From 92770dd5c78f1de15a0d7dd20d52c12eac939a04 Mon Sep 17 00:00:00 2001 From: mr-tz Date: Tue, 28 Nov 2023 16:20:54 +0100 Subject: [PATCH] set os, arch, format in meta table --- capa/main.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/capa/main.py b/capa/main.py index 3f1272a9..d94275ff 100644 --- a/capa/main.py +++ b/capa/main.py @@ -52,7 +52,6 @@ import capa.features.extractors.cape.extractor from capa.rules import Rule, RuleSet from capa.engine import MatchResults from capa.helpers import ( - get_format, get_file_taste, get_auto_format, log_unsupported_os_error, @@ -559,10 +558,14 @@ def collect_metadata( sample_hashes: SampleHashes = extractor.get_sample_hashes() md5, sha1, sha256 = sample_hashes.md5, sample_hashes.sha1, sample_hashes.sha256 - rules = tuple(r.resolve().absolute().as_posix() for r in rules_path) - format_ = get_format(sample_path) if format_ == FORMAT_AUTO else format_ - arch = get_arch(sample_path) - os_ = get_os(sample_path) if os_ == OS_AUTO else os_ + global_feats = list(extractor.extract_global_features()) + extractor_format = [f.value for (f, _) in global_feats if isinstance(f, capa.features.common.Format)] + extractor_arch = [f.value for (f, _) in global_feats if isinstance(f, capa.features.common.Arch)] + extractor_os = [f.value for (f, _) in global_feats if isinstance(f, capa.features.common.OS)] + + format_ = str(extractor_format[0]) if extractor_format else "unknown" if format_ == FORMAT_AUTO else format_ + arch = str(extractor_arch[0]) if extractor_arch else "unknown" + os_ = str(extractor_os[0]) if extractor_os else "unknown" if os_ == OS_AUTO else os_ if isinstance(extractor, StaticFeatureExtractor): meta_class: type = rdoc.StaticMetadata @@ -571,6 +574,8 @@ def collect_metadata( else: assert_never(extractor) + rules = tuple(r.resolve().absolute().as_posix() for r in rules_path) + return meta_class( timestamp=datetime.datetime.now(), version=capa.version.__version__,