extractors: log unsupported os/arch/format but don't except

2026-02-04 11:07:53 -08:00 · 2021-08-17 08:57:42 -06:00
parent 0065876702
commit 92dfa99059
3 changed files with 38 additions and 4 deletions
--- a/capa/features/extractors/common.py
+++ b/capa/features/extractors/common.py
@@ -15,7 +15,12 @@ def extract_format(buf):
    elif buf.startswith(b"\x7fELF"):
        yield Format(FORMAT_ELF), 0x0
    else:
-        raise NotImplementedError("file format: %s", binascii.hexlify(buf[:4]).decode("ascii"))
+        # we likely end up here:
+        #  1. handling a file format (e.g. macho)
+        #
+        # for (1), this logic will need to be updated as the format is implemented.
+        logger.debug("unsupported file format: %s", binascii.hexlify(buf[:4]).decode("ascii"))
+        return


 def extract_os(buf):
@@ -27,4 +32,15 @@ def extract_os(buf):

        yield OS(os), 0x0
    else:
-        raise NotImplementedError("file format: %s", binascii.hexlify(buf[:4]).decode("ascii"))
+        # we likely end up here:
+        #  1. handling shellcode, or
+        #  2. handling a new file format (e.g. macho)
+        #
+        # for (1) we can't do much - its shellcode and all bets are off.
+        # we could maybe accept a futher CLI argument to specify the OS,
+        # but i think this would be rarely used.
+        # rules that rely on OS conditions will fail to match on shellcode.
+        #
+        # for (2), this logic will need to be updated as the format is implemented.
+        logger.debug("unsupported file format: %s, will not guess OS", binascii.hexlify(buf[:4]).decode("ascii"))
+        return
--- a/capa/features/extractors/smda/global_.py
+++ b/capa/features/extractors/smda/global_.py
@@ -1,5 +1,9 @@
+import logging
+
 from capa.features.common import ARCH_I386, ARCH_AMD64, Arch

+logger = logging.getLogger(__name__)
+

 def extract_arch(smda_report):
    if smda_report.architecture == "intel":
@@ -8,4 +12,9 @@ def extract_arch(smda_report):
        elif smda_report.bitness == 64:
            yield Arch(ARCH_AMD64), 0x0
    else:
-        raise NotImplementedError(smda_report.architecture)
+        # we likely end up here:
+        #  1. handling a new architecture (e.g. aarch64)
+        #
+        # for (1), this logic will need to be updated as the format is implemented.
+        logger.debug("unsupported architecture: %s", smda_report.architecture)
+        return
--- a/capa/features/extractors/viv/global_.py
+++ b/capa/features/extractors/viv/global_.py
@@ -1,8 +1,12 @@
+import logging
+
 import envi.archs.i386
 import envi.archs.amd64

 from capa.features.common import ARCH_I386, ARCH_AMD64, Arch

+logger = logging.getLogger(__name__)
+

 def extract_arch(vw):
    if isinstance(vw.arch, envi.archs.amd64.Amd64Module):
@@ -12,4 +16,9 @@ def extract_arch(vw):
        yield Arch(ARCH_I386), 0x0

    else:
-        raise NotImplementedError("unsupported architecture: %s" % (vw.arch.__class__.__name__))
+        # we likely end up here:
+        #  1. handling a new architecture (e.g. aarch64)
+        #
+        # for (1), this logic will need to be updated as the format is implemented.
+        logger.debug("unsupported architecture: %s", vw.arch.__class__.__name__)
+        return