gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-23 15:37:37 -08:00
Code Issues Packages Projects Releases Wiki Activity

update extractors and tests

Browse Source
This commit is contained in:
Yacine Elhamer
2023-07-19 14:00:00 +01:00
parent 4e4b1235c3
commit c5d08ec0d1
4 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
capa/features/extractors/binja/extractor.py
View File

@@ -17,7 +17,13 @@ import capa.features.extractors.binja.function
import capa.features.extractors.binja.basicblock import capa.features.extractors.binja.basicblock
from capa.features.common import Feature from capa.features.common import Feature
from capa.features.address import Address, AbsoluteVirtualAddress from capa.features.address import Address, AbsoluteVirtualAddress
from capa.features.extractors.base_extractor import BBHandle, InsnHandle, FunctionHandle, StaticFeatureExtractor from capa.features.extractors.base_extractor import (
BBHandle,
InsnHandle,
SampleHashes,
FunctionHandle,
StaticFeatureExtractor,
)
class BinjaFeatureExtractor(StaticFeatureExtractor): class BinjaFeatureExtractor(StaticFeatureExtractor):
@@ -28,10 +34,15 @@ class BinjaFeatureExtractor(StaticFeatureExtractor):
self.global_features.extend(capa.features.extractors.binja.file.extract_file_format(self.bv)) self.global_features.extend(capa.features.extractors.binja.file.extract_file_format(self.bv))
self.global_features.extend(capa.features.extractors.binja.global_.extract_os(self.bv)) self.global_features.extend(capa.features.extractors.binja.global_.extract_os(self.bv))
self.global_features.extend(capa.features.extractors.binja.global_.extract_arch(self.bv)) self.global_features.extend(capa.features.extractors.binja.global_.extract_arch(self.bv))
with open(self.bv, "rb") as f:
self.sample_hashes = SampleHashes.from_sample(f.read())
def get_base_address(self): def get_base_address(self):
return AbsoluteVirtualAddress(self.bv.start) return AbsoluteVirtualAddress(self.bv.start)
def get_sample_hashes(self):
return tuple(self.sample_hashes)
def extract_global_features(self): def extract_global_features(self):
yield from self.global_features yield from self.global_features

13
capa/features/extractors/ida/extractor.py
View File

@@ -18,7 +18,13 @@ import capa.features.extractors.ida.function
import capa.features.extractors.ida.basicblock import capa.features.extractors.ida.basicblock
from capa.features.common import Feature from capa.features.common import Feature
from capa.features.address import Address, AbsoluteVirtualAddress from capa.features.address import Address, AbsoluteVirtualAddress
from capa.features.extractors.base_extractor import BBHandle, InsnHandle, FunctionHandle, StaticFeatureExtractor from capa.features.extractors.base_extractor import (
BBHandle,
InsnHandle,
SampleHashes,
FunctionHandle,
StaticFeatureExtractor,
)
class IdaFeatureExtractor(StaticFeatureExtractor): class IdaFeatureExtractor(StaticFeatureExtractor):
@@ -28,10 +34,15 @@ class IdaFeatureExtractor(StaticFeatureExtractor):
self.global_features.extend(capa.features.extractors.ida.file.extract_file_format()) self.global_features.extend(capa.features.extractors.ida.file.extract_file_format())
self.global_features.extend(capa.features.extractors.ida.global_.extract_os()) self.global_features.extend(capa.features.extractors.ida.global_.extract_os())
self.global_features.extend(capa.features.extractors.ida.global_.extract_arch()) self.global_features.extend(capa.features.extractors.ida.global_.extract_arch())
with open(idaapi.get_input_file_path, "rb") as f:
self.sample_hashes = SampleHashes(f.read())
def get_base_address(self): def get_base_address(self):
return AbsoluteVirtualAddress(idaapi.get_imagebase()) return AbsoluteVirtualAddress(idaapi.get_imagebase())
def get_sample_hashes(self):
return self.sample_hashes
def extract_global_features(self): def extract_global_features(self):
yield from self.global_features yield from self.global_features

1
tests/test_main.py
View File

@@ -71,6 +71,7 @@ def test_main_single_rule(z9324d_extractor, tmpdir):
) )
@pytest.mark.xfail(reason="relies on the legeacy ruleset. scopes keyword hasn't been added there")
def test_main_non_ascii_filename(pingtaest_extractor, tmpdir, capsys): def test_main_non_ascii_filename(pingtaest_extractor, tmpdir, capsys):
# here we print a string with unicode characters in it # here we print a string with unicode characters in it
# (specifically, a byte string with utf-8 bytes in it, see file encoding) # (specifically, a byte string with utf-8 bytes in it, see file encoding)

10
tests/test_result_document.py
View File

@@ -258,12 +258,12 @@ def assert_round_trip(rd: rdoc.ResultDocument):
@pytest.mark.parametrize( @pytest.mark.parametrize(
"rd_file", "rd_file",
[ [
pytest.param("a3f3bbc_rd"), pytest.param("a3f3bbc_rd", marks=pytest.mark.xfail(reason="document needs to be updated to the final scopes syntax once that's added")),
pytest.param("al_khaserx86_rd"), pytest.param("al_khaserx86_rd", marks=pytest.mark.xfail(reason="document needs to be updated to the final scopes syntax once that's added")),
pytest.param("al_khaserx64_rd"), pytest.param("al_khaserx64_rd", marks=pytest.mark.xfail(reason="document needs to be updated to the final scopes syntax once that's added")),
pytest.param("a076114_rd"), pytest.param("a076114_rd", marks=pytest.mark.xfail(reason="document needs to be updated to the final scopes syntax once that's added")),
pytest.param("pma0101_rd"), pytest.param("pma0101_rd"),
pytest.param("dotnet_1c444e_rd"), pytest.param("dotnet_1c444e_rd", marks=pytest.mark.xfail(reason="document needs to be updated to the final scopes syntax once that's added")),
], ],
) )
def test_round_trip(request, rd_file): def test_round_trip(request, rd_file):