From c197fd50866a0433d966d8c11aa77de4fa583a36 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Tue, 14 Feb 2023 10:57:43 +0100 Subject: [PATCH] proto: add type stubs for generate schema --- .github/mypy/mypy.ini | 3 - .github/workflows/tests.yml | 2 +- capa/render/proto/__init__.py | 1 - capa/render/proto/capa_pb2.pyi | 1487 ++++++++++++++++++++++++++++++++ setup.py | 3 + tests/fixtures.py | 10 + tests/test_proto.py | 23 +- 7 files changed, 1523 insertions(+), 6 deletions(-) create mode 100644 capa/render/proto/capa_pb2.pyi diff --git a/.github/mypy/mypy.ini b/.github/mypy/mypy.ini index 1822c0ae..c80af3de 100644 --- a/.github/mypy/mypy.ini +++ b/.github/mypy/mypy.ini @@ -1,7 +1,4 @@ [mypy] -exclude = (?x)( - _pb2\.py$ # protobuf generated files - ) [mypy-halo.*] ignore_missing_imports = True diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ea5eb30c..71d5a545 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -38,7 +38,7 @@ jobs: - name: Lint with black run: black -l 120 --extend-exclude ".*_pb2.py" --check . - name: Lint with pycodestyle - run: pycodestyle --show-source capa/ scripts/ tests/ + run: pycodestyle --exclude="*_pb2.py" --show-source capa/ scripts/ tests/ - name: Check types with mypy run: mypy --config-file .github/mypy/mypy.ini --check-untyped-defs capa/ scripts/ tests/ diff --git a/capa/render/proto/__init__.py b/capa/render/proto/__init__.py index e1abcc15..85446151 100644 --- a/capa/render/proto/__init__.py +++ b/capa/render/proto/__init__.py @@ -318,7 +318,6 @@ def emit_proto_message(out: StringIO, deferred_types: Dict, message): out.writeln(f" oneof {name} {{") for j, of in enumerate(prop["anyOf"]): - if is_ref(of): ptype = get_ref_type_name(of) out.writeln(f" {ptype} v{j} = {i};") diff --git a/capa/render/proto/capa_pb2.pyi b/capa/render/proto/capa_pb2.pyi new file mode 100644 index 00000000..7e291978 --- /dev/null +++ b/capa/render/proto/capa_pb2.pyi @@ -0,0 +1,1487 @@ +""" +@generated by mypy-protobuf. Do not edit manually! +isort:skip_file +Generated by the capa.render.proto translator. DO NOT EDIT!""" +import builtins +import collections.abc +import google.protobuf.descriptor +import google.protobuf.internal.containers +import google.protobuf.internal.enum_type_wrapper +import google.protobuf.message +import sys +import typing + +if sys.version_info >= (3, 10): + import typing as typing_extensions +else: + import typing_extensions + +DESCRIPTOR: google.protobuf.descriptor.FileDescriptor + +class _AddressType: + ValueType = typing.NewType("ValueType", builtins.int) + V: typing_extensions.TypeAlias = ValueType + +class _AddressTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[_AddressType.ValueType], builtins.type): + DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor + ADDRESSTYPE_UNSPECIFIED: _AddressType.ValueType # 0 + ADDRESSTYPE_ABSOLUTE: _AddressType.ValueType # 1 + ADDRESSTYPE_RELATIVE: _AddressType.ValueType # 2 + ADDRESSTYPE_FILE: _AddressType.ValueType # 3 + ADDRESSTYPE_DN_TOKEN: _AddressType.ValueType # 4 + ADDRESSTYPE_DN_TOKEN_OFFSET: _AddressType.ValueType # 5 + ADDRESSTYPE_NO_ADDRESS: _AddressType.ValueType # 6 + +class AddressType(_AddressType, metaclass=_AddressTypeEnumTypeWrapper): ... + +ADDRESSTYPE_UNSPECIFIED: AddressType.ValueType # 0 +ADDRESSTYPE_ABSOLUTE: AddressType.ValueType # 1 +ADDRESSTYPE_RELATIVE: AddressType.ValueType # 2 +ADDRESSTYPE_FILE: AddressType.ValueType # 3 +ADDRESSTYPE_DN_TOKEN: AddressType.ValueType # 4 +ADDRESSTYPE_DN_TOKEN_OFFSET: AddressType.ValueType # 5 +ADDRESSTYPE_NO_ADDRESS: AddressType.ValueType # 6 +global___AddressType = AddressType + +class _Scope: + ValueType = typing.NewType("ValueType", builtins.int) + V: typing_extensions.TypeAlias = ValueType + +class _ScopeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[_Scope.ValueType], builtins.type): + DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor + SCOPE_UNSPECIFIED: _Scope.ValueType # 0 + SCOPE_FILE: _Scope.ValueType # 1 + SCOPE_FUNCTION: _Scope.ValueType # 2 + SCOPE_BASIC_BLOCK: _Scope.ValueType # 3 + SCOPE_INSTRUCTION: _Scope.ValueType # 4 + +class Scope(_Scope, metaclass=_ScopeEnumTypeWrapper): ... + +SCOPE_UNSPECIFIED: Scope.ValueType # 0 +SCOPE_FILE: Scope.ValueType # 1 +SCOPE_FUNCTION: Scope.ValueType # 2 +SCOPE_BASIC_BLOCK: Scope.ValueType # 3 +SCOPE_INSTRUCTION: Scope.ValueType # 4 +global___Scope = Scope + +@typing_extensions.final +class APIFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + API_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + api: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + api: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["api", b"api", "description", b"description", "type", b"type"]) -> None: ... + +global___APIFeature = APIFeature + +@typing_extensions.final +class Address(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + type: global___AddressType.ValueType + @property + def v0(self) -> global___Integer: ... + @property + def v1(self) -> global___Pair_Integer_Integer: ... + def __init__( + self, + *, + type: global___AddressType.ValueType = ..., + v0: global___Integer | None = ..., + v1: global___Pair_Integer_Integer | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["v0", b"v0", "v1", b"v1", "value", b"value"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["type", b"type", "v0", b"v0", "v1", b"v1", "value", b"value"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["value", b"value"]) -> typing_extensions.Literal["v0", "v1"] | None: ... + +global___Address = Address + +@typing_extensions.final +class Analysis(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FORMAT_FIELD_NUMBER: builtins.int + ARCH_FIELD_NUMBER: builtins.int + OS_FIELD_NUMBER: builtins.int + EXTRACTOR_FIELD_NUMBER: builtins.int + RULES_FIELD_NUMBER: builtins.int + BASE_ADDRESS_FIELD_NUMBER: builtins.int + LAYOUT_FIELD_NUMBER: builtins.int + FEATURE_COUNTS_FIELD_NUMBER: builtins.int + LIBRARY_FUNCTIONS_FIELD_NUMBER: builtins.int + format: builtins.str + arch: builtins.str + os: builtins.str + extractor: builtins.str + @property + def rules(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + @property + def base_address(self) -> global___Address: ... + @property + def layout(self) -> global___Layout: ... + @property + def feature_counts(self) -> global___FeatureCounts: ... + @property + def library_functions(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___LibraryFunction]: ... + def __init__( + self, + *, + format: builtins.str = ..., + arch: builtins.str = ..., + os: builtins.str = ..., + extractor: builtins.str = ..., + rules: collections.abc.Iterable[builtins.str] | None = ..., + base_address: global___Address | None = ..., + layout: global___Layout | None = ..., + feature_counts: global___FeatureCounts | None = ..., + library_functions: collections.abc.Iterable[global___LibraryFunction] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["base_address", b"base_address", "feature_counts", b"feature_counts", "layout", b"layout"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["arch", b"arch", "base_address", b"base_address", "extractor", b"extractor", "feature_counts", b"feature_counts", "format", b"format", "layout", b"layout", "library_functions", b"library_functions", "os", b"os", "rules", b"rules"]) -> None: ... + +global___Analysis = Analysis + +@typing_extensions.final +class ArchFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + ARCH_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + arch: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + arch: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["arch", b"arch", "description", b"description", "type", b"type"]) -> None: ... + +global___ArchFeature = ArchFeature + +@typing_extensions.final +class AttackSpec(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + PARTS_FIELD_NUMBER: builtins.int + TACTIC_FIELD_NUMBER: builtins.int + TECHNIQUE_FIELD_NUMBER: builtins.int + SUBTECHNIQUE_FIELD_NUMBER: builtins.int + ID_FIELD_NUMBER: builtins.int + @property + def parts(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + tactic: builtins.str + technique: builtins.str + subtechnique: builtins.str + id: builtins.str + def __init__( + self, + *, + parts: collections.abc.Iterable[builtins.str] | None = ..., + tactic: builtins.str = ..., + technique: builtins.str = ..., + subtechnique: builtins.str = ..., + id: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["id", b"id", "parts", b"parts", "subtechnique", b"subtechnique", "tactic", b"tactic", "technique", b"technique"]) -> None: ... + +global___AttackSpec = AttackSpec + +@typing_extensions.final +class BasicBlockFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "type", b"type"]) -> None: ... + +global___BasicBlockFeature = BasicBlockFeature + +@typing_extensions.final +class BasicBlockLayout(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ADDRESS_FIELD_NUMBER: builtins.int + @property + def address(self) -> global___Address: ... + def __init__( + self, + *, + address: global___Address | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["address", b"address"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["address", b"address"]) -> None: ... + +global___BasicBlockLayout = BasicBlockLayout + +@typing_extensions.final +class BytesFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + BYTES_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + bytes: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + bytes: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["bytes", b"bytes", "description", b"description", "type", b"type"]) -> None: ... + +global___BytesFeature = BytesFeature + +@typing_extensions.final +class CharacteristicFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + CHARACTERISTIC_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + characteristic: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + characteristic: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["characteristic", b"characteristic", "description", b"description", "type", b"type"]) -> None: ... + +global___CharacteristicFeature = CharacteristicFeature + +@typing_extensions.final +class ClassFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + CLASS_FIELD_NUMBER: builtins.int + type: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["class", b"class", "description", b"description", "type", b"type"]) -> None: ... + +global___ClassFeature = ClassFeature + +@typing_extensions.final +class CompoundStatement(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "type", b"type"]) -> None: ... + +global___CompoundStatement = CompoundStatement + +@typing_extensions.final +class ExportFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + EXPORT_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + export: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + export: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "export", b"export", "type", b"type"]) -> None: ... + +global___ExportFeature = ExportFeature + +@typing_extensions.final +class FeatureCounts(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FILE_FIELD_NUMBER: builtins.int + FUNCTIONS_FIELD_NUMBER: builtins.int + @property + def file(self) -> global___Integer: ... + @property + def functions(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___FunctionFeatureCount]: ... + def __init__( + self, + *, + file: global___Integer | None = ..., + functions: collections.abc.Iterable[global___FunctionFeatureCount] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["file", b"file"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["file", b"file", "functions", b"functions"]) -> None: ... + +global___FeatureCounts = FeatureCounts + +@typing_extensions.final +class FeatureNode(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + V2_FIELD_NUMBER: builtins.int + V3_FIELD_NUMBER: builtins.int + V4_FIELD_NUMBER: builtins.int + V5_FIELD_NUMBER: builtins.int + V6_FIELD_NUMBER: builtins.int + V7_FIELD_NUMBER: builtins.int + V8_FIELD_NUMBER: builtins.int + V9_FIELD_NUMBER: builtins.int + V10_FIELD_NUMBER: builtins.int + V11_FIELD_NUMBER: builtins.int + V12_FIELD_NUMBER: builtins.int + V13_FIELD_NUMBER: builtins.int + V14_FIELD_NUMBER: builtins.int + V15_FIELD_NUMBER: builtins.int + V16_FIELD_NUMBER: builtins.int + V17_FIELD_NUMBER: builtins.int + V18_FIELD_NUMBER: builtins.int + V19_FIELD_NUMBER: builtins.int + V20_FIELD_NUMBER: builtins.int + V21_FIELD_NUMBER: builtins.int + V22_FIELD_NUMBER: builtins.int + TYPE_FIELD_NUMBER: builtins.int + @property + def v0(self) -> global___OSFeature: ... + @property + def v1(self) -> global___ArchFeature: ... + @property + def v2(self) -> global___FormatFeature: ... + @property + def v3(self) -> global___MatchFeature: ... + @property + def v4(self) -> global___CharacteristicFeature: ... + @property + def v5(self) -> global___ExportFeature: ... + @property + def v6(self) -> global___ImportFeature: ... + @property + def v7(self) -> global___SectionFeature: ... + @property + def v8(self) -> global___FunctionNameFeature: ... + @property + def v9(self) -> global___SubstringFeature: ... + @property + def v10(self) -> global___RegexFeature: ... + @property + def v11(self) -> global___StringFeature: ... + @property + def v12(self) -> global___ClassFeature: ... + @property + def v13(self) -> global___NamespaceFeature: ... + @property + def v14(self) -> global___APIFeature: ... + @property + def v15(self) -> global___PropertyFeature: ... + @property + def v16(self) -> global___NumberFeature: ... + @property + def v17(self) -> global___BytesFeature: ... + @property + def v18(self) -> global___OffsetFeature: ... + @property + def v19(self) -> global___MnemonicFeature: ... + @property + def v20(self) -> global___OperandNumberFeature: ... + @property + def v21(self) -> global___OperandOffsetFeature: ... + @property + def v22(self) -> global___BasicBlockFeature: ... + type: builtins.str + def __init__( + self, + *, + v0: global___OSFeature | None = ..., + v1: global___ArchFeature | None = ..., + v2: global___FormatFeature | None = ..., + v3: global___MatchFeature | None = ..., + v4: global___CharacteristicFeature | None = ..., + v5: global___ExportFeature | None = ..., + v6: global___ImportFeature | None = ..., + v7: global___SectionFeature | None = ..., + v8: global___FunctionNameFeature | None = ..., + v9: global___SubstringFeature | None = ..., + v10: global___RegexFeature | None = ..., + v11: global___StringFeature | None = ..., + v12: global___ClassFeature | None = ..., + v13: global___NamespaceFeature | None = ..., + v14: global___APIFeature | None = ..., + v15: global___PropertyFeature | None = ..., + v16: global___NumberFeature | None = ..., + v17: global___BytesFeature | None = ..., + v18: global___OffsetFeature | None = ..., + v19: global___MnemonicFeature | None = ..., + v20: global___OperandNumberFeature | None = ..., + v21: global___OperandOffsetFeature | None = ..., + v22: global___BasicBlockFeature | None = ..., + type: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["feature", b"feature", "v0", b"v0", "v1", b"v1", "v10", b"v10", "v11", b"v11", "v12", b"v12", "v13", b"v13", "v14", b"v14", "v15", b"v15", "v16", b"v16", "v17", b"v17", "v18", b"v18", "v19", b"v19", "v2", b"v2", "v20", b"v20", "v21", b"v21", "v22", b"v22", "v3", b"v3", "v4", b"v4", "v5", b"v5", "v6", b"v6", "v7", b"v7", "v8", b"v8", "v9", b"v9"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["feature", b"feature", "type", b"type", "v0", b"v0", "v1", b"v1", "v10", b"v10", "v11", b"v11", "v12", b"v12", "v13", b"v13", "v14", b"v14", "v15", b"v15", "v16", b"v16", "v17", b"v17", "v18", b"v18", "v19", b"v19", "v2", b"v2", "v20", b"v20", "v21", b"v21", "v22", b"v22", "v3", b"v3", "v4", b"v4", "v5", b"v5", "v6", b"v6", "v7", b"v7", "v8", b"v8", "v9", b"v9"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["feature", b"feature"]) -> typing_extensions.Literal["v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22"] | None: ... + +global___FeatureNode = FeatureNode + +@typing_extensions.final +class FormatFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + FORMAT_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + format: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + format: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "format", b"format", "type", b"type"]) -> None: ... + +global___FormatFeature = FormatFeature + +@typing_extensions.final +class FunctionFeatureCount(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ADDRESS_FIELD_NUMBER: builtins.int + COUNT_FIELD_NUMBER: builtins.int + @property + def address(self) -> global___Address: ... + @property + def count(self) -> global___Integer: ... + def __init__( + self, + *, + address: global___Address | None = ..., + count: global___Integer | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["address", b"address", "count", b"count"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["address", b"address", "count", b"count"]) -> None: ... + +global___FunctionFeatureCount = FunctionFeatureCount + +@typing_extensions.final +class FunctionLayout(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ADDRESS_FIELD_NUMBER: builtins.int + MATCHED_BASIC_BLOCKS_FIELD_NUMBER: builtins.int + @property + def address(self) -> global___Address: ... + @property + def matched_basic_blocks(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___BasicBlockLayout]: ... + def __init__( + self, + *, + address: global___Address | None = ..., + matched_basic_blocks: collections.abc.Iterable[global___BasicBlockLayout] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["address", b"address"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["address", b"address", "matched_basic_blocks", b"matched_basic_blocks"]) -> None: ... + +global___FunctionLayout = FunctionLayout + +@typing_extensions.final +class FunctionNameFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + FUNCTION_NAME_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + function_name: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + function_name: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "function_name", b"function_name", "type", b"type"]) -> None: ... + +global___FunctionNameFeature = FunctionNameFeature + +@typing_extensions.final +class ImportFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + IMPORT_FIELD_NUMBER: builtins.int + type: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "import", b"import", "type", b"type"]) -> None: ... + +global___ImportFeature = ImportFeature + +@typing_extensions.final +class Layout(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FUNCTIONS_FIELD_NUMBER: builtins.int + @property + def functions(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___FunctionLayout]: ... + def __init__( + self, + *, + functions: collections.abc.Iterable[global___FunctionLayout] | None = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["functions", b"functions"]) -> None: ... + +global___Layout = Layout + +@typing_extensions.final +class LibraryFunction(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ADDRESS_FIELD_NUMBER: builtins.int + NAME_FIELD_NUMBER: builtins.int + @property + def address(self) -> global___Address: ... + name: builtins.str + def __init__( + self, + *, + address: global___Address | None = ..., + name: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["address", b"address"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["address", b"address", "name", b"name"]) -> None: ... + +global___LibraryFunction = LibraryFunction + +@typing_extensions.final +class MBCSpec(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + PARTS_FIELD_NUMBER: builtins.int + OBJECTIVE_FIELD_NUMBER: builtins.int + BEHAVIOR_FIELD_NUMBER: builtins.int + METHOD_FIELD_NUMBER: builtins.int + ID_FIELD_NUMBER: builtins.int + @property + def parts(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + objective: builtins.str + behavior: builtins.str + method: builtins.str + id: builtins.str + def __init__( + self, + *, + parts: collections.abc.Iterable[builtins.str] | None = ..., + objective: builtins.str = ..., + behavior: builtins.str = ..., + method: builtins.str = ..., + id: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["behavior", b"behavior", "id", b"id", "method", b"method", "objective", b"objective", "parts", b"parts"]) -> None: ... + +global___MBCSpec = MBCSpec + +@typing_extensions.final +class MaecMetadata(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ANALYSIS_CONCLUSION_FIELD_NUMBER: builtins.int + ANALYSIS_CONCLUSION_OV_FIELD_NUMBER: builtins.int + MALWARE_FAMILY_FIELD_NUMBER: builtins.int + MALWARE_CATEGORY_FIELD_NUMBER: builtins.int + MALWARE_CATEGORY_OV_FIELD_NUMBER: builtins.int + analysis_conclusion: builtins.str + analysis_conclusion_ov: builtins.str + malware_family: builtins.str + malware_category: builtins.str + malware_category_ov: builtins.str + def __init__( + self, + *, + analysis_conclusion: builtins.str = ..., + analysis_conclusion_ov: builtins.str = ..., + malware_family: builtins.str = ..., + malware_category: builtins.str = ..., + malware_category_ov: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["analysis_conclusion", b"analysis_conclusion", "analysis_conclusion_ov", b"analysis_conclusion_ov", "malware_category", b"malware_category", "malware_category_ov", b"malware_category_ov", "malware_family", b"malware_family"]) -> None: ... + +global___MaecMetadata = MaecMetadata + +@typing_extensions.final +class Match(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + @typing_extensions.final + class CapturesEntry(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + KEY_FIELD_NUMBER: builtins.int + VALUE_FIELD_NUMBER: builtins.int + key: builtins.str + @property + def value(self) -> global___Array_Address: ... + def __init__( + self, + *, + key: builtins.str = ..., + value: global___Array_Address | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["value", b"value"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["key", b"key", "value", b"value"]) -> None: ... + + SUCCESS_FIELD_NUMBER: builtins.int + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + CHILDREN_FIELD_NUMBER: builtins.int + LOCATIONS_FIELD_NUMBER: builtins.int + CAPTURES_FIELD_NUMBER: builtins.int + success: builtins.bool + @property + def v0(self) -> global___StatementNode: ... + @property + def v1(self) -> global___FeatureNode: ... + @property + def children(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___Match]: ... + @property + def locations(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___Address]: ... + @property + def captures(self) -> google.protobuf.internal.containers.MessageMap[builtins.str, global___Array_Address]: ... + def __init__( + self, + *, + success: builtins.bool = ..., + v0: global___StatementNode | None = ..., + v1: global___FeatureNode | None = ..., + children: collections.abc.Iterable[global___Match] | None = ..., + locations: collections.abc.Iterable[global___Address] | None = ..., + captures: collections.abc.Mapping[builtins.str, global___Array_Address] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["node", b"node", "v0", b"v0", "v1", b"v1"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["captures", b"captures", "children", b"children", "locations", b"locations", "node", b"node", "success", b"success", "v0", b"v0", "v1", b"v1"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["node", b"node"]) -> typing_extensions.Literal["v0", "v1"] | None: ... + +global___Match = Match + +@typing_extensions.final +class MatchFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + MATCH_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + match: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + match: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "match", b"match", "type", b"type"]) -> None: ... + +global___MatchFeature = MatchFeature + +@typing_extensions.final +class Metadata(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TIMESTAMP_FIELD_NUMBER: builtins.int + VERSION_FIELD_NUMBER: builtins.int + ARGV_FIELD_NUMBER: builtins.int + SAMPLE_FIELD_NUMBER: builtins.int + ANALYSIS_FIELD_NUMBER: builtins.int + timestamp: builtins.str + version: builtins.str + @property + def