diff --git a/capa/features/insn.py b/capa/features/insn.py index c21178b7..e5c1a49e 100644 --- a/capa/features/insn.py +++ b/capa/features/insn.py @@ -8,6 +8,7 @@ import abc from typing import Union, Optional +import capa.helpers from capa.features.common import VALID_FEATURE_ACCESS, Feature @@ -56,7 +57,7 @@ class Number(Feature): def get_value_str(self): if isinstance(self.value, int): - return hex(self.value) + return capa.helpers.hex(self.value) elif isinstance(self.value, float): return str(self.value) else: diff --git a/capa/helpers.py b/capa/helpers.py index 9c4c285e..2e44fc6c 100644 --- a/capa/helpers.py +++ b/capa/helpers.py @@ -18,11 +18,13 @@ EXTENSIONS_ELF = "elf_" logger = logging.getLogger("capa") -_hex = hex - -def hex(i): - return _hex(int(i)) +def hex(n: int) -> str: + """render the given number using upper case hex, like: 0x123ABC""" + if n < 0: + return "-0x%X" % (-n) + else: + return "0x%X" % n def get_file_taste(sample_path: str) -> bytes: diff --git a/capa/render/utils.py b/capa/render/utils.py index 97185a66..2cf480c9 100644 --- a/capa/render/utils.py +++ b/capa/render/utils.py @@ -24,14 +24,6 @@ def bold2(s: str) -> str: return termcolor.colored(s, "green") -def hex(n: int) -> str: - """render the given number using upper case hex, like: 0x123ABC""" - if n < 0: - return "-0x%X" % (-n) - else: - return "0x%X" % n - - def format_parts_id(data: Union[rd.AttackSpec, rd.MBCSpec]): """ format canonical representation of ATT&CK/MBC parts and ID diff --git a/capa/render/verbose.py b/capa/render/verbose.py index 6bdeefda..5a225460 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -23,13 +23,11 @@ Unless required by applicable law or agreed to in writing, software distributed See the License for the specific language governing permissions and limitations under the License. """ import tabulate -import dnfile.mdtable -import dncil.clr.token import capa.rules +import capa.helpers import capa.render.utils as rutils import capa.features.freeze as frz -import capa.render.result_document import capa.render.result_document as rd from capa.rules import RuleSet from capa.engine import MatchResults @@ -37,16 +35,16 @@ from capa.engine import MatchResults def format_address(address: frz.Address) -> str: if address.type == frz.AddressType.ABSOLUTE: - return rutils.hex(address.value) + return capa.helpers.hex(address.value) elif address.type == frz.AddressType.RELATIVE: - return f"base address+{rutils.hex(address.value)}" + return f"base address+{capa.helpers.hex(address.value)}" elif address.type == frz.AddressType.FILE: - return f"file+{rutils.hex(address.value)}" + return f"file+{capa.helpers.hex(address.value)}" elif address.type == frz.AddressType.DN_TOKEN: - return f"token({rutils.hex(address.value)})" + return f"token({capa.helpers.hex(address.value)})" elif address.type == frz.AddressType.DN_TOKEN_OFFSET: token, offset = address.value - return f"token({rutils.hex(token)})+{rutils.hex(offset)}" + return f"token({capa.helpers.hex(token)})+{capa.helpers.hex(offset)}" elif address.type == frz.AddressType.NO_ADDRESS: return "global" else: diff --git a/capa/render/vverbose.py b/capa/render/vverbose.py index bd992495..5950275a 100644 --- a/capa/render/vverbose.py +++ b/capa/render/vverbose.py @@ -11,6 +11,7 @@ from typing import Dict, Iterable import tabulate import capa.rules +import capa.helpers import capa.render.utils as rutils import capa.render.verbose import capa.features.common @@ -154,7 +155,7 @@ def render_feature(ostream, match: rd.Match, feature: frzf.Feature, indent=0): feature, (frzf.NumberFeature, frzf.OffsetFeature, frzf.OperandNumberFeature, frzf.OperandOffsetFeature) ): assert isinstance(value, int) - value = f"0x{value:X}" + value = capa.helpers.hex(value) if isinstance(feature, frzf.PropertyFeature) and feature.access is not None: key = f"property/{feature.access}"