From d66f834e54adf440ac2bae8ace8fde3607468fa4 Mon Sep 17 00:00:00 2001 From: Yacine <16624109+yelhamer@users.noreply.github.com> Date: Thu, 24 Aug 2023 13:48:32 +0200 Subject: [PATCH 1/3] Update tests/test_scripts.py Co-authored-by: Moritz --- tests/test_scripts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_scripts.py b/tests/test_scripts.py index f1511f33..e8ed6c37 100644 --- a/tests/test_scripts.py +++ b/tests/test_scripts.py @@ -75,7 +75,7 @@ def run_program(script_path, args): return subprocess.run(args, stdout=subprocess.PIPE) -@pytest.mark.xfail(reason="RD test files haven't been updated yet") +@pytest.mark.xfail(reason="result document test files haven't been updated yet") def test_proto_conversion(tmp_path): t = tmp_path / "proto-test" t.mkdir() From 9eb1255b29af6ba12c5fafbc7093b20d68e000cb Mon Sep 17 00:00:00 2001 From: Yacine Elhamer Date: Thu, 24 Aug 2023 14:32:49 +0200 Subject: [PATCH 2/3] cape2yara.py: update for use of scopes, and fix bug --- scripts/capa2yara.py | 9 +++++++-- tests/test_scripts.py | 23 ++++++----------------- 2 files changed, 13 insertions(+), 19 deletions(-) diff --git a/scripts/capa2yara.py b/scripts/capa2yara.py index 4f0a8b90..e287aac3 100644 --- a/scripts/capa2yara.py +++ b/scripts/capa2yara.py @@ -566,7 +566,7 @@ def convert_rules(rules, namespaces, cround, make_priv): logger.info("skipping already converted rule capa: %s - yara rule: %s", rule.name, rule_name) continue - logger.info("-------------------------- DOING RULE CAPA: %s - yara rule: ", rule.name, rule_name) + logger.info("-------------------------- DOING RULE CAPA: %s - yara rule: %s", rule.name, rule_name) if "capa/path" in rule.meta: url = get_rule_url(rule.meta["capa/path"]) else: @@ -603,7 +603,12 @@ def convert_rules(rules, namespaces, cround, make_priv): meta_name = meta # e.g. 'examples:' can be a list seen_hashes = [] - if isinstance(metas[meta], list): + if isinstance(metas[meta], dict): + if meta_name == "scopes": + yara_meta += "\t" + "static scope" + ' = "' + metas[meta]["static"] + '"\n' + yara_meta += "\t" + "dynamic scope" + ' = "' + metas[meta]["dynamic"] + '"\n' + + elif isinstance(metas[meta], list): if meta_name == "examples": meta_name = "hash" if meta_name == "att&ck": diff --git a/tests/test_scripts.py b/tests/test_scripts.py index d18cb2d9..f1511f33 100644 --- a/tests/test_scripts.py +++ b/tests/test_scripts.py @@ -38,25 +38,15 @@ def get_rule_path(): @pytest.mark.parametrize( "script,args", [ - pytest.param("capa2yara.py", [get_rules_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset")), - pytest.param( - "capafmt.py", [get_rule_path()], marks=pytest.mark.xfail(reason="rendering hasn't been added yet") - ), + pytest.param("capa2yara.py", [get_rules_path()]), + pytest.param("capafmt.py", [get_rule_path()]), # not testing lint.py as it runs regularly anyway pytest.param("match-function-id.py", [get_file_path()]), - pytest.param( - "show-capabilities-by-function.py", - [get_file_path()], - marks=pytest.mark.xfail(reason="rendering hasn't been added yet"), - ), + pytest.param("show-capabilities-by-function.py", [get_file_path()]), pytest.param("show-features.py", [get_file_path()]), pytest.param("show-features.py", ["-F", "0x407970", get_file_path()]), - pytest.param( - "show-unused-features.py", [get_file_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset") - ), - pytest.param( - "capa_as_library.py", [get_file_path()], marks=pytest.mark.xfail(reason="relies on legacy ruleset") - ), + pytest.param("show-unused-features.py", [get_file_path()]), + pytest.param("capa_as_library.py", [get_file_path()]), ], ) def test_scripts(script, args): @@ -65,7 +55,6 @@ def test_scripts(script, args): assert p.returncode == 0 -@pytest.mark.xfail(reason="relies on legacy ruleset") def test_bulk_process(tmp_path): # create test directory to recursively analyze t = tmp_path / "test" @@ -86,7 +75,7 @@ def run_program(script_path, args): return subprocess.run(args, stdout=subprocess.PIPE) -@pytest.mark.xfail(reason="rendering hasn't been added yet") +@pytest.mark.xfail(reason="RD test files haven't been updated yet") def test_proto_conversion(tmp_path): t = tmp_path / "proto-test" t.mkdir() From 70eae1a6f07e3d98153fc5c1557196a4076ba010 Mon Sep 17 00:00:00 2001 From: Yacine Elhamer Date: Thu, 24 Aug 2023 15:00:34 +0200 Subject: [PATCH 3/3] freeze/__init__.py: fix missing space --- capa/features/freeze/__init__.py | 1 + 1 file changed, 1 insertion(+) diff --git a/capa/features/freeze/__init__.py b/capa/features/freeze/__init__.py index 1299dc9c..bd60091a 100644 --- a/capa/features/freeze/__init__.py +++ b/capa/features/freeze/__init__.py @@ -15,6 +15,7 @@ from enum import Enum from typing import List, Tuple, Union from pydantic import Field, BaseModel, ConfigDict + # TODO(williballenthin): use typing.TypeAlias directly in Python 3.10+ from typing_extensions import TypeAlias