gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-06 12:51:03 -08:00
Code Issues Packages Projects Releases Wiki Activity

cape: linux: handle weird argument edge case type

Browse Source
This commit is contained in:
Willi Ballenthin
2025-03-19 16:04:31 +00:00
parent 81419db62a
commit c8131bd35b
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
capa/features/extractors/cape/models.py
View File

@@ -310,6 +310,28 @@ class Argument(FlexibleModel):
pretty_value: Optional[str] = None pretty_value: Optional[str] = None
def validate_argument(value):
if isinstance(value, str):
# for a few calls on CAPE for Linux, we see arguments like in this call:
#
# timestamp: "18:12:17.199276"
# category: "misc"
# api: "uname"
# return: "0"
# ▽ arguments:
# [0]: "{sysname=\"Linux\", nodename=\"laptop\", ...}"
#
# which is just a string with a JSON-like thing inside,
# that we want to map a default unnamed argument.
return Argument(name="", value=value)
else:
return value
# mypy isn't happy about assigning to type
Argument = Annotated[Argument, BeforeValidator(validate_argument)] # type: ignore
class Call(FlexibleModel): class Call(FlexibleModel):
# timestamp: str # timestamp: str
thread_id: int | None = None thread_id: int | None = None