gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 19:12:01 -08:00
Code Issues Packages Projects Releases Wiki Activity

Update __init__.py

Browse Source 
added parse_description for com feature
Update CHANGELOG.md
added comments, dealt with errors
This commit is contained in:
Aayush Goel
2023-08-25 15:44:34 +05:30
parent 9b79aa1983
commit bd0d8eb403
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -33,6 +33,7 @@ Speaking of new rules, we have eight additions, coming from Ronnie, Jakub, Morit
- ELF: implement import and export name extractor #1607 #1608 @Aayush-Goel-04
- bump pydantic from 1.10.9 to 2.1.1 #1582 @Aayush-Goel-04
- develop script to highlight features not used during matching #331 @Aayush-Goel-04
- add com class/interface features #322 @Aayush-goel-04
### New Rules (8)

15
capa/rules/__init__.py
View File

@@ -204,18 +204,18 @@ VALID_COM_TYPES = {
}
def translate_com_feature(com_name: str, com_type: str, description) -> ceng.Or:
def translate_com_feature(com_name: str, com_type: str) -> ceng.Or:
com_db_path = Path(VALID_COM_TYPES[com_type])
if not com_db_path.exists():
logger.error(f"Using COM: {com_type} database '{com_db_path}', but it doesn't exist")
logger.error("Using COM %s database '%s', but it doesn't exist", com_type, com_db_path)
raise IOError(f"COM database path '{com_db_path}' does not exist or cannot be accessed")
with gzip.open(com_db_path, "rb") as gzfile:
com_db: Dict[str, List[str]] = json.loads(gzfile.read().decode("utf-8"))
guid_strings: Optional[List[str]] = com_db.get(com_name)
if guid_strings is None or len(guid_strings) == 0:
logger.error(f"{com_name} doesn't exist in COM {com_type} database")
raise ValueError(f"{com_name} doesn't exist in COM {com_type} database")
logger.error(" %s doesn't exist in COM %s database", com_name, com_type)
raise InvalidRule(f"'{com_name}' doesn't exist in COM {com_type} database")
com_features: List = []
for guid_string in guid_strings:
@@ -240,8 +240,8 @@ def translate_com_feature(com_name: str, com_type: str, description) -> ceng.Or:
h[15],
]
guid_bytes = bytes.fromhex("".join(reordered_hex_pairs))
com_features.append(capa.features.common.StringFactory(guid_string, com_name))
com_features.append(capa.features.common.Bytes(guid_bytes, com_name))
com_features.append(capa.features.common.StringFactory(guid_string, f"{com_name} as guid string"))
com_features.append(capa.features.common.Bytes(guid_bytes, f"{com_name} as bytes"))
return ceng.Or(com_features)
@@ -646,7 +646,8 @@ def build_statements(d, scope: str):
com_type = key[len("com/") :]
if com_type not in VALID_COM_TYPES:
raise InvalidRule(f"unexpected COM type: {com_type}")
return translate_com_feature(d[key], com_type, d.get("description"))
value, description = parse_description(d[key], key, d.get("description"))
return translate_com_feature(value, com_type)
else:
Feature = parse_feature(key)