diff --git a/.github/mypy/mypy.ini b/.github/mypy/mypy.ini index ee7ecd4c..a3356eea 100644 --- a/.github/mypy/mypy.ini +++ b/.github/mypy/mypy.ini @@ -1,12 +1,5 @@ [mypy] -# TODO(yelhamer): remove this once proto has been added -# for the dynamic rendering -exclude = (?x)( - ^capa/render/proto/__init__.py$ - | ^tests/_test_proto.py$ - ) - [mypy-halo.*] ignore_missing_imports = True diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c688e20b..f4d040c4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -43,9 +43,9 @@ jobs: - name: Lint with black run: pre-commit run black --show-diff-on-failure - name: Lint with flake8 - run: pre-commit run flake8 + run: pre-commit run flake8 --hook-stage manual - name: Check types with mypy - run: pre-commit run mypy + run: pre-commit run mypy --hook-stage manual rule_linter: runs-on: ubuntu-20.04 @@ -95,6 +95,10 @@ jobs: run: sudo apt-get install -y libyaml-dev - name: Install capa run: pip install -e .[dev] + - name: Run tests (fast) + # this set of tests runs about 80% of the cases in 20% of the time, + # and should catch most errors quickly. + run: pre-commit run pytest-fast --all-files --hook-stage manual - name: Run tests run: pytest -v tests/ @@ -103,7 +107,7 @@ jobs: env: BN_SERIAL: ${{ secrets.BN_SERIAL }} runs-on: ubuntu-20.04 - needs: [code_style, rule_linter] + needs: [tests] strategy: fail-fast: false matrix: @@ -143,7 +147,7 @@ jobs: ghidra-tests: name: Ghidra tests for ${{ matrix.python-version }} runs-on: ubuntu-20.04 - needs: [code_style, rule_linter] + needs: [tests] strategy: fail-fast: false matrix: @@ -197,4 +201,4 @@ jobs: cat ../output.log exit_code=$(cat ../output.log | grep exit | awk '{print $NF}') exit $exit_code - + \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dbc6e80f..17129385 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -25,7 +25,7 @@ repos: hooks: - id: isort name: isort - stages: [commit, push] + stages: [commit, push, manual] language: system entry: isort args: @@ -45,7 +45,7 @@ repos: hooks: - id: black name: black - stages: [commit, push] + stages: [commit, push, manual] language: system entry: black args: @@ -62,7 +62,7 @@ repos: hooks: - id: ruff name: ruff - stages: [commit, push] + stages: [commit, push, manual] language: system entry: ruff args: @@ -79,7 +79,7 @@ repos: hooks: - id: flake8 name: flake8 - stages: [commit, push] + stages: [push, manual] language: system entry: flake8 args: @@ -97,7 +97,7 @@ repos: hooks: - id: mypy name: mypy - stages: [commit, push] + stages: [push, manual] language: system entry: mypy args: @@ -109,3 +109,21 @@ repos: - "tests/" always_run: true pass_filenames: false + +- repo: local + hooks: + - id: pytest-fast + name: pytest (fast) + stages: [manual] + language: system + entry: pytest + args: + - "tests/" + - "--ignore=tests/test_binja_features.py" + - "--ignore=tests/test_ghidra_features.py" + - "--ignore=tests/test_ida_features.py" + - "--ignore=tests/test_viv_features.py" + - "--ignore=tests/test_main.py" + - "--ignore=tests/test_scripts.py" + always_run: true + pass_filenames: false diff --git a/CHANGELOG.md b/CHANGELOG.md index 634dc441..1a75ba0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,10 +12,13 @@ - binja: add support for forwarded exports #1646 @xusheng6 - binja: add support for symtab names #1504 @xusheng6 - add com class/interface features #322 @Aayush-goel-04 +- protobuf: add `Metadata.flavor` @williballenthin ### Breaking Changes - remove the `SCOPE_*` constants in favor of the `Scope` enum #1764 @williballenthin +- protobuf: deprecate `RuleMetadata.scope` in favor of `RuleMetadata.scopes` @williballenthin +- protobuf: deprecate `Metadata.analysis` in favor of `Metadata.analysis2` that is dynamic analysis aware @williballenthin ### New Rules (19) diff --git a/capa/render/proto/__init__.py b/capa/render/proto/__init__.py index 2cd9406e..ad81ced5 100644 --- a/capa/render/proto/__init__.py +++ b/capa/render/proto/__init__.py @@ -38,16 +38,6 @@ from capa.helpers import assert_never from capa.features.freeze import AddressType -def dict_tuple_to_list_values(d: Dict) -> Dict: - o = {} - for k, v in d.items(): - if isinstance(v, tuple): - o[k] = list(v) - else: - o[k] = v - return o - - def int_to_pb2(v: int) -> capa_pb2.Integer: if v < -2_147_483_648: raise ValueError(f"value underflow: {v}") @@ -100,6 +90,51 @@ def addr_to_pb2(addr: frz.Address) -> capa_pb2.Address: token_offset=capa_pb2.Token_Offset(token=int_to_pb2(token), offset=offset), ) + elif addr.type is AddressType.PROCESS: + assert isinstance(addr.value, tuple) + ppid, pid = addr.value + assert isinstance(ppid, int) + assert isinstance(pid, int) + return capa_pb2.Address( + type=capa_pb2.AddressType.ADDRESSTYPE_PROCESS, + ppid_pid=capa_pb2.Ppid_Pid( + ppid=int_to_pb2(ppid), + pid=int_to_pb2(pid), + ), + ) + + elif addr.type is AddressType.THREAD: + assert isinstance(addr.value, tuple) + ppid, pid, tid = addr.value + assert isinstance(ppid, int) + assert isinstance(pid, int) + assert isinstance(tid, int) + return capa_pb2.Address( + type=capa_pb2.AddressType.ADDRESSTYPE_THREAD, + ppid_pid_tid=capa_pb2.Ppid_Pid_Tid( + ppid=int_to_pb2(ppid), + pid=int_to_pb2(pid), + tid=int_to_pb2(tid), + ), + ) + + elif addr.type is AddressType.CALL: + assert isinstance(addr.value, tuple) + ppid, pid, tid, id_ = addr.value + assert isinstance(ppid, int) + assert isinstance(pid, int) + assert isinstance(tid, int) + assert isinstance(id_, int) + return capa_pb2.Address( + type=capa_pb2.AddressType.ADDRESSTYPE_CALL, + ppid_pid_tid_id=capa_pb2.Ppid_Pid_Tid_Id( + ppid=int_to_pb2(ppid), + pid=int_to_pb2(pid), + tid=int_to_pb2(tid), + id=int_to_pb2(id_), + ), + ) + elif addr.type is AddressType.NO_ADDRESS: # value == None, so only set type return capa_pb2.Address(type=capa_pb2.AddressType.ADDRESSTYPE_NO_ADDRESS) @@ -117,10 +152,26 @@ def scope_to_pb2(scope: capa.rules.Scope) -> capa_pb2.Scope.ValueType: return capa_pb2.Scope.SCOPE_BASIC_BLOCK elif scope == capa.rules.Scope.INSTRUCTION: return capa_pb2.Scope.SCOPE_INSTRUCTION + elif scope == capa.rules.Scope.PROCESS: + return capa_pb2.Scope.SCOPE_PROCESS + elif scope == capa.rules.Scope.THREAD: + return capa_pb2.Scope.SCOPE_THREAD + elif scope == capa.rules.Scope.CALL: + return capa_pb2.Scope.SCOPE_CALL else: assert_never(scope) +def scopes_to_pb2(scopes: capa.rules.Scopes) -> capa_pb2.Scopes: + doc = {} + if scopes.static: + doc["static"] = scope_to_pb2(scopes.static) + if scopes.dynamic: + doc["dynamic"] = scope_to_pb2(scopes.dynamic) + + return google.protobuf.json_format.ParseDict(doc, capa_pb2.Scopes()) + + def flavor_to_pb2(flavor: rd.Flavor) -> capa_pb2.Flavor.ValueType: if flavor == rd.Flavor.STATIC: return capa_pb2.Flavor.FLAVOR_STATIC @@ -130,47 +181,87 @@ def flavor_to_pb2(flavor: rd.Flavor) -> capa_pb2.Flavor.ValueType: assert_never(flavor) -def metadata_to_pb2(meta: rd.Metadata) -> capa_pb2.Metadata: - assert isinstance(meta.analysis, rd.StaticAnalysis) - return capa_pb2.Metadata( - timestamp=str(meta.timestamp), - version=meta.version, - argv=meta.argv, - sample=google.protobuf.json_format.ParseDict(meta.sample.model_dump(), capa_pb2.Sample()), - flavor=flavor_to_pb2(meta.flavor), - analysis=capa_pb2.Analysis( - format=meta.analysis.format, - arch=meta.analysis.arch, - os=meta.analysis.os, - extractor=meta.analysis.extractor, - rules=list(meta.analysis.rules), - base_address=addr_to_pb2(meta.analysis.base_address), - layout=capa_pb2.Layout( - functions=[ - capa_pb2.FunctionLayout( - address=addr_to_pb2(f.address), - matched_basic_blocks=[ - capa_pb2.BasicBlockLayout(address=addr_to_pb2(bb.address)) for bb in f.matched_basic_blocks - ], - ) - for f in meta.analysis.layout.functions - ] - ), - feature_counts=capa_pb2.FeatureCounts( - file=meta.analysis.feature_counts.file, - functions=[ - capa_pb2.FunctionFeatureCount(address=addr_to_pb2(f.address), count=f.count) - for f in meta.analysis.feature_counts.functions - ], - ), - library_functions=[ - capa_pb2.LibraryFunction(address=addr_to_pb2(lf.address), name=lf.name) - for lf in meta.analysis.library_functions +def static_analysis_to_pb2(analysis: rd.StaticAnalysis) -> capa_pb2.StaticAnalysis: + return capa_pb2.StaticAnalysis( + format=analysis.format, + arch=analysis.arch, + os=analysis.os, + extractor=analysis.extractor, + rules=list(analysis.rules), + base_address=addr_to_pb2(analysis.base_address), + layout=capa_pb2.StaticLayout( + functions=[ + capa_pb2.FunctionLayout( + address=addr_to_pb2(f.address), + matched_basic_blocks=[ + capa_pb2.BasicBlockLayout(address=addr_to_pb2(bb.address)) for bb in f.matched_basic_blocks + ], + ) + for f in analysis.layout.functions + ] + ), + feature_counts=capa_pb2.StaticFeatureCounts( + file=analysis.feature_counts.file, + functions=[ + capa_pb2.FunctionFeatureCount(address=addr_to_pb2(f.address), count=f.count) + for f in analysis.feature_counts.functions + ], + ), + library_functions=[ + capa_pb2.LibraryFunction(address=addr_to_pb2(lf.address), name=lf.name) for lf in analysis.library_functions + ], + ) + + +def dynamic_analysis_to_pb2(analysis: rd.DynamicAnalysis) -> capa_pb2.DynamicAnalysis: + return capa_pb2.DynamicAnalysis( + format=analysis.format, + arch=analysis.arch, + os=analysis.os, + extractor=analysis.extractor, + rules=list(analysis.rules), + layout=capa_pb2.DynamicLayout( + processes=[ + capa_pb2.ProcessLayout( + address=addr_to_pb2(p.address), + matched_threads=[capa_pb2.ThreadLayout(address=addr_to_pb2(t.address)) for t in p.matched_threads], + ) + for p in analysis.layout.processes + ] + ), + feature_counts=capa_pb2.DynamicFeatureCounts( + file=analysis.feature_counts.file, + processes=[ + capa_pb2.ProcessFeatureCount(address=addr_to_pb2(p.address), count=p.count) + for p in analysis.feature_counts.processes ], ), ) +def metadata_to_pb2(meta: rd.Metadata) -> capa_pb2.Metadata: + if isinstance(meta.analysis, rd.StaticAnalysis): + return capa_pb2.Metadata( + timestamp=str(meta.timestamp), + version=meta.version, + argv=meta.argv, + sample=google.protobuf.json_format.ParseDict(meta.sample.model_dump(), capa_pb2.Sample()), + flavor=flavor_to_pb2(meta.flavor), + static_analysis=static_analysis_to_pb2(meta.analysis), + ) + elif isinstance(meta.analysis, rd.DynamicAnalysis): + return capa_pb2.Metadata( + timestamp=str(meta.timestamp), + version=meta.version, + argv=meta.argv, + sample=google.protobuf.json_format.ParseDict(meta.sample.model_dump(), capa_pb2.Sample()), + flavor=flavor_to_pb2(meta.flavor), + dynamic_analysis=dynamic_analysis_to_pb2(meta.analysis), + ) + else: + assert_never(meta.analysis) + + def statement_to_pb2(statement: rd.Statement) -> capa_pb2.StatementNode: if isinstance(statement, rd.RangeStatement): return capa_pb2.StatementNode( @@ -401,15 +492,51 @@ def match_to_pb2(match: rd.Match) -> capa_pb2.Match: assert_never(match) -def rule_metadata_to_pb2(rule_metadata: rd.RuleMetadata) -> capa_pb2.RuleMetadata: - # after manual type conversions to the RuleMetadata, we can rely on the protobuf json parser - # conversions include tuple -> list and rd.Enum -> proto.enum - meta = dict_tuple_to_list_values(rule_metadata.model_dump()) - meta["scope"] = scope_to_pb2(meta["scope"]) - meta["attack"] = list(map(dict_tuple_to_list_values, meta.get("attack", []))) - meta["mbc"] = list(map(dict_tuple_to_list_values, meta.get("mbc", []))) +def attack_to_pb2(attack: rd.AttackSpec) -> capa_pb2.AttackSpec: + return capa_pb2.AttackSpec( + parts=list(attack.parts), + tactic=attack.tactic, + technique=attack.technique, + subtechnique=attack.subtechnique, + id=attack.id, + ) - return google.protobuf.json_format.ParseDict(meta, capa_pb2.RuleMetadata()) + +def mbc_to_pb2(mbc: rd.MBCSpec) -> capa_pb2.MBCSpec: + return capa_pb2.MBCSpec( + parts=list(mbc.parts), + objective=mbc.objective, + behavior=mbc.behavior, + method=mbc.method, + id=mbc.id, + ) + + +def maec_to_pb2(maec: rd.MaecMetadata) -> capa_pb2.MaecMetadata: + return capa_pb2.MaecMetadata( + analysis_conclusion=maec.analysis_conclusion or "", + analysis_conclusion_ov=maec.analysis_conclusion_ov or "", + malware_family=maec.malware_family or "", + malware_category=maec.malware_category or "", + malware_category_ov=maec.malware_category_ov or "", + ) + + +def rule_metadata_to_pb2(rule_metadata: rd.RuleMetadata) -> capa_pb2.RuleMetadata: + return capa_pb2.RuleMetadata( + name=rule_metadata.name, + namespace=rule_metadata.namespace or "", + authors=rule_metadata.authors, + attack=[attack_to_pb2(m) for m in rule_metadata.attack], + mbc=[mbc_to_pb2(m) for m in rule_metadata.mbc], + references=rule_metadata.references, + examples=rule_metadata.examples, + description=rule_metadata.description, + lib=rule_metadata.lib, + maec=maec_to_pb2(rule_metadata.maec), + is_subscope_rule=rule_metadata.is_subscope_rule, + scopes=scopes_to_pb2(rule_metadata.scopes), + ) def doc_to_pb2(doc: rd.ResultDocument) -> capa_pb2.ResultDocument: @@ -470,6 +597,24 @@ def addr_from_pb2(addr: capa_pb2.Address) -> frz.Address: offset = addr.token_offset.offset return frz.Address(type=frz.AddressType.DN_TOKEN_OFFSET, value=(token, offset)) + elif addr.type == capa_pb2.AddressType.ADDRESSTYPE_PROCESS: + ppid = int_from_pb2(addr.ppid_pid.ppid) + pid = int_from_pb2(addr.ppid_pid.pid) + return frz.Address(type=frz.AddressType.PROCESS, value=(ppid, pid)) + + elif addr.type == capa_pb2.AddressType.ADDRESSTYPE_THREAD: + ppid = int_from_pb2(addr.ppid_pid_tid.ppid) + pid = int_from_pb2(addr.ppid_pid_tid.pid) + tid = int_from_pb2(addr.ppid_pid_tid.tid) + return frz.Address(type=frz.AddressType.THREAD, value=(ppid, pid, tid)) + + elif addr.type == capa_pb2.AddressType.ADDRESSTYPE_CALL: + ppid = int_from_pb2(addr.ppid_pid_tid_id.ppid) + pid = int_from_pb2(addr.ppid_pid_tid_id.pid) + tid = int_from_pb2(addr.ppid_pid_tid_id.tid) + id_ = int_from_pb2(addr.ppid_pid_tid_id.id) + return frz.Address(type=frz.AddressType.CALL, value=(ppid, pid, tid, id_)) + elif addr.type == capa_pb2.AddressType.ADDRESSTYPE_NO_ADDRESS: return frz.Address(type=frz.AddressType.NO_ADDRESS, value=None) @@ -486,10 +631,23 @@ def scope_from_pb2(scope: capa_pb2.Scope.ValueType) -> capa.rules.Scope: return capa.rules.Scope.BASIC_BLOCK elif scope == capa_pb2.Scope.SCOPE_INSTRUCTION: return capa.rules.Scope.INSTRUCTION + elif scope == capa_pb2.Scope.SCOPE_PROCESS: + return capa.rules.Scope.PROCESS + elif scope == capa_pb2.Scope.SCOPE_THREAD: + return capa.rules.Scope.THREAD + elif scope == capa_pb2.Scope.SCOPE_CALL: + return capa.rules.Scope.CALL else: assert_never(scope) +def scopes_from_pb2(scopes: capa_pb2.Scopes) -> capa.rules.Scopes: + return capa.rules.Scopes( + static=scope_from_pb2(scopes.static) if scopes.static else None, + dynamic=scope_from_pb2(scopes.dynamic) if scopes.dynamic else None, + ) + + def flavor_from_pb2(flavor: capa_pb2.Flavor.ValueType) -> rd.Flavor: if flavor == capa_pb2.Flavor.FLAVOR_STATIC: return rd.Flavor.STATIC @@ -499,60 +657,108 @@ def flavor_from_pb2(flavor: capa_pb2.Flavor.ValueType) -> rd.Flavor: assert_never(flavor) -def metadata_from_pb2(meta: capa_pb2.Metadata) -> rd.Metadata: - return rd.Metadata( - timestamp=datetime.datetime.fromisoformat(meta.timestamp), - version=meta.version, - argv=tuple(meta.argv) if meta.argv else None, - sample=rd.Sample( - md5=meta.sample.md5, - sha1=meta.sample.sha1, - sha256=meta.sample.sha256, - path=meta.sample.path, - ), - flavor=flavor_from_pb2(meta.flavor), - analysis=rd.StaticAnalysis( - format=meta.analysis.format, - arch=meta.analysis.arch, - os=meta.analysis.os, - extractor=meta.analysis.extractor, - rules=tuple(meta.analysis.rules), - base_address=addr_from_pb2(meta.analysis.base_address), - layout=rd.StaticLayout( - functions=tuple( - [ - rd.FunctionLayout( - address=addr_from_pb2(f.address), - matched_basic_blocks=tuple( - [ - rd.BasicBlockLayout(address=addr_from_pb2(bb.address)) - for bb in f.matched_basic_blocks - ] - ), - ) - for f in meta.analysis.layout.functions - ] - ) - ), - feature_counts=rd.StaticFeatureCounts( - file=meta.analysis.feature_counts.file, - functions=tuple( - [ - rd.FunctionFeatureCount(address=addr_from_pb2(f.address), count=f.count) - for f in meta.analysis.feature_counts.functions - ] - ), - ), - library_functions=tuple( +def static_analysis_from_pb2(analysis: capa_pb2.StaticAnalysis) -> rd.StaticAnalysis: + return rd.StaticAnalysis( + format=analysis.format, + arch=analysis.arch, + os=analysis.os, + extractor=analysis.extractor, + rules=tuple(analysis.rules), + base_address=addr_from_pb2(analysis.base_address), + layout=rd.StaticLayout( + functions=tuple( [ - rd.LibraryFunction(address=addr_from_pb2(lf.address), name=lf.name) - for lf in meta.analysis.library_functions + rd.FunctionLayout( + address=addr_from_pb2(f.address), + matched_basic_blocks=tuple( + [rd.BasicBlockLayout(address=addr_from_pb2(bb.address)) for bb in f.matched_basic_blocks] + ), + ) + for f in analysis.layout.functions + ] + ) + ), + feature_counts=rd.StaticFeatureCounts( + file=analysis.feature_counts.file, + functions=tuple( + [ + rd.FunctionFeatureCount(address=addr_from_pb2(f.address), count=f.count) + for f in analysis.feature_counts.functions + ] + ), + ), + library_functions=tuple( + [rd.LibraryFunction(address=addr_from_pb2(lf.address), name=lf.name) for lf in analysis.library_functions] + ), + ) + + +def dynamic_analysis_from_pb2(analysis: capa_pb2.DynamicAnalysis) -> rd.DynamicAnalysis: + return rd.DynamicAnalysis( + format=analysis.format, + arch=analysis.arch, + os=analysis.os, + extractor=analysis.extractor, + rules=tuple(analysis.rules), + layout=rd.DynamicLayout( + processes=tuple( + [ + rd.ProcessLayout( + address=addr_from_pb2(p.address), + matched_threads=tuple( + [rd.ThreadLayout(address=addr_from_pb2(t.address)) for t in p.matched_threads] + ), + ) + for p in analysis.layout.processes + ] + ) + ), + feature_counts=rd.DynamicFeatureCounts( + file=analysis.feature_counts.file, + processes=tuple( + [ + rd.ProcessFeatureCount(address=addr_from_pb2(p.address), count=p.count) + for p in analysis.feature_counts.processes ] ), ), ) +def metadata_from_pb2(meta: capa_pb2.Metadata) -> rd.Metadata: + analysis_type = meta.WhichOneof("analysis2") + if analysis_type == "static_analysis": + return rd.Metadata( + timestamp=datetime.datetime.fromisoformat(meta.timestamp), + version=meta.version, + argv=tuple(meta.argv) if meta.argv else None, + sample=rd.Sample( + md5=meta.sample.md5, + sha1=meta.sample.sha1, + sha256=meta.sample.sha256, + path=meta.sample.path, + ), + flavor=flavor_from_pb2(meta.flavor), + analysis=static_analysis_from_pb2(meta.static_analysis), + ) + elif analysis_type == "dynamic_analysis": + return rd.Metadata( + timestamp=datetime.datetime.fromisoformat(meta.timestamp), + version=meta.version, + argv=tuple(meta.argv) if meta.argv else None, + sample=rd.Sample( + md5=meta.sample.md5, + sha1=meta.sample.sha1, + sha256=meta.sample.sha256, + path=meta.sample.path, + ), + flavor=flavor_from_pb2(meta.flavor), + analysis=dynamic_analysis_from_pb2(meta.dynamic_analysis), + ) + else: + assert_never(analysis_type) + + def statement_from_pb2(statement: capa_pb2.StatementNode) -> rd.Statement: type_ = statement.WhichOneof("statement") @@ -732,7 +938,7 @@ def rule_metadata_from_pb2(pb: capa_pb2.RuleMetadata) -> rd.RuleMetadata: name=pb.name, namespace=pb.namespace or None, authors=tuple(pb.authors), - scope=scope_from_pb2(pb.scope), + scopes=scopes_from_pb2(pb.scopes), attack=tuple([attack_from_pb2(attack) for attack in pb.attack]), mbc=tuple([mbc_from_pb2(mbc) for mbc in pb.mbc]), references=tuple(pb.references), diff --git a/capa/render/proto/capa.proto b/capa/render/proto/capa.proto index 22277ffa..7cd6a352 100644 --- a/capa/render/proto/capa.proto +++ b/capa/render/proto/capa.proto @@ -11,6 +11,9 @@ message Address { oneof value { Integer v = 2; Token_Offset token_offset = 3; + Ppid_Pid ppid_pid = 4; + Ppid_Pid_Tid ppid_pid_tid = 5; + Ppid_Pid_Tid_Id ppid_pid_tid_id = 6; }; } @@ -22,6 +25,9 @@ enum AddressType { ADDRESSTYPE_DN_TOKEN = 4; ADDRESSTYPE_DN_TOKEN_OFFSET = 5; ADDRESSTYPE_NO_ADDRESS = 6; + ADDRESSTYPE_PROCESS = 7; + ADDRESSTYPE_THREAD = 8; + ADDRESSTYPE_CALL = 9; } message Analysis { @@ -82,6 +88,25 @@ message CompoundStatement { optional string description = 2; } +message DynamicAnalysis { + string format = 1; + string arch = 2; + string os = 3; + string extractor = 4; + repeated string rules = 5; + DynamicLayout layout = 6; + DynamicFeatureCounts feature_counts = 7; +} + +message DynamicFeatureCounts { + uint64 file = 1; + repeated ProcessFeatureCount processes = 2; +} + +message DynamicLayout { + repeated ProcessLayout processes = 1; +} + message ExportFeature { string type = 1; string export = 2; @@ -203,8 +228,15 @@ message Metadata { string version = 2; repeated string argv = 3; Sample sample = 4; - Analysis analysis = 5; + // deprecated in v7.0. + // use analysis2 instead. + Analysis analysis = 5 [deprecated = true]; Flavor flavor = 6; + oneof analysis2 { + // use analysis2 instead of analysis (deprecated in v7.0). + StaticAnalysis static_analysis = 7; + DynamicAnalysis dynamic_analysis = 8; + }; } message