cape2yara.py: update for use of scopes, and fix bug

scripts/capa2yara.py

@@ -566,7 +566,7 @@ def convert_rules(rules, namespaces, cround, make_priv):
             logger.info("skipping already converted rule capa: %s - yara rule: %s", rule.name, rule_name)
             continue
 
-        logger.info("-------------------------- DOING RULE CAPA: %s - yara rule: ", rule.name, rule_name)
+        logger.info("-------------------------- DOING RULE CAPA: %s - yara rule: %s", rule.name, rule_name)
         if "capa/path" in rule.meta:
             url = get_rule_url(rule.meta["capa/path"])
         else:
@@ -603,7 +603,12 @@ def convert_rules(rules, namespaces, cround, make_priv):
                 meta_name = meta
                 # e.g. 'examples:' can be a list
                 seen_hashes = []
-                if isinstance(metas[meta], list):
+                if isinstance(metas[meta], dict):
+                    if meta_name == "scopes":
+                        yara_meta += "\t" + "static scope" + ' = "' + metas[meta]["static"] + '"\n'
+                        yara_meta += "\t" + "dynamic scope" + ' = "' + metas[meta]["dynamic"] + '"\n'
+
+                elif isinstance(metas[meta], list):
                     if meta_name == "examples":
                         meta_name = "hash"
                     if meta_name == "att&ck":

tests/test_scripts.py

@@ -38,25 +38,15 @@ def get_rule_path():
 @pytest.mark.parametrize(
     "script,args",
     [
-        pytest.param("capa2yara.py", [get_rules_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset")),
+        pytest.param("capa2yara.py", [get_rules_path()]),
-        pytest.param(
+        pytest.param("capafmt.py", [get_rule_path()]),
-            "capafmt.py", [get_rule_path()], marks=pytest.mark.xfail(reason="rendering hasn't been added yet")
-        ),
         # not testing lint.py as it runs regularly anyway
         pytest.param("match-function-id.py", [get_file_path()]),
-        pytest.param(
+        pytest.param("show-capabilities-by-function.py", [get_file_path()]),
-            "show-capabilities-by-function.py",
-            [get_file_path()],
-            marks=pytest.mark.xfail(reason="rendering hasn't been added yet"),
-        ),
         pytest.param("show-features.py", [get_file_path()]),
         pytest.param("show-features.py", ["-F", "0x407970", get_file_path()]),
-        pytest.param(
+        pytest.param("show-unused-features.py", [get_file_path()]),
-            "show-unused-features.py", [get_file_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset")
+        pytest.param("capa_as_library.py", [get_file_path()]),
-        ),
-        pytest.param(
-            "capa_as_library.py", [get_file_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset")
-        ),
     ],
 )
 def test_scripts(script, args):
@@ -65,7 +55,6 @@ def test_scripts(script, args):
     assert p.returncode == 0
 
 
-@pytest.mark.xfail(reason="relies on legacy ruleset")
 def test_bulk_process(tmp_path):
     # create test directory to recursively analyze
     t = tmp_path / "test"
@@ -86,7 +75,7 @@ def run_program(script_path, args):
     return subprocess.run(args, stdout=subprocess.PIPE)
 
 
-@pytest.mark.xfail(reason="rendering hasn't been added yet")
+@pytest.mark.xfail(reason="RD test files haven't been updated yet")
 def test_proto_conversion(tmp_path):
     t = tmp_path / "proto-test"
     t.mkdir()