argv(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + @property + def sample(self) -> global___Sample: ... + @property + def analysis(self) -> global___Analysis: ... + def __init__( + self, + *, + timestamp: builtins.str = ..., + version: builtins.str = ..., + argv: collections.abc.Iterable[builtins.str] | None = ..., + sample: global___Sample | None = ..., + analysis: global___Analysis | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "sample", b"sample"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "argv", b"argv", "sample", b"sample", "timestamp", b"timestamp", "version", b"version"]) -> None: ... + +global___Metadata = Metadata + +@typing_extensions.final +class MnemonicFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + MNEMONIC_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + mnemonic: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + mnemonic: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "mnemonic", b"mnemonic", "type", b"type"]) -> None: ... + +global___MnemonicFeature = MnemonicFeature + +@typing_extensions.final +class NamespaceFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + NAMESPACE_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + namespace: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + namespace: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "namespace", b"namespace", "type", b"type"]) -> None: ... + +global___NamespaceFeature = NamespaceFeature + +@typing_extensions.final +class NumberFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + @property + def v0(self) -> global___Integer: ... + @property + def v1(self) -> global___Number: ... + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + v0: global___Integer | None = ..., + v1: global___Number | None = ..., + description: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["number", b"number", "v0", b"v0", "v1", b"v1"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "number", b"number", "type", b"type", "v0", b"v0", "v1", b"v1"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["number", b"number"]) -> typing_extensions.Literal["v0", "v1"] | None: ... + +global___NumberFeature = NumberFeature + +@typing_extensions.final +class OSFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + OS_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + os: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + os: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "os", b"os", "type", b"type"]) -> None: ... + +global___OSFeature = OSFeature + +@typing_extensions.final +class OffsetFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + OFFSET_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + @property + def offset(self) -> global___Integer: ... + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + offset: global___Integer | None = ..., + description: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["offset", b"offset"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "offset", b"offset", "type", b"type"]) -> None: ... + +global___OffsetFeature = OffsetFeature + +@typing_extensions.final +class OperandNumberFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + INDEX_FIELD_NUMBER: builtins.int + OPERAND_NUMBER_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + @property + def index(self) -> global___Integer: ... + @property + def operand_number(self) -> global___Integer: ... + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + index: global___Integer | None = ..., + operand_number: global___Integer | None = ..., + description: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["index", b"index", "operand_number", b"operand_number"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "index", b"index", "operand_number", b"operand_number", "type", b"type"]) -> None: ... + +global___OperandNumberFeature = OperandNumberFeature + +@typing_extensions.final +class OperandOffsetFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + INDEX_FIELD_NUMBER: builtins.int + OPERAND_OFFSET_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + @property + def index(self) -> global___Integer: ... + @property + def operand_offset(self) -> global___Integer: ... + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + index: global___Integer | None = ..., + operand_offset: global___Integer | None = ..., + description: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["index", b"index", "operand_offset", b"operand_offset"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "index", b"index", "operand_offset", b"operand_offset", "type", b"type"]) -> None: ... + +global___OperandOffsetFeature = OperandOffsetFeature + +@typing_extensions.final +class PropertyFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + ACCESS_FIELD_NUMBER: builtins.int + PROPERTY_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + access: builtins.str + property: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + access: builtins.str = ..., + property: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["access", b"access", "description", b"description", "property", b"property", "type", b"type"]) -> None: ... + +global___PropertyFeature = PropertyFeature + +@typing_extensions.final +class RangeStatement(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + DESCRIPTION_FIELD_NUMBER: builtins.int + MIN_FIELD_NUMBER: builtins.int + MAX_FIELD_NUMBER: builtins.int + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + V2_FIELD_NUMBER: builtins.int + V3_FIELD_NUMBER: builtins.int + V4_FIELD_NUMBER: builtins.int + V5_FIELD_NUMBER: builtins.int + V6_FIELD_NUMBER: builtins.int + V7_FIELD_NUMBER: builtins.int + V8_FIELD_NUMBER: builtins.int + V9_FIELD_NUMBER: builtins.int + V10_FIELD_NUMBER: builtins.int + V11_FIELD_NUMBER: builtins.int + V12_FIELD_NUMBER: builtins.int + V13_FIELD_NUMBER: builtins.int + V14_FIELD_NUMBER: builtins.int + V15_FIELD_NUMBER: builtins.int + V16_FIELD_NUMBER: builtins.int + V17_FIELD_NUMBER: builtins.int + V18_FIELD_NUMBER: builtins.int + V19_FIELD_NUMBER: builtins.int + V20_FIELD_NUMBER: builtins.int + V21_FIELD_NUMBER: