gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 23:26:21 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #68 from fireeye/capa-explorer-support-multiple-range-locations

Browse Source 
capa explorer: adding support for multiple locations under range
This commit is contained in:
Willi Ballenthin
2020-07-01 14:32:50 -06:00
committed by GitHub
parent 2a43557f5f 65f75e517a
commit b31cad551c
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
capa/ida/explorer/model.py
View File

@@ -298,11 +298,12 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
return item.childCount()
def render_capa_doc_statement_node(self, parent, statement, doc):
def render_capa_doc_statement_node(self, parent, statement, locations, doc):
""" render capa statement read from doc
@param parent: parent to which new child is assigned
@param statement: statement read from doc
@param locations: locations of children (applies to range only?)
@param doc: capa result doc
"statement": {
@@ -332,7 +333,13 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
else:
display += 'between %d and %d' % (statement['min'], statement['max'])
return CapaExplorerFeatureItem(parent, display=display)
parent2 = CapaExplorerFeatureItem(parent, display=display)
for location in locations:
# for each location render child node for range statement
self.render_capa_doc_feature(parent2, statement['child'], location, doc)
return parent2
elif statement['type'] == 'subscope':
return CapaExplorerFeatureItem(parent, 'subscope(%s)' % statement['subscope'])
elif statement['type'] == 'regex':
@@ -377,7 +384,8 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
return
if match['node']['type'] == 'statement':
parent2 = self.render_capa_doc_statement_node(parent, match['node']['statement'], doc)
parent2 = self.render_capa_doc_statement_node(parent, match['node']['statement'],
match.get('locations', []), doc)
elif match['node']['type'] == 'feature':
parent2 = self.render_capa_doc_feature_node(parent, match['node']['feature'], match['locations'], doc)
else: