diff --git a/capa/features/freeze/__init__.py b/capa/features/freeze/__init__.py index 1299dc9c..bd60091a 100644 --- a/capa/features/freeze/__init__.py +++ b/capa/features/freeze/__init__.py @@ -15,6 +15,7 @@ from enum import Enum from typing import List, Tuple, Union from pydantic import Field, BaseModel, ConfigDict + # TODO(williballenthin): use typing.TypeAlias directly in Python 3.10+ from typing_extensions import TypeAlias diff --git a/scripts/capa2yara.py b/scripts/capa2yara.py index 4f0a8b90..e287aac3 100644 --- a/scripts/capa2yara.py +++ b/scripts/capa2yara.py @@ -566,7 +566,7 @@ def convert_rules(rules, namespaces, cround, make_priv): logger.info("skipping already converted rule capa: %s - yara rule: %s", rule.name, rule_name) continue - logger.info("-------------------------- DOING RULE CAPA: %s - yara rule: ", rule.name, rule_name) + logger.info("-------------------------- DOING RULE CAPA: %s - yara rule: %s", rule.name, rule_name) if "capa/path" in rule.meta: url = get_rule_url(rule.meta["capa/path"]) else: @@ -603,7 +603,12 @@ def convert_rules(rules, namespaces, cround, make_priv): meta_name = meta # e.g. 'examples:' can be a list seen_hashes = [] - if isinstance(metas[meta], list): + if isinstance(metas[meta], dict): + if meta_name == "scopes": + yara_meta += "\t" + "static scope" + ' = "' + metas[meta]["static"] + '"\n' + yara_meta += "\t" + "dynamic scope" + ' = "' + metas[meta]["dynamic"] + '"\n' + + elif isinstance(metas[meta], list): if meta_name == "examples": meta_name = "hash" if meta_name == "att&ck": diff --git a/tests/test_scripts.py b/tests/test_scripts.py index d18cb2d9..e8ed6c37 100644 --- a/tests/test_scripts.py +++ b/tests/test_scripts.py @@ -38,25 +38,15 @@ def get_rule_path(): @pytest.mark.parametrize( "script,args", [ - pytest.param("capa2yara.py", [get_rules_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset")), - pytest.param( - "capafmt.py", [get_rule_path()], marks=pytest.mark.xfail(reason="rendering hasn't been added yet") - ), + pytest.param("capa2yara.py", [get_rules_path()]), + pytest.param("capafmt.py", [get_rule_path()]), # not testing lint.py as it runs regularly anyway pytest.param("match-function-id.py", [get_file_path()]), - pytest.param( - "show-capabilities-by-function.py", - [get_file_path()], - marks=pytest.mark.xfail(reason="rendering hasn't been added yet"), - ), + pytest.param("show-capabilities-by-function.py", [get_file_path()]), pytest.param("show-features.py", [get_file_path()]), pytest.param("show-features.py", ["-F", "0x407970", get_file_path()]), - pytest.param( - "show-unused-features.py", [get_file_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset") - ), - pytest.param( - "capa_as_library.py", [get_file_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset") - ), + pytest.param("show-unused-features.py", [get_file_path()]), + pytest.param("capa_as_library.py", [get_file_path()]), ], ) def test_scripts(script, args): @@ -65,7 +55,6 @@ def test_scripts(script, args): assert p.returncode == 0 -@pytest.mark.xfail(reason="relies on legacy ruleset") def test_bulk_process(tmp_path): # create test directory to recursively analyze t = tmp_path / "test" @@ -86,7 +75,7 @@ def run_program(script_path, args): return subprocess.run(args, stdout=subprocess.PIPE) -@pytest.mark.xfail(reason="rendering hasn't been added yet") +@pytest.mark.xfail(reason="result document test files haven't been updated yet") def test_proto_conversion(tmp_path): t = tmp_path / "proto-test" t.mkdir()