builtins.int + V22_FIELD_NUMBER: builtins.int + TYPE_FIELD_NUMBER: builtins.int + description: builtins.str + @property + def min(self) -> global___Integer: ... + @property + def max(self) -> global___Integer: ... + @property + def v0(self) -> global___OSFeature: ... + @property + def v1(self) -> global___ArchFeature: ... + @property + def v2(self) -> global___FormatFeature: ... + @property + def v3(self) -> global___MatchFeature: ... + @property + def v4(self) -> global___CharacteristicFeature: ... + @property + def v5(self) -> global___ExportFeature: ... + @property + def v6(self) -> global___ImportFeature: ... + @property + def v7(self) -> global___SectionFeature: ... + @property + def v8(self) -> global___FunctionNameFeature: ... + @property + def v9(self) -> global___SubstringFeature: ... + @property + def v10(self) -> global___RegexFeature: ... + @property + def v11(self) -> global___StringFeature: ... + @property + def v12(self) -> global___ClassFeature: ... + @property + def v13(self) -> global___NamespaceFeature: ... + @property + def v14(self) -> global___APIFeature: ... + @property + def v15(self) -> global___PropertyFeature: ... + @property + def v16(self) -> global___NumberFeature: ... + @property + def v17(self) -> global___BytesFeature: ... + @property + def v18(self) -> global___OffsetFeature: ... + @property + def v19(self) -> global___MnemonicFeature: ... + @property + def v20(self) -> global___OperandNumberFeature: ... + @property + def v21(self) -> global___OperandOffsetFeature: ... + @property + def v22(self) -> global___BasicBlockFeature: ... + type: builtins.str + def __init__( + self, + *, + description: builtins.str = ..., + min: global___Integer | None = ..., + max: global___Integer | None = ..., + v0: global___OSFeature | None = ..., + v1: global___ArchFeature | None = ..., + v2: global___FormatFeature | None = ..., + v3: global___MatchFeature | None = ..., + v4: global___CharacteristicFeature | None = ..., + v5: global___ExportFeature | None = ..., + v6: global___ImportFeature | None = ..., + v7: global___SectionFeature | None = ..., + v8: global___FunctionNameFeature | None = ..., + v9: global___SubstringFeature | None = ..., + v10: global___RegexFeature | None = ..., + v11: global___StringFeature | None = ..., + v12: global___ClassFeature | None = ..., + v13: global___NamespaceFeature | None = ..., + v14: global___APIFeature | None = ..., + v15: global___PropertyFeature | None = ..., + v16: global___NumberFeature | None = ..., + v17: global___BytesFeature | None = ..., + v18: global___OffsetFeature | None = ..., + v19: global___MnemonicFeature | None = ..., + v20: global___OperandNumberFeature | None = ..., + v21: global___OperandOffsetFeature | None = ..., + v22: global___BasicBlockFeature | None = ..., + type: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["child", b"child", "max", b"max", "min", b"min", "v0", b"v0", "v1", b"v1", "v10", b"v10", "v11", b"v11", "v12", b"v12", "v13", b"v13", "v14", b"v14", "v15", b"v15", "v16", b"v16", "v17", b"v17", "v18", b"v18", "v19", b"v19", "v2", b"v2", "v20", b"v20", "v21", b"v21", "v22", b"v22", "v3", b"v3", "v4", b"v4", "v5", b"v5", "v6", b"v6", "v7", b"v7", "v8", b"v8", "v9", b"v9"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["child", b"child", "description", b"description", "max", b"max", "min", b"min", "type", b"type", "v0", b"v0", "v1", b"v1", "v10", b"v10", "v11", b"v11", "v12", b"v12", "v13", b"v13", "v14", b"v14", "v15", b"v15", "v16", b"v16", "v17", b"v17", "v18", b"v18", "v19", b"v19", "v2", b"v2", "v20", b"v20", "v21", b"v21", "v22", b"v22", "v3", b"v3", "v4", b"v4", "v5", b"v5", "v6", b"v6", "v7", b"v7", "v8", b"v8", "v9", b"v9"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["child", b"child"]) -> typing_extensions.Literal["v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22"] | None: ... + +global___RangeStatement = RangeStatement + +@typing_extensions.final +class RegexFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + REGEX_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + regex: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + regex: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "regex", b"regex", "type", b"type"]) -> None: ... + +global___RegexFeature = RegexFeature + +@typing_extensions.final +class ResultDocument(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + @typing_extensions.final + class RulesEntry(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + KEY_FIELD_NUMBER: builtins.int + VALUE_FIELD_NUMBER: builtins.int + key: builtins.str + @property + def value(self) -> global___RuleMatches: ... + def __init__( + self, + *, + key: builtins.str = ..., + value: global___RuleMatches | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["value", b"value"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["key", b"key", "value", b"value"]) -> None: ... + + META_FIELD_NUMBER: builtins.int + RULES_FIELD_NUMBER: builtins.int + @property + def meta(self) -> global___Metadata: ... + @property + def rules(self) -> google.protobuf.internal.containers.MessageMap[builtins.str, global___RuleMatches]: ... + def __init__( + self, + *, + meta: global___Metadata | None = ..., + rules: collections.abc.Mapping[builtins.str, global___RuleMatches] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["meta", b"meta"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["meta", b"meta", "rules", b"rules"]) -> None: ... + +global___ResultDocument = ResultDocument + +@typing_extensions.final +class RuleMatches(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + META_FIELD_NUMBER: builtins.int + SOURCE_FIELD_NUMBER: builtins.int + MATCHES_FIELD_NUMBER: builtins.int + @property + def meta(self) -> global___RuleMetadata: ... + source: builtins.str + @property + def matches(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___Pair_Address_Match]: ... + def __init__( + self, + *, + meta: global___RuleMetadata | None = ..., + source: builtins.str = ..., + matches: