gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 19:12:01 -08:00
Code Issues Packages Projects Releases Wiki Activity

main: fix matching BB features at file scope

Browse Source 
closes #605
This commit is contained in:
William Ballenthin
2021-06-04 11:45:37 -06:00
parent e0be7f1b8e
commit 90ec848bf6
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
capa/main.py
View File

@@ -18,6 +18,7 @@ import os.path
import argparse
import datetime
import textwrap
import itertools
import contextlib
import collections
@@ -164,14 +165,15 @@ def find_capabilities(ruleset, extractor, disable_progress=None):
for rule_name, res in bb_matches.items():
all_bb_matches[rule_name].extend(res)
# mapping from matched rule feature to set of addresses at which it matched.
# collection of features that captures the rule matches within function and BB scopes.
# mapping from feature (matched rule) to set of addresses at which it matched.
# schema: Dict[MatchedRule: Set[int]
function_features = {
function_and_lower_features = {
capa.features.MatchedRule(rule_name): set(map(lambda p: p[0], results))
for rule_name, results in all_function_matches.items()
for rule_name, results in itertools.chain(all_function_matches.items(), all_bb_matches.items())
}
all_file_matches, feature_count = find_file_capabilities(ruleset, extractor, function_features)
all_file_matches, feature_count = find_file_capabilities(ruleset, extractor, function_and_lower_features)
meta["feature_counts"]["file"] = feature_count
matches = {}