From 874dffc13f5019db48ec6cb8c9c850ca708391c3 Mon Sep 17 00:00:00 2001 From: Michael Hunhoff Date: Mon, 26 Jul 2021 17:32:47 -0600 Subject: [PATCH] add additional filter logic when displaying capa matches by function --- CHANGELOG.md | 2 ++ capa/ida/plugin/model.py | 14 ++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 139b400d..1515c52a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ ### capa explorer IDA Pro plugin +- explorer: add additional filter logic when displaying matches by function #686 @mike-hunhoff + ### Development ### Raw diffs diff --git a/capa/ida/plugin/model.py b/capa/ida/plugin/model.py index bd9b8430..96d415ce 100644 --- a/capa/ida/plugin/model.py +++ b/capa/ida/plugin/model.py @@ -435,12 +435,18 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel): for ea in rule["matches"].keys(): ea = capa.ida.helpers.get_func_start_ea(ea) if ea is None: - # file scope, skip for rendering in this mode + # file scope, skip rendering in this mode continue - if None is matches_by_function.get(ea, None): - matches_by_function[ea] = CapaExplorerFunctionItem(self.root_node, ea, can_check=False) + if not matches_by_function.get(ea, ()): + # new function root + matches_by_function[ea] = (CapaExplorerFunctionItem(self.root_node, ea, can_check=False), []) + function_root, match_cache = matches_by_function[ea] + if rule["meta"]["name"] in match_cache: + # rule match already rendered for this function root, skip it + continue + match_cache.append(rule["meta"]["name"]) CapaExplorerRuleItem( - matches_by_function[ea], + function_root, rule["meta"]["name"], rule["meta"].get("namespace"), len(rule["matches"]),