collections.abc.Iterable[global___Pair_Address_Match] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["meta", b"meta"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["matches", b"matches", "meta", b"meta", "source", b"source"]) -> None: ... + +global___RuleMatches = RuleMatches + +@typing_extensions.final +class RuleMetadata(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + NAME_FIELD_NUMBER: builtins.int + NAMESPACE_FIELD_NUMBER: builtins.int + AUTHORS_FIELD_NUMBER: builtins.int + SCOPE_FIELD_NUMBER: builtins.int + ATTACK_FIELD_NUMBER: builtins.int + MBC_FIELD_NUMBER: builtins.int + REFERENCES_FIELD_NUMBER: builtins.int + EXAMPLES_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + LIB_FIELD_NUMBER: builtins.int + MAEC_FIELD_NUMBER: builtins.int + CAPA_SUBSCOPE_FIELD_NUMBER: builtins.int + name: builtins.str + namespace: builtins.str + @property + def authors(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + scope: global___Scope.ValueType + @property + def attack(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___AttackSpec]: ... + @property + def mbc(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___MBCSpec]: ... + @property + def references(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + @property + def examples(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + description: builtins.str + lib: builtins.bool + @property + def maec(self) -> global___MaecMetadata: ... + capa_subscope: builtins.bool + def __init__( + self, + *, + name: builtins.str = ..., + namespace: builtins.str = ..., + authors: collections.abc.Iterable[builtins.str] | None = ..., + scope: global___Scope.ValueType = ..., + attack: collections.abc.Iterable[global___AttackSpec] | None = ..., + mbc: collections.abc.Iterable[global___MBCSpec] | None = ..., + references: collections.abc.Iterable[builtins.str] | None = ..., + examples: collections.abc.Iterable[builtins.str] | None = ..., + description: builtins.str = ..., + lib: builtins.bool = ..., + maec: global___MaecMetadata | None = ..., + capa_subscope: builtins.bool = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["maec", b"maec"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["attack", b"attack", "authors", b"authors", "capa_subscope", b"capa_subscope", "description", b"description", "examples", b"examples", "lib", b"lib", "maec", b"maec", "mbc", b"mbc", "name", b"name", "namespace", b"namespace", "references", b"references", "scope", b"scope"]) -> None: ... + +global___RuleMetadata = RuleMetadata + +@typing_extensions.final +class Sample(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + MD5_FIELD_NUMBER: builtins.int + SHA1_FIELD_NUMBER: builtins.int + SHA256_FIELD_NUMBER: builtins.int + PATH_FIELD_NUMBER: builtins.int + md5: builtins.str + sha1: builtins.str + sha256: builtins.str + path: builtins.str + def __init__( + self, + *, + md5: builtins.str = ..., + sha1: builtins.str = ..., + sha256: builtins.str = ..., + path: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["md5", b"md5", "path", b"path", "sha1", b"sha1", "sha256", b"sha256"]) -> None: ... + +global___Sample = Sample + +@typing_extensions.final +class SectionFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + SECTION_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + section: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + section: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "section", b"section", "type", b"type"]) -> None: ... + +global___SectionFeature = SectionFeature + +@typing_extensions.final +class SomeStatement(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + DESCRIPTION_FIELD_NUMBER: builtins.int + COUNT_FIELD_NUMBER: builtins.int + TYPE_FIELD_NUMBER: builtins.int + description: builtins.str + @property + def count(self) -> global___Integer: ... + type: builtins.str + def __init__( + self, + *, + description: builtins.str = ..., + count: global___Integer | None = ..., + type: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["count", b"count"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["count", b"count", "description", b"description", "type", b"type"]) -> None: ... + +global___SomeStatement = SomeStatement + +@typing_extensions.final +class StatementNode(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + V2_FIELD_NUMBER: builtins.int + V3_FIELD_NUMBER: builtins.int + TYPE_FIELD_NUMBER: builtins.int + @property + def v0(self) -> global___RangeStatement: ... + @property + def v1(self) -> global___SomeStatement: ... + @property + def v2(self) -> global___SubscopeStatement: ... + @property + def v3(self) -> global___CompoundStatement: ... + type: builtins.str + def __init__( + self, + *, + v0: global___RangeStatement | None = ..., + v1: global___SomeStatement | None = ..., + v2: global___SubscopeStatement | None = ..., + v3: global___CompoundStatement | None = ..., + type: builtins.str = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["statement", b"statement", "v0", b"v0", "v1", b"v1", "v2", b"v2", "v3", b"v3"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["statement", b"statement", "type", b"type", "v0", b"v0", "v1", b"v1", "v2", b"v2", "v3", b"v3"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["statement", b"statement"]) -> typing_extensions.Literal["v0", "v1", "v2", "v3"] | None: ... + +global___StatementNode = StatementNode + +@typing_extensions.final +class StringFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + STRING_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + string: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + string: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "string", b"string", "type", b"type"]) -> None: ... + +global___StringFeature = StringFeature + +@typing_extensions.final +class SubscopeStatement(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + DESCRIPTION_FIELD_NUMBER: builtins.int + SCOPE_FIELD_NUMBER: builtins.int + TYPE_FIELD_NUMBER: builtins.int + description: builtins.str + scope: global___Scope.ValueType + type: builtins.str + def __init__( + self, + *, + description: builtins.str = ..., + scope: