mirror of
https://github.com/mandiant/capa.git
synced 2026-01-07 19:01:04 -08:00
fix: imports and add tests
This commit is contained in:
Moritz Raabe
@@ -24,6 +24,7 @@ import capa.features.common
|
||||
import capa.features.basicblock
|
||||
from capa.features.common import (
|
||||
OS,
|
||||
OS_ANY,
|
||||
OS_LINUX,
|
||||
ARCH_I386,
|
||||
FORMAT_PE,
|
||||
@@ -32,6 +33,7 @@ from capa.features.common import (
|
||||
OS_WINDOWS,
|
||||
BITNESS_X32,
|
||||
BITNESS_X64,
|
||||
FORMAT_DOTNET,
|
||||
Arch,
|
||||
Format,
|
||||
)
|
||||
@@ -134,6 +136,12 @@ def get_pefile_extractor(path):
|
||||
return capa.features.extractors.pefile.PefileFeatureExtractor(path)
|
||||
|
||||
|
||||
def get_dnfile_extractor(path):
|
||||
import capa.features.extractors.dnfile_
|
||||
|
||||
return capa.features.extractors.dnfile_.DnfileFeatureExtractor(path)
|
||||
|
||||
|
||||
def extract_global_features(extractor):
|
||||
features = collections.defaultdict(set)
|
||||
for feature, va in extractor.extract_global_features():
|
||||
@@ -591,6 +599,8 @@ FEATURE_PRESENCE_TESTS_DOTNET = sorted(
|
||||
[
|
||||
("b9f5b", "file", Arch(ARCH_I386), True),
|
||||
("b9f5b", "file", Arch(ARCH_AMD64), False),
|
||||
("b9f5b", "file", OS(OS_ANY), True),
|
||||
("b9f5b", "file", Format(FORMAT_DOTNET), True),
|
||||
],
|
||||
# order tests by (file, item)
|
||||
# so that our LRU cache is most effective.
|
||||
@@ -713,4 +723,4 @@ def pingtaest_extractor():
|
||||
|
||||
@pytest.fixture
|
||||
def b9f5b_extractor():
|
||||
return get_extractor(get_data_path_by_name("b9f5b"))
|
||||
return get_dnfile_extractor(get_data_path_by_name("b9f5b"))
|
||||
|
||||
@@ -22,4 +22,18 @@ import capa.features.file
|
||||
indirect=["sample", "scope"],
|
||||
)
|
||||
def test_dnfile_features(sample, scope, feature, expected):
|
||||
fixtures.do_test_feature_presence(fixtures.get_pefile_extractor, sample, scope, feature, expected)
|
||||
fixtures.do_test_feature_presence(fixtures.get_dnfile_extractor, sample, scope, feature, expected)
|
||||
|
||||
|
||||
@parametrize(
|
||||
"function,expected",
|
||||
[
|
||||
("is_dotnet_file", True),
|
||||
("get_entry_point", 0x6000007),
|
||||
("get_runtime_version", (2, 5)),
|
||||
("get_meta_version_string", "v2.0.50727"),
|
||||
],
|
||||
)
|
||||
def test_dnfile_extractor(b9f5b_extractor, function, expected):
|
||||
func = getattr(b9f5b_extractor, function)
|
||||
assert func() == expected
|
||||
|
||||
Reference in New Issue
Block a user