gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 15:16:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'Aayush-Goel-04/Issue#1534' of https://github.com/Aayush-Goel-04/capa into Aayush-Goel-04/Issue#1534

Browse Source
This commit is contained in:
Aayush Goel
2023-07-11 00:59:21 +05:30
parent d1a1c6875b b84af6a205
commit 8e346cb411
83 changed files with 769 additions and 759 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
scripts/capa_as_library.py
View File

@@ -14,7 +14,6 @@ import capa.render.utils as rutils
import capa.render.default
import capa.render.result_document as rd
import capa.features.freeze.features as frzf
from capa.engine import *
from capa.features.common import OS_AUTO, FORMAT_AUTO
@@ -31,7 +30,7 @@ def find_subrule_matches(doc: rd.ResultDocument) -> Set[str]:
collect the rule names that have been matched as a subrule match.
this way we can avoid displaying entries for things that are too specific.
"""
matches = set([])
matches = set()
def rec(node: rd.Match):
if not node.success:
@@ -67,7 +66,7 @@ def render_capabilities(doc: rd.ResultDocument, result):
"""
subrule_matches = find_subrule_matches(doc)
result["CAPABILITY"] = dict()
result["CAPABILITY"] = {}
for rule in rutils.capability_rules(doc):
if rule.meta.name in subrule_matches:
# rules that are also matched by other rules should not get rendered by default.
@@ -81,7 +80,7 @@ def render_capabilities(doc: rd.ResultDocument, result):
else:
capability = f"{rule.meta.name} ({count} matches)"
result["CAPABILITY"].setdefault(rule.meta.namespace, list())
result["CAPABILITY"].setdefault(rule.meta.namespace, [])
result["CAPABILITY"][rule.meta.namespace].append(capability)
@@ -98,7 +97,7 @@ def render_attack(doc, result):
'EXECUTION': ['Shared Modules [T1129]']}
}
"""
result["ATTCK"] = dict()
result["ATTCK"] = {}
tactics = collections.defaultdict(set)
for rule in rutils.capability_rules(doc):
if not rule.meta.attack:
@@ -131,7 +130,7 @@ def render_mbc(doc, result):
'[C0021.004]']}
}
"""
result["MBC"] = dict()
result["MBC"] = {}
objectives = collections.defaultdict(set)
for rule in rutils.capability_rules(doc):
if not rule.meta.mbc:
@@ -151,7 +150,7 @@ def render_mbc(doc, result):
def render_dictionary(doc: rd.ResultDocument) -> Dict[str, Any]:
result: Dict[str, Any] = dict()
result: Dict[str, Any] = {}
render_meta(doc, result)
render_attack(doc, result)
render_mbc(doc, result)