global___Scope.ValueType = ..., + type: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "scope", b"scope", "type", b"type"]) -> None: ... + +global___SubscopeStatement = SubscopeStatement + +@typing_extensions.final +class SubstringFeature(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + TYPE_FIELD_NUMBER: builtins.int + SUBSTRING_FIELD_NUMBER: builtins.int + DESCRIPTION_FIELD_NUMBER: builtins.int + type: builtins.str + substring: builtins.str + description: builtins.str + def __init__( + self, + *, + type: builtins.str = ..., + substring: builtins.str = ..., + description: builtins.str = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["description", b"description", "substring", b"substring", "type", b"type"]) -> None: ... + +global___SubstringFeature = SubstringFeature + +@typing_extensions.final +class Array_Address(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + VALUES_FIELD_NUMBER: builtins.int + @property + def values(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___Address]: ... + def __init__( + self, + *, + values: collections.abc.Iterable[global___Address] | None = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["values", b"values"]) -> None: ... + +global___Array_Address = Array_Address + +@typing_extensions.final +class Pair_Address_Match(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + @property + def v0(self) -> global___Address: ... + @property + def v1(self) -> global___Match: ... + def __init__( + self, + *, + v0: global___Address | None = ..., + v1: global___Match | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["v0", b"v0", "v1", b"v1"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["v0", b"v0", "v1", b"v1"]) -> None: ... + +global___Pair_Address_Match = Pair_Address_Match + +@typing_extensions.final +class Pair_Integer_Integer(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + V0_FIELD_NUMBER: builtins.int + V1_FIELD_NUMBER: builtins.int + @property + def v0(self) -> global___Integer: ... + @property + def v1(self) -> global___Integer: ... + def __init__( + self, + *, + v0: global___Integer | None = ..., + v1: global___Integer | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["v0", b"v0", "v1", b"v1"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["v0", b"v0", "v1", b"v1"]) -> None: ... + +global___Pair_Integer_Integer = Pair_Integer_Integer + +@typing_extensions.final +class Integer(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + U_FIELD_NUMBER: builtins.int + I_FIELD_NUMBER: builtins.int + u: builtins.int + i: builtins.int + def __init__( + self, + *, + u: builtins.int = ..., + i: builtins.int = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["i", b"i", "u", b"u", "value", b"value"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["i", b"i", "u", b"u", "value", b"value"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["value", b"value"]) -> typing_extensions.Literal["u", "i"] | None: ... + +global___Integer = Integer + +@typing_extensions.final +class Number(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + U_FIELD_NUMBER: builtins.int + I_FIELD_NUMBER: builtins.int + F_FIELD_NUMBER: builtins.int + u: builtins.int + i: builtins.int + f: builtins.float + def __init__( + self, + *, + u: builtins.int = ..., + i: builtins.int = ..., + f: builtins.float = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["f", b"f", "i", b"i", "u", b"u", "value", b"value"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["f", b"f", "i", b"i", "u", b"u", "value", b"value"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["value", b"value"]) -> typing_extensions.Literal["u", "i", "f"] | None: ... + +global___Number = Number diff --git a/setup.py b/setup.py index 5fc6f8d5..559845e2 100644 --- a/setup.py +++ b/setup.py @@ -28,6 +28,7 @@ requirements = [ "dnfile==0.13.0", "dncil==1.0.2", "pydantic==1.10.4", + "protobuf==4.21.12", ] # this sets __version__ @@ -79,6 +80,7 @@ setuptools.setup( "psutil==5.9.2", "stix2==3.0.1", "requests==2.28.0", + "mypy-protobuf==3.4.0", # type stubs for mypy "types-backports==0.1.3", "types-colorama==0.4.15", @@ -87,6 +89,7 @@ setuptools.setup( "types-termcolor==1.1.4", "types-psutil==5.8.23", "types_requests==2.28.1", + "types-protobuf 4.21.0.5", ], "build": [ "pyinstaller==5.7.0", diff --git a/tests/fixtures.py b/tests/fixtures.py index ae336f56..b8d1b42b 100644 --- a/tests/fixtures.py +++ b/tests/fixtures.py @@ -1101,3 +1101,13 @@ def _0953c_dotnetfile_extractor(): @pytest.fixture def _039a6_dotnetfile_extractor(): return get_dnfile_extractor(get_data_path_by_name("_039a6")) + + +@pytest.fixture +def pma0101_rd(): + path = os.path.join(CD, "data", "Practical Malware Analysis Lab 01-01.dll.json") + with open(path, "rb") as f: + buf = f.read() + + src = buf.decode("utf-8") + return capa.render.result_document.ResultDocument.parse_raw(src) diff --git a/tests/test_proto.py b/tests/test_proto.py index f3e6bff4..82c93469 100644 --- a/tests/test_proto.py +++ b/tests/test_proto.py @@ -8,12 +8,16 @@ import pathlib import subprocess +from fixtures import * + import capa.render import capa.render.proto import capa.render.utils import capa.features.freeze +import capa.render.proto.capa_pb2 import capa.render.result_document import capa.features.freeze.features +from capa.render.result_document import ResultDocument def test_generate_proto(tmp_path: pathlib.Path): @@ -30,8 +34,25 @@ def test_generate_proto(tmp_path: pathlib.Path): print("=====================================") proto_path.write_text(proto) - subprocess.run(["protoc", "-I=" + str(tmp_path), "--python_out=" + str(tmp_path), str(proto_path)], check=True) + subprocess.run( + [ + "protoc", + "-I=" + str(tmp_path), + "--python_out=" + str(tmp_path), + "--mypy_out=" + str(tmp_path), + str(proto_path), + ], + check=True, + ) pb = tmp_path / "capa_pb2.py" print(pb.read_text()) print("=====================================") + + +def test_translate_to_proto(pma0101_rd: ResultDocument): + src = pma0101_rd + + dst = capa.render.proto.capa_pb2.ResultDocument() + + assert True