}}

7
tests/test_rules.py
View File

@@ -13,10 +13,10 @@ import pytest
import capa.rules
import capa.engine
import capa.features.common
from capa.features.address import AbsoluteVirtualAddress
import capa.features.address
from capa.engine import Or
from capa.features.file import FunctionName
from capa.features.insn import Number, Offset, Property
from capa.engine import Or
from capa.features.common import (
OS,
OS_LINUX,
@@ -31,8 +31,7 @@ from capa.features.common import (
Substring,
FeatureAccess,
)
import capa.features.address
from capa.features.address import AbsoluteVirtualAddress
ADDR1 = capa.features.address.AbsoluteVirtualAddress(0x401001)
ADDR2 = capa.features.address.AbsoluteVirtualAddress(0x401002)