capabilities: use dataclasses to represent complicated return types

foo

tests/test_capabilities.py

@@ -82,10 +82,10 @@ def test_match_across_scopes_file_function(z9324d_extractor):
             ),
         ]
     )
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
-    assert "install service" in capabilities
-    assert ".text section" in capabilities
-    assert ".text section and install service" in capabilities
+    capabilities = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
+    assert "install service" in capabilities.matches
+    assert ".text section" in capabilities.matches
+    assert ".text section and install service" in capabilities.matches
 
 
 def test_match_across_scopes(z9324d_extractor):
@@ -150,10 +150,10 @@ def test_match_across_scopes(z9324d_extractor):
             ),
         ]
     )
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
-    assert "tight loop" in capabilities
-    assert "kill thread loop" in capabilities
-    assert "kill thread program" in capabilities
+    capabilities = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
+    assert "tight loop" in capabilities.matches
+    assert "kill thread loop" in capabilities.matches
+    assert "kill thread program" in capabilities.matches
 
 
 def test_subscope_bb_rules(z9324d_extractor):
@@ -178,8 +178,8 @@ def test_subscope_bb_rules(z9324d_extractor):
         ]
     )
     # tight loop at 0x403685
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
-    assert "test rule" in capabilities
+    capabilities = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
+    assert "test rule" in capabilities.matches
 
 
 def test_match_specific_functions(z9324d_extractor):
@@ -205,8 +205,8 @@ def test_match_specific_functions(z9324d_extractor):
         ]
     )
     extractor = FunctionFilter(z9324d_extractor, {0x4019C0})
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, extractor)
-    matches = capabilities["receive data"]
+    capabilities = capa.capabilities.common.find_capabilities(rules, extractor)
+    matches = capabilities.matches["receive data"]
     # test that we received only one match
     assert len(matches) == 1
     # and that this match is from the specified function
@@ -233,8 +233,8 @@ def test_byte_matching(z9324d_extractor):
             )
         ]
     )
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
-    assert "byte match test" in capabilities
+    capabilities = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
+    assert "byte match test" in capabilities.matches
 
 
 def test_com_feature_matching(z395eb_extractor):
@@ -259,8 +259,8 @@ def test_com_feature_matching(z395eb_extractor):
             )
         ]
     )
-    capabilities, meta = capa.main.find_capabilities(rules, z395eb_extractor)
-    assert "initialize IWebBrowser2" in capabilities
+    capabilities = capa.main.find_capabilities(rules, z395eb_extractor)
+    assert "initialize IWebBrowser2" in capabilities.matches
 
 
 def test_count_bb(z9324d_extractor):
@@ -284,8 +284,8 @@ def test_count_bb(z9324d_extractor):
             )
         ]
     )
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
-    assert "count bb" in capabilities
+    capabilities = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
+    assert "count bb" in capabilities.matches
 
 
 def test_instruction_scope(z9324d_extractor):
@@ -311,9 +311,9 @@ def test_instruction_scope(z9324d_extractor):
             )
         ]
     )
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
-    assert "push 1000" in capabilities
-    assert 0x4071A4 in {result[0] for result in capabilities["push 1000"]}
+    capabilities = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
+    assert "push 1000" in capabilities.matches
+    assert 0x4071A4 in {result[0] for result in capabilities.matches["push 1000"]}
 
 
 def test_instruction_subscope(z9324d_extractor):
@@ -343,6 +343,6 @@ def test_instruction_subscope(z9324d_extractor):
             )
         ]
     )
-    capabilities, meta = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
-    assert "push 1000 on i386" in capabilities
-    assert 0x406F60 in {result[0] for result in capabilities["push 1000 on i386"]}
+    capabilities = capa.capabilities.common.find_capabilities(rules, z9324d_extractor)
+    assert "push 1000 on i386" in capabilities.matches
+    assert 0x406F60 in {result[0] for result in capabilities.matches["push 1000 on i386"]}

tests/test_freeze_dynamic.py

@@ -125,8 +125,8 @@ def test_null_feature_extractor():
             ),
         ]
     )
-    capabilities, _ = capa.main.find_capabilities(rules, EXTRACTOR)
-    assert "create file" in capabilities
+    capabilities = capa.main.find_capabilities(rules, EXTRACTOR)
+    assert "create file" in capabilities.matches
 
 
 def compare_extractors(a: DynamicFeatureExtractor, b: DynamicFeatureExtractor):

tests/test_freeze_static.py

@@ -107,8 +107,8 @@ def test_null_feature_extractor():
             ),
         ]
     )
-    capabilities, meta = capa.main.find_capabilities(rules, EXTRACTOR)
-    assert "xor loop" in capabilities
+    capabilities = capa.main.find_capabilities(rules, EXTRACTOR)
+    assert "xor loop" in capabilities.matches
 
 
 def compare_extractors(a, b):

tests/test_result_document.py

@@ -21,6 +21,7 @@ import capa
 import capa.engine as ceng
 import capa.render.result_document as rdoc
 import capa.features.freeze.features as frzf
+from capa.capabilities.common import Capabilities
 
 
 def test_optional_node_from_capa():
@@ -289,4 +290,4 @@ def test_rdoc_to_capa():
 
     meta, capabilites = rd.to_capa()
     assert isinstance(meta, rdoc.Metadata)
-    assert isinstance(capabilites, dict)
+    assert isinstance(capabilites, Capabilities)