From 96cabbcc6b0144606f914a8bb1df91786b521c44 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Wed, 22 Apr 2026 17:03:16 +0300 Subject: [PATCH] fix: address reportAttributeAccessIssue and override mismatches (chunk 4) - dnfile/helpers.py, insn.py: add import dnfile.mdtable; type: ignore dnfile Unknown returns - dnfile/extractor.py: rename get_basic_blocks param f->fh - pefile.py: rename f/bb->fh/bbh stub params; type: ignore for pefile OPTIONAL_HEADER stubs - ghidra/file.py, helpers.py: initialize addr=0 before conditional loop --- capa/features/extractors/dnfile/extractor.py | 6 +++--- capa/features/extractors/dnfile/helpers.py | 3 ++- capa/features/extractors/dnfile/insn.py | 1 + capa/features/extractors/ghidra/file.py | 1 + capa/features/extractors/ghidra/helpers.py | 1 + capa/features/extractors/pefile.py | 10 +++++----- 6 files changed, 13 insertions(+), 9 deletions(-) diff --git a/capa/features/extractors/dnfile/extractor.py b/capa/features/extractors/dnfile/extractor.py index 84fc8869..72c26fd0 100644 --- a/capa/features/extractors/dnfile/extractor.py +++ b/capa/features/extractors/dnfile/extractor.py @@ -157,11 +157,11 @@ class DnfileFeatureExtractor(StaticFeatureExtractor): def extract_function_features(self, fh) -> Iterator[tuple[Feature, Address]]: yield from capa.features.extractors.dnfile.function.extract_features(fh) - def get_basic_blocks(self, f) -> Iterator[BBHandle]: + def get_basic_blocks(self, fh) -> Iterator[BBHandle]: # each dotnet method is considered 1 basic block yield BBHandle( - address=f.address, - inner=f.inner, + address=fh.address, + inner=fh.inner, ) def extract_basic_block_features(self, fh, bbh): diff --git a/capa/features/extractors/dnfile/helpers.py b/capa/features/extractors/dnfile/helpers.py index 0e6a9414..e129313f 100644 --- a/capa/features/extractors/dnfile/helpers.py +++ b/capa/features/extractors/dnfile/helpers.py @@ -21,6 +21,7 @@ from typing import Union, Iterator, Optional from pathlib import Path import dnfile +import dnfile.mdtable from dncil.cil.body import CilMethodBody from dncil.cil.error import MethodBodyFormatError from dncil.clr.token import Token, StringToken, InvalidToken @@ -48,7 +49,7 @@ class DnfileMethodBodyReader(CilMethodBodyReaderBase): self.offset: int = self.pe.get_offset_from_rva(row.Rva) def read(self, n: int) -> bytes: - data: bytes = self.pe.get_data(self.pe.get_rva_from_offset(self.offset), n) + data: bytes = self.pe.get_data(self.pe.get_rva_from_offset(self.offset), n) # type: ignore # dnfile stubs return Unknown for get_data/get_rva_from_offset self.offset += n return data diff --git a/capa/features/extractors/dnfile/insn.py b/capa/features/extractors/dnfile/insn.py index b80d01e7..d6c2c7c6 100644 --- a/capa/features/extractors/dnfile/insn.py +++ b/capa/features/extractors/dnfile/insn.py @@ -22,6 +22,7 @@ if TYPE_CHECKING: from capa.features.extractors.dnfile.extractor import DnFileFeatureExtractorCache import dnfile +import dnfile.mdtable from dncil.clr.token import Token, StringToken, InvalidToken from dncil.cil.opcode import OpCodes diff --git a/capa/features/extractors/ghidra/file.py b/capa/features/extractors/ghidra/file.py index 4bfbb7b2..4f9b59db 100644 --- a/capa/features/extractors/ghidra/file.py +++ b/capa/features/extractors/ghidra/file.py @@ -143,6 +143,7 @@ def extract_file_import_names() -> Iterator[tuple[Feature, Address]]: """ for f in capa.features.extractors.ghidra.helpers.get_current_program().getFunctionManager().getExternalFunctions(): + addr: int = 0 for r in f.getSymbol().getReferences(): if r.getReferenceType().isData(): addr = r.getFromAddress().getOffset() # gets pointer to fake external addr diff --git a/capa/features/extractors/ghidra/helpers.py b/capa/features/extractors/ghidra/helpers.py index 36e08c03..a89b7de9 100644 --- a/capa/features/extractors/ghidra/helpers.py +++ b/capa/features/extractors/ghidra/helpers.py @@ -123,6 +123,7 @@ def get_file_imports() -> dict[int, list[str]]: import_dict: dict[int, list[str]] = {} for f in get_current_program().getFunctionManager().getExternalFunctions(): + addr: int = 0 for r in f.getSymbol().getReferences(): if r.getReferenceType().isData(): addr = r.getFromAddress().getOffset() # gets pointer to fake external addr diff --git a/capa/features/extractors/pefile.py b/capa/features/extractors/pefile.py index 606f686d..e1d5dbb4 100644 --- a/capa/features/extractors/pefile.py +++ b/capa/features/extractors/pefile.py @@ -202,7 +202,7 @@ class PefileFeatureExtractor(StaticFeatureExtractor): self.pe = pefile.PE(str(path)) def get_base_address(self): - return AbsoluteVirtualAddress(self.pe.OPTIONAL_HEADER.ImageBase) + return AbsoluteVirtualAddress(self.pe.OPTIONAL_HEADER.ImageBase) # type: ignore[union-attr] # pefile stubs type OPTIONAL_HEADER as Optional def extract_global_features(self): buf = Path(self.path).read_bytes() @@ -217,16 +217,16 @@ class PefileFeatureExtractor(StaticFeatureExtractor): def get_functions(self): raise NotImplementedError("PefileFeatureExtract can only be used to extract file features") - def extract_function_features(self, f): + def extract_function_features(self, fh): raise NotImplementedError("PefileFeatureExtract can only be used to extract file features") - def get_basic_blocks(self, f): + def get_basic_blocks(self, fh): raise NotImplementedError("PefileFeatureExtract can only be used to extract file features") - def extract_basic_block_features(self, f, bb): + def extract_basic_block_features(self, fh, bbh): raise NotImplementedError("PefileFeatureExtract can only be used to extract file features") - def get_instructions(self, f, bb): + def get_instructions(self, fh, bbh): raise NotImplementedError("PefileFeatureExtract can only be used to extract file features") def extract_insn_features(self, fh, bbh, ih):