MnemonicFeature { @@ -251,6 +283,16 @@ message OperandOffsetFeature { optional string description = 4; } +message ProcessFeatureCount { + Address address = 1; + uint64 count = 2; +} + +message ProcessLayout { + Address address = 1; + repeated ThreadLayout matched_threads = 2; +} + message PropertyFeature { string type = 1; string property_ = 2; // property is a Python top-level decorator name @@ -288,7 +330,9 @@ message RuleMetadata { string name = 1; string namespace = 2; repeated string authors = 3; - Scope scope = 4; + // deprecated in v7.0. + // use scopes instead. + Scope scope = 4 [deprecated = true]; repeated AttackSpec attack = 5; repeated MBCSpec mbc = 6; repeated string references = 7; @@ -297,6 +341,8 @@ message RuleMetadata { bool lib = 10; MaecMetadata maec = 11; bool is_subscope_rule = 12; + // use scopes over scope (deprecated in v7.0). + Scopes scopes = 13; } message Sample { @@ -312,6 +358,14 @@ enum Scope { SCOPE_FUNCTION = 2; SCOPE_BASIC_BLOCK = 3; SCOPE_INSTRUCTION = 4; + SCOPE_PROCESS = 5; + SCOPE_THREAD = 6; + SCOPE_CALL = 7; +} + +message Scopes { + optional Scope static = 1; + optional Scope dynamic = 2; } message SectionFeature { @@ -336,6 +390,27 @@ message StatementNode { }; } +message StaticAnalysis { + string format = 1; + string arch = 2; + string os = 3; + string extractor = 4; + repeated string rules = 5; + Address base_address = 6; + StaticLayout layout = 7; + StaticFeatureCounts feature_counts = 8; + repeated LibraryFunction library_functions = 9; +} + +message StaticFeatureCounts { + uint64 file = 1; + repeated FunctionFeatureCount functions = 2; +} + +message StaticLayout { + repeated FunctionLayout functions = 1; +} + message StringFeature { string type = 1; string string = 2; @@ -354,6 +429,10 @@ message SubstringFeature { optional string description = 3; } +message ThreadLayout { + Address address = 1; +} + message Addresses { repeated Address address = 1; } message Pair_Address_Match { @@ -366,6 +445,24 @@ message Token_Offset { uint64 offset = 2; // offset is always >= 0 } +message Ppid_Pid { + Integer ppid = 1; + Integer pid = 2; +} + +message Ppid_Pid_Tid { + Integer ppid = 1; + Integer pid = 2; + Integer tid = 3; +} + +message Ppid_Pid_Tid_Id { + Integer ppid = 1; + Integer pid = 2; + Integer tid = 3; + Integer id = 4; +} + message Integer { oneof value { uint64 u = 1; sint64 i = 2; } } // unsigned or signed int message Number { oneof value { uint64 u = 1; sint64 i = 2; double f = 3; } } diff --git a/capa/render/proto/capa_pb2.py b/capa/render/proto/capa_pb2.py index c33afeea..e855c863 100644 --- a/capa/render/proto/capa_pb2.py +++ b/capa/render/proto/capa_pb2.py @@ -1,11 +1,10 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: capa/render/proto/capa.proto - -from google.protobuf.internal import enum_type_wrapper +"""Generated protocol buffer code.""" +from google.protobuf.internal import builder as _builder from google.protobuf import descriptor as _descriptor -from google.protobuf import message as _message -from google.protobuf import reflection as _reflection +from google.protobuf import descriptor_pool as _descriptor_pool from google.protobuf import symbol_database as _symbol_database # @@protoc_insertion_point(imports) @@ -14,3720 +13,157 @@ _sym_db = _symbol_database.Default() -DESCRIPTOR = _descriptor.FileDescriptor( - name='capa/render/proto/capa.proto', - package='', - syntax='proto3', - serialized_options=None, - create_key=_descriptor._internal_create_key, - serialized_pb=b'\n\x1c\x63\x61pa/render/proto/capa.proto\"Q\n\nAPIFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03\x61pi\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"l\n\x07\x41\x64\x64ress\x12\x1a\n\x04type\x18\x01 \x01(\x0e\x32\x0c.AddressType\x12\x15\n\x01v\x18\x02 \x01(\x0b\x32\x08.IntegerH\x00\x12%\n\x0ctoken_offset\x18\x03 \x01(\x0b\x32\r.Token_OffsetH\x00\x42\x07\n\x05value\"\xe4\x01\n\x08\x41nalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x0c\x62\x61se_address\x18\x06 \x01(\x0b\x32\x08.Address\x12\x17\n\x06layout\x18\x07 \x01(\x0b\x32\x07.Layout\x12&\n\x0e\x66\x65\x61ture_counts\x18\x08 \x01(\x0b\x32\x0e.FeatureCounts\x12+\n\x11library_functions\x18\t \x03(\x0b\x32\x10.LibraryFunction\"S\n\x0b\x41rchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\nAttackSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x0e\n\x06tactic\x18\x02 \x01(\t\x12\x11\n\ttechnique\x18\x03 \x01(\t\x12\x14\n\x0csubtechnique\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"K\n\x11\x42\x61sicBlockFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"-\n\x10\x42\x61sicBlockLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\"U\n\x0c\x42ytesFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x62ytes\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"g\n\x15\x43haracteristicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x16\n\x0e\x63haracteristic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\x0c\x43lassFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x63lass_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"K\n\x11\x43ompoundStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"W\n\rExportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x65xport\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"G\n\rFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12(\n\tfunctions\x18\x02 \x03(\x0b\x32\x15.FunctionFeatureCount\"\xf7\x06\n\x0b\x46\x65\x61tureNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x02os\x18\x02 \x01(\x0b\x32\n.OSFeatureH\x00\x12\x1c\n\x04\x61rch\x18\x03 \x01(\x0b\x32\x0c.ArchFeatureH\x00\x12 \n\x06\x66ormat\x18\x04 \x01(\x0b\x32\x0e.FormatFeatureH\x00\x12\x1e\n\x05match\x18\x05 \x01(\x0b\x32\r.MatchFeatureH\x00\x12\x30\n\x0e\x63haracteristic\x18\x06 \x01(\x0b\x32\x16.CharacteristicFeatureH\x00\x12 \n\x06\x65xport\x18\x07 \x01(\x0b\x32\x0e.ExportFeatureH\x00\x12!\n\x07import_\x18\x08 \x01(\x0b\x32\x0e.ImportFeatureH\x00\x12\"\n\x07section\x18\t \x01(\x0b\x32\x0f.SectionFeatureH\x00\x12-\n\rfunction_name\x18\n \x01(\x0b\x32\x14.FunctionNameFeatureH\x00\x12&\n\tsubstring\x18\x0b \x01(\x0b\x32\x11.SubstringFeatureH\x00\x12\x1e\n\x05regex\x18\x0c \x01(\x0b\x32\r.RegexFeatureH\x00\x12 \n\x06string\x18\r \x01(\x0b\x32\x0e.StringFeatureH\x00\x12\x1f\n\x06\x63lass_\x18\x0e \x01(\x0b\x32\r.ClassFeatureH\x00\x12&\n\tnamespace\x18\x0f \x01(\x0b\x32\x11.NamespaceFeatureH\x00\x12\x1a\n\x03\x61pi\x18\x10 \x01(\x0b\x32\x0b.APIFeatureH\x00\x12%\n\tproperty_\x18\x11 \x01(\x0b\x32\x10.PropertyFeatureH\x00\x12 \n\x06number\x18\x12 \x01(\x0b\x32\x0e.NumberFeatureH\x00\x12\x1e\n\x05\x62ytes\x18\x13 \x01(\x0b\x32\r.BytesFeatureH\x00\x12 \n\x06offset\x18\x14 \x01(\x0b\x32\x0e.OffsetFeatureH\x00\x12$\n\x08mnemonic\x18\x15 \x01(\x0b\x32\x10.MnemonicFeatureH\x00\x12/\n\x0eoperand_number\x18\x16 \x01(\x0b\x32\x15.OperandNumberFeatureH\x00\x12/\n\x0eoperand_offset\x18\x17 \x01(\x0b\x32\x15.OperandOffsetFeatureH\x00\x12)\n\x0b\x62\x61sic_block\x18\x18 \x01(\x0b\x32\x12.BasicBlockFeatureH\x00\x42\t\n\x07\x66\x65\x61ture\"W\n\rFormatFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x66ormat\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"@\n\x14\x46unctionFeatureCount\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"\\\n\x0e\x46unctionLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12/\n\x14matched_basic_blocks\x18\x02 \x03(\x0b\x32\x11.BasicBlockLayout\"d\n\x13\x46unctionNameFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\rfunction_name\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"X\n\rImportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07import_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\",\n\x06Layout\x12\"\n\tfunctions\x18\x01 \x03(\x0b\x32\x0f.FunctionLayout\":\n\x0fLibraryFunction\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x0c\n\x04name\x18\x02 \x01(\t\"Y\n\x07MBCSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x11\n\tobjective\x18\x02 \x01(\t\x12\x10\n\x08\x62\x65havior\x18\x03 \x01(\t\x12\x0e\n\x06method\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"\x9a\x01\n\x0cMaecMetadata\x12\x1b\n\x13\x61nalysis_conclusion\x18\x01 \x01(\t\x12\x1e\n\x16\x61nalysis_conclusion_ov\x18\x02 \x01(\t\x12\x16\n\x0emalware_family\x18\x03 \x01(\t\x12\x18\n\x10malware_category\x18\x04 \x01(\t\x12\x1b\n\x13malware_category_ov\x18\x05 \x01(\t\"\x82\x02\n\x05Match\x12\x0f\n\x07success\x18\x01 \x01(\x08\x12#\n\tstatement\x18\x02 \x01(\x0b\x32\x0e.StatementNodeH\x00\x12\x1f\n\x07\x66\x65\x61ture\x18\x03 \x01(\x0b\x32\x0c.FeatureNodeH\x00\x12\x18\n\x08\x63hildren\x18\x05 \x03(\x0b\x32\x06.Match\x12\x1b\n\tlocations\x18\x06 \x03(\x0b\x32\x08.Address\x12&\n\x08\x63\x61ptures\x18\x07 \x03(\x0b\x32\x14.Match.CapturesEntry\x1a;\n\rCapturesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x19\n\x05value\x18\x02 \x01(\x0b\x32\n.Addresses:\x02\x38\x01\x42\x06\n\x04node\"U\n\x0cMatchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05match\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x8b\x01\n\x08Metadata\x12\x11\n\ttimestamp\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04\x61rgv\x18\x03 \x03(\t\x12\x17\n\x06sample\x18\x04 \x01(\x0b\x32\x07.Sample\x12\x1b\n\x08\x61nalysis\x18\x05 \x01(\x0b\x32\t.Analysis\x12\x17\n\x06\x66lavor\x18\x06 \x01(\x0e\x32\x07.Flavor\"[\n\x0fMnemonicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x10\n\x08mnemonic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10NamespaceFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\rNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x17\n\x06number\x18\x02 \x01(\x0b\x32\x07.Number\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"O\n\tOSFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\n\n\x02os\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"a\n\rOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x06offset\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_number\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_offset\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"|\n\x0fPropertyFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tproperty_\x18\x02 \x01(\t\x12\x13\n\x06\x61\x63\x63\x65ss\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x42\t\n\x07_accessB\x0e\n\x0c_description\"\x7f\n\x0eRangeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03min\x18\x02 \x01(\x04\x12\x0b\n\x03max\x18\x03 \x01(\x04\x12\x1b\n\x05\x63hild\x18\x04 \x01(\x0b\x32\x0c.FeatureNode\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"U\n\x0cRegexFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05regex\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x90\x01\n\x0eResultDocument\x12\x17\n\x04meta\x18\x01 \x01(\x0b\x32\t.Metadata\x12)\n\x05rules\x18\x02 \x03(\x0b\x32\x1a.ResultDocument.RulesEntry\x1a:\n\nRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x1b\n\x05value\x18\x02 \x01(\x0b\x32\x0c.RuleMatches:\x02\x38\x01\"`\n\x0bRuleMatches\x12\x1b\n\x04meta\x18\x01 \x01(\x0b\x32\r.RuleMetadata\x12\x0e\n\x06source\x18\x02 \x01(\t\x12$\n\x07matches\x18\x03 \x03(\x0b\x32\x13.Pair_Address_Match\"\x8a\x02\n\x0cRuleMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x0f\n\x07\x61uthors\x18\x03 \x03(\t\x12\x15\n\x05scope\x18\x04 \x01(\x0e\x32\x06.Scope\x12\x1b\n\x06\x61ttack\x18\x05 \x03(\x0b\x32\x0b.AttackSpec\x12\x15\n\x03mbc\x18\x06 \x03(\x0b\x32\x08.MBCSpec\x12\x12\n\nreferences\x18\x07 \x03(\t\x12\x10\n\x08\x65xamples\x18\x08 \x03(\t\x12\x13\n\x0b\x64\x65scription\x18\t \x01(\t\x12\x0b\n\x03lib\x18\n \x01(\x08\x12\x1b\n\x04maec\x18\x0b \x01(\x0b\x32\r.MaecMetadata\x12\x18\n\x10is_subscope_rule\x18\x0c \x01(\x08\"A\n\x06Sample\x12\x0b\n\x03md5\x18\x01 \x01(\t\x12\x0c\n\x04sha1\x18\x02 \x01(\t\x12\x0e\n\x06sha256\x18\x03 \x01(\t\x12\x0c\n\x04path\x18\x04 \x01(\t\"Y\n\x0eSectionFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07section\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\rSomeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\r\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xbc\x01\n\rStatementNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12 \n\x05range\x18\x02 \x01(\x0b\x32\x0f.RangeStatementH\x00\x12\x1e\n\x04some\x18\x03 \x01(\x0b\x32\x0e.SomeStatementH\x00\x12&\n\x08subscope\x18\x04 \x01(\x0b\x32\x12.SubscopeStatementH\x00\x12&\n\x08\x63ompound\x18\x05 \x01(\x0b\x32\x12.CompoundStatementH\x00\x42\x0b\n\tstatement\"W\n\rStringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06string\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"b\n\x11SubscopeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\x05scope\x18\x02 \x01(\x0e\x32\x06.Scope\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10SubstringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tsubstring\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"&\n\tAddresses\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x03(\x0b\x32\x08.Address\"F\n\x12Pair_Address_Match\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x15\n\x05match\x18\x02 \x01(\x0b\x32\x06.Match\"7\n\x0cToken_Offset\x12\x17\n\x05token\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x0e\n\x06offset\x18\x02 \x01(\x04\",\n\x07Integer\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x42\x07\n\x05value\"8\n\x06Number\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x12\x0b\n\x01\x66\x18\x03 \x01(\x01H\x00\x42\x07\n\x05value*\xcb\x01\n\x0b\x41\x64\x64ressType\x12\x1b\n\x17\x41\x44\x44RESSTYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14\x41\x44\x44RESSTYPE_ABSOLUTE\x10\x01\x12\x18\n\x14\x41\x44\x44RESSTYPE_RELATIVE\x10\x02\x12\x14\n\x10\x41\x44\x44RESSTYPE_FILE\x10\x03\x12\x18\n\x14\x41\x44\x44RESSTYPE_DN_TOKEN\x10\x04\x12\x1f\n\x1b\x41\x44\x44RESSTYPE_DN_TOKEN_OFFSET\x10\x05\x12\x1a\n\x16\x41\x44\x44RESSTYPE_NO_ADDRESS\x10\x06*G\n\x06\x46lavor\x12\x16\n\x12\x46LAVOR_UNSPECIFIED\x10\x00\x12\x11\n\rFLAVOR_STATIC\x10\x01\x12\x12\n\x0e\x46LAVOR_DYNAMIC\x10\x02*p\n\x05Scope\x12\x15\n\x11SCOPE_UNSPECIFIED\x10\x00\x12\x0e\n\nSCOPE_FILE\x10\x01\x12\x12\n\x0eSCOPE_FUNCTION\x10\x02\x12\x15\n\x11SCOPE_BASIC_BLOCK\x10\x03\x12\x15\n\x11SCOPE_INSTRUCTION\x10\x04\x62\x06proto3' -) - -_ADDRESSTYPE = _descriptor.EnumDescriptor( - name='AddressType', - full_name='AddressType', - filename=None, - file=DESCRIPTOR, - create_key=_descriptor._internal_create_key, - values=[ - _descriptor.EnumValueDescriptor( - name='ADDRESSTYPE_UNSPECIFIED', index=0, number=0, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='ADDRESSTYPE_ABSOLUTE', index=1, number=1, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='ADDRESSTYPE_RELATIVE', index=2, number=2, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='ADDRESSTYPE_FILE', index=3, number=3, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='ADDRESSTYPE_DN_TOKEN', index=4, number=4, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='ADDRESSTYPE_DN_TOKEN_OFFSET', index=5, number=5, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='ADDRESSTYPE_NO_ADDRESS', index=6, number=6, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - ], - containing_type=None, - serialized_options=None, - serialized_start=6032, - serialized_end=6235, -) -_sym_db.RegisterEnumDescriptor(_ADDRESSTYPE) - -AddressType = enum_type_wrapper.EnumTypeWrapper(_ADDRESSTYPE) -_FLAVOR = _descriptor.EnumDescriptor( - name='Flavor', - full_name='Flavor', - filename=None, - file=DESCRIPTOR, - create_key=_descriptor._internal_create_key, - values=[ - _descriptor.EnumValueDescriptor( - name='FLAVOR_UNSPECIFIED', index=0, number=0, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='FLAVOR_STATIC', index=1, number=1, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='FLAVOR_DYNAMIC', index=2, number=2, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - ], - containing_type=None, - serialized_options=None, - serialized_start=6237, - serialized_end=6308, -) -_sym_db.RegisterEnumDescriptor(_FLAVOR) - -Flavor = enum_type_wrapper.EnumTypeWrapper(_FLAVOR) -_SCOPE = _descriptor.EnumDescriptor( - name='Scope', - full_name='Scope', - filename=None, - file=DESCRIPTOR, - create_key=_descriptor._internal_create_key, - values=[ - _descriptor.EnumValueDescriptor( - name='SCOPE_UNSPECIFIED', index=0, number=0, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='SCOPE_FILE', index=1, number=1, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='SCOPE_FUNCTION', index=2, number=2, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='SCOPE_BASIC_BLOCK', index=3, number=3, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - _descriptor.EnumValueDescriptor( - name='SCOPE_INSTRUCTION', index=4, number=4, - serialized_options=None, - type=None, - create_key=_descriptor._internal_create_key), - ], - containing_type=None, - serialized_options=None, - serialized_start=6310, - serialized_end=6422, -) -_sym_db.RegisterEnumDescriptor(_SCOPE) - -Scope = enum_type_wrapper.EnumTypeWrapper(_SCOPE) -ADDRESSTYPE_UNSPECIFIED = 0 -ADDRESSTYPE_ABSOLUTE = 1 -ADDRESSTYPE_RELATIVE = 2 -ADDRESSTYPE_FILE = 3 -ADDRESSTYPE_DN_TOKEN = 4 -ADDRESSTYPE_DN_TOKEN_OFFSET = 5 -ADDRESSTYPE_NO_ADDRESS = 6 -FLAVOR_UNSPECIFIED = 0 -FLAVOR_STATIC = 1 -FLAVOR_DYNAMIC = 2 -SCOPE_UNSPECIFIED = 0 -SCOPE_FILE = 1 -SCOPE_FUNCTION = 2 -SCOPE_BASIC_BLOCK = 3 -SCOPE_INSTRUCTION = 4 - - - -_APIFEATURE = _descriptor.Descriptor( - name='APIFeature', - full_name='APIFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='APIFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='api', full_name='APIFeature.api', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='APIFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='APIFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=32, - serialized_end=113, -) - - -_ADDRESS = _descriptor.Descriptor( - name='Address', - full_name='Address', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='Address.type', index=0, - number=1, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='v', full_name='Address.v', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='token_offset', full_name='Address.token_offset', index=2, - number=3, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='value', full_name='Address.value', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=115, - serialized_end=223, -) - - -_ANALYSIS = _descriptor.Descriptor( - name='Analysis', - full_name='Analysis', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='format', full_name='Analysis.format', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='arch', full_name='Analysis.arch', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='os', full_name='Analysis.os', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='extractor', full_name='Analysis.extractor', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='rules', full_name='Analysis.rules', index=4, - number=5, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='base_address', full_name='Analysis.base_address', index=5, - number=6, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='layout', full_name='Analysis.layout', index=6, - number=7, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='feature_counts', full_name='Analysis.feature_counts', index=7, - number=8, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='library_functions', full_name='Analysis.library_functions', index=8, - number=9, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=226, - serialized_end=454, -) - - -_ARCHFEATURE = _descriptor.Descriptor( - name='ArchFeature', - full_name='ArchFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='ArchFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='arch', full_name='ArchFeature.arch', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='ArchFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='ArchFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=456, - serialized_end=539, -) - - -_ATTACKSPEC = _descriptor.Descriptor( - name='AttackSpec', - full_name='AttackSpec', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='parts', full_name='AttackSpec.parts', index=0, - number=1, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='tactic', full_name='AttackSpec.tactic', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='technique', full_name='AttackSpec.technique', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='subtechnique', full_name='AttackSpec.subtechnique', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='id', full_name='AttackSpec.id', index=4, - number=5, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=541, - serialized_end=637, -) - - -_BASICBLOCKFEATURE = _descriptor.Descriptor( - name='BasicBlockFeature', - full_name='BasicBlockFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='BasicBlockFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='BasicBlockFeature.description', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='BasicBlockFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=639, - serialized_end=714, -) - - -_BASICBLOCKLAYOUT = _descriptor.Descriptor( - name='BasicBlockLayout', - full_name='BasicBlockLayout', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='address', full_name='BasicBlockLayout.address', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=716, - serialized_end=761, -) - - -_BYTESFEATURE = _descriptor.Descriptor( - name='BytesFeature', - full_name='BytesFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='BytesFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='bytes', full_name='BytesFeature.bytes', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='BytesFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='BytesFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=763, - serialized_end=848, -) - - -_CHARACTERISTICFEATURE = _descriptor.Descriptor( - name='CharacteristicFeature', - full_name='CharacteristicFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='CharacteristicFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='characteristic', full_name='CharacteristicFeature.characteristic', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='CharacteristicFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='CharacteristicFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=850, - serialized_end=953, -) - - -_CLASSFEATURE = _descriptor.Descriptor( - name='ClassFeature', - full_name='ClassFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='ClassFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='class_', full_name='ClassFeature.class_', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='ClassFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='ClassFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=955, - serialized_end=1041, -) - - -_COMPOUNDSTATEMENT = _descriptor.Descriptor( - name='CompoundStatement', - full_name='CompoundStatement', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='CompoundStatement.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='CompoundStatement.description', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='CompoundStatement._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=1043, - serialized_end=1118, -) - - -_EXPORTFEATURE = _descriptor.Descriptor( - name='ExportFeature', - full_name='ExportFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='ExportFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='export', full_name='ExportFeature.export', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='ExportFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='ExportFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=1120, - serialized_end=1207, -) - - -_FEATURECOUNTS = _descriptor.Descriptor( - name='FeatureCounts', - full_name='FeatureCounts', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='file', full_name='FeatureCounts.file', index=0, - number=1, type=4, cpp_type=4, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='functions', full_name='FeatureCounts.functions', index=1, - number=2, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=1209, - serialized_end=1280, -) - - -_FEATURENODE = _descriptor.Descriptor( - name='FeatureNode', - full_name='FeatureNode', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='FeatureNode.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='os', full_name='FeatureNode.os', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='arch', full_name='FeatureNode.arch', index=2, - number=3, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='format', full_name='FeatureNode.format', index=3, - number=4, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='match', full_name='FeatureNode.match', index=4, - number=5, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='characteristic', full_name='FeatureNode.characteristic', index=5, - number=6, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='export', full_name='FeatureNode.export', index=6, - number=7, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='import_', full_name='FeatureNode.import_', index=7, - number=8, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='section', full_name='FeatureNode.section', index=8, - number=9, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='function_name', full_name='FeatureNode.function_name', index=9, - number=10, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='substring', full_name='FeatureNode.substring', index=10, - number=11, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='regex', full_name='FeatureNode.regex', index=11, - number=12, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='string', full_name='FeatureNode.string', index=12, - number=13, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='class_', full_name='FeatureNode.class_', index=13, - number=14, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='namespace', full_name='FeatureNode.namespace', index=14, - number=15, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='api', full_name='FeatureNode.api', index=15, - number=16, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='property_', full_name='FeatureNode.property_', index=16, - number=17, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='number', full_name='FeatureNode.number', index=17, - number=18, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='bytes', full_name='FeatureNode.bytes', index=18, - number=19, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='offset', full_name='FeatureNode.offset', index=19, - number=20, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='mnemonic', full_name='FeatureNode.mnemonic', index=20, - number=21, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='operand_number', full_name='FeatureNode.operand_number', index=21, - number=22, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='operand_offset', full_name='FeatureNode.operand_offset', index=22, - number=23, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='basic_block', full_name='FeatureNode.basic_block', index=23, - number=24, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='feature', full_name='FeatureNode.feature', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=1283, - serialized_end=2170, -) - - -_FORMATFEATURE = _descriptor.Descriptor( - name='FormatFeature', - full_name='FormatFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='FormatFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='format', full_name='FormatFeature.format', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='FormatFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='FormatFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=2172, - serialized_end=2259, -) - - -_FUNCTIONFEATURECOUNT = _descriptor.Descriptor( - name='FunctionFeatureCount', - full_name='FunctionFeatureCount', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='address', full_name='FunctionFeatureCount.address', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='count', full_name='FunctionFeatureCount.count', index=1, - number=2, type=4, cpp_type=4, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=2261, - serialized_end=2325, -) - - -_FUNCTIONLAYOUT = _descriptor.Descriptor( - name='FunctionLayout', - full_name='FunctionLayout', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='address', full_name='FunctionLayout.address', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='matched_basic_blocks', full_name='FunctionLayout.matched_basic_blocks', index=1, - number=2, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=2327, - serialized_end=2419, -) - - -_FUNCTIONNAMEFEATURE = _descriptor.Descriptor( - name='FunctionNameFeature', - full_name='FunctionNameFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='FunctionNameFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='function_name', full_name='FunctionNameFeature.function_name', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='FunctionNameFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='FunctionNameFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=2421, - serialized_end=2521, -) - - -_IMPORTFEATURE = _descriptor.Descriptor( - name='ImportFeature', - full_name='ImportFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='ImportFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='import_', full_name='ImportFeature.import_', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='ImportFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='ImportFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=2523, - serialized_end=2611, -) - - -_LAYOUT = _descriptor.Descriptor( - name='Layout', - full_name='Layout', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='functions', full_name='Layout.functions', index=0, - number=1, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=2613, - serialized_end=2657, -) - - -_LIBRARYFUNCTION = _descriptor.Descriptor( - name='LibraryFunction', - full_name='LibraryFunction', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='address', full_name='LibraryFunction.address', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='name', full_name='LibraryFunction.name', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=2659, - serialized_end=2717, -) - - -_MBCSPEC = _descriptor.Descriptor( - name='MBCSpec', - full_name='MBCSpec', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='parts', full_name='MBCSpec.parts', index=0, - number=1, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='objective', full_name='MBCSpec.objective', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='behavior', full_name='MBCSpec.behavior', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='method', full_name='MBCSpec.method', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='id', full_name='MBCSpec.id', index=4, - number=5, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=2719, - serialized_end=2808, -) - - -_MAECMETADATA = _descriptor.Descriptor( - name='MaecMetadata', - full_name='MaecMetadata', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='analysis_conclusion', full_name='MaecMetadata.analysis_conclusion', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='analysis_conclusion_ov', full_name='MaecMetadata.analysis_conclusion_ov', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='malware_family', full_name='MaecMetadata.malware_family', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='malware_category', full_name='MaecMetadata.malware_category', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='malware_category_ov', full_name='MaecMetadata.malware_category_ov', index=4, - number=5, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=2811, - serialized_end=2965, -) - - -_MATCH_CAPTURESENTRY = _descriptor.Descriptor( - name='CapturesEntry', - full_name='Match.CapturesEntry', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='key', full_name='Match.CapturesEntry.key', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='value', full_name='Match.CapturesEntry.value', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=b'8\001', - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=3159, - serialized_end=3218, -) - -_MATCH = _descriptor.Descriptor( - name='Match', - full_name='Match', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='success', full_name='Match.success', index=0, - number=1, type=8, cpp_type=7, label=1, - has_default_value=False, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='statement', full_name='Match.statement', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='feature', full_name='Match.feature', index=2, - number=3, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='children', full_name='Match.children', index=3, - number=5, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='locations', full_name='Match.locations', index=4, - number=6, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='captures', full_name='Match.captures', index=5, - number=7, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[_MATCH_CAPTURESENTRY, ], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='node', full_name='Match.node', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=2968, - serialized_end=3226, -) - - -_MATCHFEATURE = _descriptor.Descriptor( - name='MatchFeature', - full_name='MatchFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='MatchFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='match', full_name='MatchFeature.match', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='MatchFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='MatchFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=3228, - serialized_end=3313, -) - - -_METADATA = _descriptor.Descriptor( - name='Metadata', - full_name='Metadata', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='timestamp', full_name='Metadata.timestamp', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='version', full_name='Metadata.version', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='argv', full_name='Metadata.argv', index=2, - number=3, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='sample', full_name='Metadata.sample', index=3, - number=4, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='analysis', full_name='Metadata.analysis', index=4, - number=5, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='flavor', full_name='Metadata.flavor', index=5, - number=6, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=3316, - serialized_end=3455, -) - - -_MNEMONICFEATURE = _descriptor.Descriptor( - name='MnemonicFeature', - full_name='MnemonicFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='MnemonicFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='mnemonic', full_name='MnemonicFeature.mnemonic', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='MnemonicFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='MnemonicFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=3457, - serialized_end=3548, -) - - -_NAMESPACEFEATURE = _descriptor.Descriptor( - name='NamespaceFeature', - full_name='NamespaceFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='NamespaceFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='namespace', full_name='NamespaceFeature.namespace', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='NamespaceFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='NamespaceFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=3550, - serialized_end=3643, -) - - -_NUMBERFEATURE = _descriptor.Descriptor( - name='NumberFeature', - full_name='NumberFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='NumberFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='number', full_name='NumberFeature.number', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='NumberFeature.description', index=2, - number=5, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='NumberFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=3645, - serialized_end=3741, -) - - -_OSFEATURE = _descriptor.Descriptor( - name='OSFeature', - full_name='OSFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='OSFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='os', full_name='OSFeature.os', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='OSFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='OSFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=3743, - serialized_end=3822, -) - - -_OFFSETFEATURE = _descriptor.Descriptor( - name='OffsetFeature', - full_name='OffsetFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='OffsetFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='offset', full_name='OffsetFeature.offset', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='OffsetFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='OffsetFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=3824, - serialized_end=3921, -) - - -_OPERANDNUMBERFEATURE = _descriptor.Descriptor( - name='OperandNumberFeature', - full_name='OperandNumberFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='OperandNumberFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='index', full_name='OperandNumberFeature.index', index=1, - number=2, type=13, cpp_type=3, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='operand_number', full_name='OperandNumberFeature.operand_number', index=2, - number=3, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='OperandNumberFeature.description', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='OperandNumberFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=3923, - serialized_end=4050, -) - - -_OPERANDOFFSETFEATURE = _descriptor.Descriptor( - name='OperandOffsetFeature', - full_name='OperandOffsetFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='OperandOffsetFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='index', full_name='OperandOffsetFeature.index', index=1, - number=2, type=13, cpp_type=3, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='operand_offset', full_name='OperandOffsetFeature.operand_offset', index=2, - number=3, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='OperandOffsetFeature.description', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='OperandOffsetFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=4052, - serialized_end=4179, -) - - -_PROPERTYFEATURE = _descriptor.Descriptor( - name='PropertyFeature', - full_name='PropertyFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='PropertyFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='property_', full_name='PropertyFeature.property_', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='access', full_name='PropertyFeature.access', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='PropertyFeature.description', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_access', full_name='PropertyFeature._access', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - _descriptor.OneofDescriptor( - name='_description', full_name='PropertyFeature._description', - index=1, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=4181, - serialized_end=4305, -) - - -_RANGESTATEMENT = _descriptor.Descriptor( - name='RangeStatement', - full_name='RangeStatement', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='RangeStatement.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='min', full_name='RangeStatement.min', index=1, - number=2, type=4, cpp_type=4, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='max', full_name='RangeStatement.max', index=2, - number=3, type=4, cpp_type=4, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='child', full_name='RangeStatement.child', index=3, - number=4, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='RangeStatement.description', index=4, - number=5, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='RangeStatement._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=4307, - serialized_end=4434, -) - - -_REGEXFEATURE = _descriptor.Descriptor( - name='RegexFeature', - full_name='RegexFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='RegexFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='regex', full_name='RegexFeature.regex', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='RegexFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='RegexFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=4436, - serialized_end=4521, -) - - -_RESULTDOCUMENT_RULESENTRY = _descriptor.Descriptor( - name='RulesEntry', - full_name='ResultDocument.RulesEntry', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='key', full_name='ResultDocument.RulesEntry.key', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='value', full_name='ResultDocument.RulesEntry.value', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=b'8\001', - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=4610, - serialized_end=4668, -) - -_RESULTDOCUMENT = _descriptor.Descriptor( - name='ResultDocument', - full_name='ResultDocument', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='meta', full_name='ResultDocument.meta', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='rules', full_name='ResultDocument.rules', index=1, - number=2, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[_RESULTDOCUMENT_RULESENTRY, ], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=4524, - serialized_end=4668, -) - - -_RULEMATCHES = _descriptor.Descriptor( - name='RuleMatches', - full_name='RuleMatches', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='meta', full_name='RuleMatches.meta', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='source', full_name='RuleMatches.source', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='matches', full_name='RuleMatches.matches', index=2, - number=3, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=4670, - serialized_end=4766, -) - - -_RULEMETADATA = _descriptor.Descriptor( - name='RuleMetadata', - full_name='RuleMetadata', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='name', full_name='RuleMetadata.name', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='namespace', full_name='RuleMetadata.namespace', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='authors', full_name='RuleMetadata.authors', index=2, - number=3, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='scope', full_name='RuleMetadata.scope', index=3, - number=4, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='attack', full_name='RuleMetadata.attack', index=4, - number=5, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='mbc', full_name='RuleMetadata.mbc', index=5, - number=6, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='references', full_name='RuleMetadata.references', index=6, - number=7, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='examples', full_name='RuleMetadata.examples', index=7, - number=8, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='RuleMetadata.description', index=8, - number=9, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='lib', full_name='RuleMetadata.lib', index=9, - number=10, type=8, cpp_type=7, label=1, - has_default_value=False, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='maec', full_name='RuleMetadata.maec', index=10, - number=11, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='is_subscope_rule', full_name='RuleMetadata.is_subscope_rule', index=11, - number=12, type=8, cpp_type=7, label=1, - has_default_value=False, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=4769, - serialized_end=5035, -) - - -_SAMPLE = _descriptor.Descriptor( - name='Sample', - full_name='Sample', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='md5', full_name='Sample.md5', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='sha1', full_name='Sample.sha1', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='sha256', full_name='Sample.sha256', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='path', full_name='Sample.path', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=5037, - serialized_end=5102, -) - - -_SECTIONFEATURE = _descriptor.Descriptor( - name='SectionFeature', - full_name='SectionFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='SectionFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='section', full_name='SectionFeature.section', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='SectionFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='SectionFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5104, - serialized_end=5193, -) - - -_SOMESTATEMENT = _descriptor.Descriptor( - name='SomeStatement', - full_name='SomeStatement', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='SomeStatement.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='count', full_name='SomeStatement.count', index=1, - number=2, type=13, cpp_type=3, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='SomeStatement.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='SomeStatement._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5195, - serialized_end=5281, -) - - -_STATEMENTNODE = _descriptor.Descriptor( - name='StatementNode', - full_name='StatementNode', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='StatementNode.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='range', full_name='StatementNode.range', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='some', full_name='StatementNode.some', index=2, - number=3, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='subscope', full_name='StatementNode.subscope', index=3, - number=4, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='compound', full_name='StatementNode.compound', index=4, - number=5, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='statement', full_name='StatementNode.statement', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5284, - serialized_end=5472, -) - - -_STRINGFEATURE = _descriptor.Descriptor( - name='StringFeature', - full_name='StringFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='StringFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='string', full_name='StringFeature.string', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='StringFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='StringFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5474, - serialized_end=5561, -) - - -_SUBSCOPESTATEMENT = _descriptor.Descriptor( - name='SubscopeStatement', - full_name='SubscopeStatement', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='SubscopeStatement.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='scope', full_name='SubscopeStatement.scope', index=1, - number=2, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='SubscopeStatement.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='SubscopeStatement._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5563, - serialized_end=5661, -) - - -_SUBSTRINGFEATURE = _descriptor.Descriptor( - name='SubstringFeature', - full_name='SubstringFeature', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='type', full_name='SubstringFeature.type', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='substring', full_name='SubstringFeature.substring', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='description', full_name='SubstringFeature.description', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='_description', full_name='SubstringFeature._description', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5663, - serialized_end=5756, -) - - -_ADDRESSES = _descriptor.Descriptor( - name='Addresses', - full_name='Addresses', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='address', full_name='Addresses.address', index=0, - number=1, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=5758, - serialized_end=5796, -) - - -_PAIR_ADDRESS_MATCH = _descriptor.Descriptor( - name='Pair_Address_Match', - full_name='Pair_Address_Match', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='address', full_name='Pair_Address_Match.address', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='match', full_name='Pair_Address_Match.match', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=5798, - serialized_end=5868, -) - - -_TOKEN_OFFSET = _descriptor.Descriptor( - name='Token_Offset', - full_name='Token_Offset', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='token', full_name='Token_Offset.token', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='offset', full_name='Token_Offset.offset', index=1, - number=2, type=4, cpp_type=4, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=5870, - serialized_end=5925, -) - - -_INTEGER = _descriptor.Descriptor( - name='Integer', - full_name='Integer', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='u', full_name='Integer.u', index=0, - number=1, type=4, cpp_type=4, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='i', full_name='Integer.i', index=1, - number=2, type=18, cpp_type=2, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='value', full_name='Integer.value', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5927, - serialized_end=5971, -) - - -_NUMBER = _descriptor.Descriptor( - name='Number', - full_name='Number', - filename=None, - file=DESCRIPTOR, - containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[ - _descriptor.FieldDescriptor( - name='u', full_name='Number.u', index=0, - number=1, type=4, cpp_type=4, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='i', full_name='Number.i', index=1, - number=2, type=18, cpp_type=2, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - _descriptor.FieldDescriptor( - name='f', full_name='Number.f', index=2, - number=3, type=1, cpp_type=5, label=1, - has_default_value=False, default_value=float(0), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - serialized_options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='value', full_name='Number.value', - index=0, containing_type=None, - create_key=_descriptor._internal_create_key, - fields=[]), - ], - serialized_start=5973, - serialized_end=6029, -) - -_APIFEATURE.oneofs_by_name['_description'].fields.append( - _APIFEATURE.fields_by_name['description']) -_APIFEATURE.fields_by_name['description'].containing_oneof = _APIFEATURE.oneofs_by_name['_description'] -_ADDRESS.fields_by_name['type'].enum_type = _ADDRESSTYPE -_ADDRESS.fields_by_name['v'].message_type = _INTEGER -_ADDRESS.fields_by_name['token_offset'].message_type = _TOKEN_OFFSET -_ADDRESS.oneofs_by_name['value'].fields.append( - _ADDRESS.fields_by_name['v']) -_ADDRESS.fields_by_name['v'].containing_oneof = _ADDRESS.oneofs_by_name['value'] -_ADDRESS.oneofs_by_name['value'].fields.append( - _ADDRESS.fields_by_name['token_offset']) -_ADDRESS.fields_by_name['token_offset'].containing_oneof = _ADDRESS.oneofs_by_name['value'] -_ANALYSIS.fields_by_name['base_address'].message_type = _ADDRESS -_ANALYSIS.fields_by_name['layout'].message_type = _LAYOUT -_ANALYSIS.fields_by_name['feature_counts'].message_type = _FEATURECOUNTS -_ANALYSIS.fields_by_name['library_functions'].message_type = _LIBRARYFUNCTION -_ARCHFEATURE.oneofs_by_name['_description'].fields.append( - _ARCHFEATURE.fields_by_name['description']) -_ARCHFEATURE.fields_by_name['description'].containing_oneof = _ARCHFEATURE.oneofs_by_name['_description'] -_BASICBLOCKFEATURE.oneofs_by_name['_description'].fields.append( - _BASICBLOCKFEATURE.fields_by_name['description']) -_BASICBLOCKFEATURE.fields_by_name['description'].containing_oneof = _BASICBLOCKFEATURE.oneofs_by_name['_description'] -_BASICBLOCKLAYOUT.fields_by_name['address'].message_type = _ADDRESS -_BYTESFEATURE.oneofs_by_name['_description'].fields.append( - _BYTESFEATURE.fields_by_name['description']) -_BYTESFEATURE.fields_by_name['description'].containing_oneof = _BYTESFEATURE.oneofs_by_name['_description'] -_CHARACTERISTICFEATURE.oneofs_by_name['_description'].fields.append( - _CHARACTERISTICFEATURE.fields_by_name['description']) -_CHARACTERISTICFEATURE.fields_by_name['description'].containing_oneof = _CHARACTERISTICFEATURE.oneofs_by_name['_description'] -_CLASSFEATURE.oneofs_by_name['_description'].fields.append( - _CLASSFEATURE.fields_by_name['description']) -_CLASSFEATURE.fields_by_name['description'].containing_oneof = _CLASSFEATURE.oneofs_by_name['_description'] -_COMPOUNDSTATEMENT.oneofs_by_name['_description'].fields.append( - _COMPOUNDSTATEMENT.fields_by_name['description']) -_COMPOUNDSTATEMENT.fields_by_name['description'].containing_oneof = _COMPOUNDSTATEMENT.oneofs_by_name['_description'] -_EXPORTFEATURE.oneofs_by_name['_description'].fields.append( - _EXPORTFEATURE.fields_by_name['description']) -_EXPORTFEATURE.fields_by_name['description'].containing_oneof = _EXPORTFEATURE.oneofs_by_name['_description'] -_FEATURECOUNTS.fields_by_name['functions'].message_type = _FUNCTIONFEATURECOUNT -_FEATURENODE.fields_by_name['os'].message_type = _OSFEATURE -_FEATURENODE.fields_by_name['arch'].message_type = _ARCHFEATURE -_FEATURENODE.fields_by_name['format'].message_type = _FORMATFEATURE -_FEATURENODE.fields_by_name['match'].message_type = _MATCHFEATURE -_FEATURENODE.fields_by_name['characteristic'].message_type = _CHARACTERISTICFEATURE -_FEATURENODE.fields_by_name['export'].message_type = _EXPORTFEATURE -_FEATURENODE.fields_by_name['import_'].message_type = _IMPORTFEATURE -_FEATURENODE.fields_by_name['section'].message_type = _SECTIONFEATURE -_FEATURENODE.fields_by_name['function_name'].message_type = _FUNCTIONNAMEFEATURE -_FEATURENODE.fields_by_name['substring'].message_type = _SUBSTRINGFEATURE -_FEATURENODE.fields_by_name['regex'].message_type = _REGEXFEATURE -_FEATURENODE.fields_by_name['string'].message_type = _STRINGFEATURE -_FEATURENODE.fields_by_name['class_'].message_type = _CLASSFEATURE -_FEATURENODE.fields_by_name['namespace'].message_type = _NAMESPACEFEATURE -_FEATURENODE.fields_by_name['api'].message_type = _APIFEATURE -_FEATURENODE.fields_by_name['property_'].message_type = _PROPERTYFEATURE -_FEATURENODE.fields_by_name['number'].message_type = _NUMBERFEATURE -_FEATURENODE.fields_by_name['bytes'].message_type = _BYTESFEATURE -_FEATURENODE.fields_by_name['offset'].message_type = _OFFSETFEATURE -_FEATURENODE.fields_by_name['mnemonic'].message_type = _MNEMONICFEATURE -_FEATURENODE.fields_by_name['operand_number'].message_type = _OPERANDNUMBERFEATURE -_FEATURENODE.fields_by_name['operand_offset'].message_type = _OPERANDOFFSETFEATURE -_FEATURENODE.fields_by_name['basic_block'].message_type = _BASICBLOCKFEATURE -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['os']) -_FEATURENODE.fields_by_name['os'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['arch']) -_FEATURENODE.fields_by_name['arch'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['format']) -_FEATURENODE.fields_by_name['format'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['match']) -_FEATURENODE.fields_by_name['match'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['characteristic']) -_FEATURENODE.fields_by_name['characteristic'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['export']) -_FEATURENODE.fields_by_name['export'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['import_']) -_FEATURENODE.fields_by_name['import_'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['section']) -_FEATURENODE.fields_by_name['section'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['function_name']) -_FEATURENODE.fields_by_name['function_name'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['substring']) -_FEATURENODE.fields_by_name['substring'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['regex']) -_FEATURENODE.fields_by_name['regex'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['string']) -_FEATURENODE.fields_by_name['string'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['class_']) -_FEATURENODE.fields_by_name['class_'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['namespace']) -_FEATURENODE.fields_by_name['namespace'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['api']) -_FEATURENODE.fields_by_name['api'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['property_']) -_FEATURENODE.fields_by_name['property_'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['number']) -_FEATURENODE.fields_by_name['number'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['bytes']) -_FEATURENODE.fields_by_name['bytes'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['offset']) -_FEATURENODE.fields_by_name['offset'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['mnemonic']) -_FEATURENODE.fields_by_name['mnemonic'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['operand_number']) -_FEATURENODE.fields_by_name['operand_number'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['operand_offset']) -_FEATURENODE.fields_by_name['operand_offset'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FEATURENODE.oneofs_by_name['feature'].fields.append( - _FEATURENODE.fields_by_name['basic_block']) -_FEATURENODE.fields_by_name['basic_block'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] -_FORMATFEATURE.oneofs_by_name['_description'].fields.append( - _FORMATFEATURE.fields_by_name['description']) -_FORMATFEATURE.fields_by_name['description'].containing_oneof = _FORMATFEATURE.oneofs_by_name['_description'] -_FUNCTIONFEATURECOUNT.fields_by_name['address'].message_type = _ADDRESS -_FUNCTIONLAYOUT.fields_by_name['address'].message_type = _ADDRESS -_FUNCTIONLAYOUT.fields_by_name['matched_basic_blocks'].message_type = _BASICBLOCKLAYOUT -_FUNCTIONNAMEFEATURE.oneofs_by_name['_description'].fields.append( - _FUNCTIONNAMEFEATURE.fields_by_name['description']) -_FUNCTIONNAMEFEATURE.fields_by_name['description'].containing_oneof = _FUNCTIONNAMEFEATURE.oneofs_by_name['_description'] -_IMPORTFEATURE.oneofs_by_name['_description'].fields.append( - _IMPORTFEATURE.fields_by_name['description']) -_IMPORTFEATURE.fields_by_name['description'].containing_oneof = _IMPORTFEATURE.oneofs_by_name['_description'] -_LAYOUT.fields_by_name['functions'].message_type = _FUNCTIONLAYOUT -_LIBRARYFUNCTION.fields_by_name['address'].message_type = _ADDRESS -_MATCH_CAPTURESENTRY.fields_by_name['value'].message_type = _ADDRESSES -_MATCH_CAPTURESENTRY.containing_type = _MATCH -_MATCH.fields_by_name['statement'].message_type = _STATEMENTNODE -_MATCH.fields_by_name['feature'].message_type = _FEATURENODE -_MATCH.fields_by_name['children'].message_type = _MATCH -_MATCH.fields_by_name['locations'].message_type = _ADDRESS -_MATCH.fields_by_name['captures'].message_type = _MATCH_CAPTURESENTRY -_MATCH.oneofs_by_name['node'].fields.append( - _MATCH.fields_by_name['statement']) -_MATCH.fields_by_name['statement'].containing_oneof = _MATCH.oneofs_by_name['node'] -_MATCH.oneofs_by_name['node'].fields.append( - _MATCH.fields_by_name['feature']) -_MATCH.fields_by_name['feature'].containing_oneof = _MATCH.oneofs_by_name['node'] -_MATCHFEATURE.oneofs_by_name['_description'].fields.append( - _MATCHFEATURE.fields_by_name['description']) -_MATCHFEATURE.fields_by_name['description'].containing_oneof = _MATCHFEATURE.oneofs_by_name['_description'] -_METADATA.fields_by_name['sample'].message_type = _SAMPLE -_METADATA.fields_by_name['analysis'].message_type = _ANALYSIS -_METADATA.fields_by_name['flavor'].enum_type = _FLAVOR -_MNEMONICFEATURE.oneofs_by_name['_description'].fields.append( - _MNEMONICFEATURE.fields_by_name['description']) -_MNEMONICFEATURE.fields_by_name['description'].containing_oneof = _MNEMONICFEATURE.oneofs_by_name['_description'] -_NAMESPACEFEATURE.oneofs_by_name['_description'].fields.append( - _NAMESPACEFEATURE.fields_by_name['description']) -_NAMESPACEFEATURE.fields_by_name['description'].containing_oneof = _NAMESPACEFEATURE.oneofs_by_name['_description'] -_NUMBERFEATURE.fields_by_name['number'].message_type = _NUMBER -_NUMBERFEATURE.oneofs_by_name['_description'].fields.append( - _NUMBERFEATURE.fields_by_name['description']) -_NUMBERFEATURE.fields_by_name['description'].containing_oneof = _NUMBERFEATURE.oneofs_by_name['_description'] -_OSFEATURE.oneofs_by_name['_description'].fields.append( - _OSFEATURE.fields_by_name['description']) -_OSFEATURE.fields_by_name['description'].containing_oneof = _OSFEATURE.oneofs_by_name['_description'] -_OFFSETFEATURE.fields_by_name['offset'].message_type = _INTEGER -_OFFSETFEATURE.oneofs_by_name['_description'].fields.append( - _OFFSETFEATURE.fields_by_name['description']) -_OFFSETFEATURE.fields_by_name['description'].containing_oneof = _OFFSETFEATURE.oneofs_by_name['_description'] -_OPERANDNUMBERFEATURE.fields_by_name['operand_number'].message_type = _INTEGER -_OPERANDNUMBERFEATURE.oneofs_by_name['_description'].fields.append( - _OPERANDNUMBERFEATURE.fields_by_name['description']) -_OPERANDNUMBERFEATURE.fields_by_name['description'].containing_oneof = _OPERANDNUMBERFEATURE.oneofs_by_name['_description'] -_OPERANDOFFSETFEATURE.fields_by_name['operand_offset'].message_type = _INTEGER -_OPERANDOFFSETFEATURE.oneofs_by_name['_description'].fields.append( - _OPERANDOFFSETFEATURE.fields_by_name['description']) -_OPERANDOFFSETFEATURE.fields_by_name['description'].containing_oneof = _OPERANDOFFSETFEATURE.oneofs_by_name['_description'] -_PROPERTYFEATURE.oneofs_by_name['_access'].fields.append( - _PROPERTYFEATURE.fields_by_name['access']) -_PROPERTYFEATURE.fields_by_name['access'].containing_oneof = _PROPERTYFEATURE.oneofs_by_name['_access'] -_PROPERTYFEATURE.oneofs_by_name['_description'].fields.append( - _PROPERTYFEATURE.fields_by_name['description']) -_PROPERTYFEATURE.fields_by_name['description'].containing_oneof = _PROPERTYFEATURE.oneofs_by_name['_description'] -_RANGESTATEMENT.fields_by_name['child'].message_type = _FEATURENODE -_RANGESTATEMENT.oneofs_by_name['_description'].fields.append( - _RANGESTATEMENT.fields_by_name['description']) -_RANGESTATEMENT.fields_by_name['description'].containing_oneof = _RANGESTATEMENT.oneofs_by_name['_description'] -_REGEXFEATURE.oneofs_by_name['_description'].fields.append( - _REGEXFEATURE.fields_by_name['description']) -_REGEXFEATURE.fields_by_name['description'].containing_oneof = _REGEXFEATURE.oneofs_by_name['_description'] -_RESULTDOCUMENT_RULESENTRY.fields_by_name['value'].message_type = _RULEMATCHES -_RESULTDOCUMENT_RULESENTRY.containing_type = _RESULTDOCUMENT -_RESULTDOCUMENT.fields_by_name['meta'].message_type = _METADATA -_RESULTDOCUMENT.fields_by_name['rules'].message_type = _RESULTDOCUMENT_RULESENTRY -_RULEMATCHES.fields_by_name['meta'].message_type = _RULEMETADATA -_RULEMATCHES.fields_by_name['matches'].message_type = _PAIR_ADDRESS_MATCH -_RULEMETADATA.fields_by_name['scope'].enum_type = _SCOPE -_RULEMETADATA.fields_by_name['attack'].message_type = _ATTACKSPEC -_RULEMETADATA.fields_by_name['mbc'].message_type = _MBCSPEC -_RULEMETADATA.fields_by_name['maec'].message_type = _MAECMETADATA -_SECTIONFEATURE.oneofs_by_name['_description'].fields.append( - _SECTIONFEATURE.fields_by_name['description']) -_SECTIONFEATURE.fields_by_name['description'].containing_oneof = _SECTIONFEATURE.oneofs_by_name['_description'] -_SOMESTATEMENT.oneofs_by_name['_description'].fields.append( - _SOMESTATEMENT.fields_by_name['description']) -_SOMESTATEMENT.fields_by_name['description'].containing_oneof = _SOMESTATEMENT.oneofs_by_name['_description'] -_STATEMENTNODE.fields_by_name['range'].message_type = _RANGESTATEMENT -_STATEMENTNODE.fields_by_name['some'].message_type = _SOMESTATEMENT -_STATEMENTNODE.fields_by_name['subscope'].message_type = _SUBSCOPESTATEMENT -_STATEMENTNODE.fields_by_name['compound'].message_type = _COMPOUNDSTATEMENT -_STATEMENTNODE.oneofs_by_name['statement'].fields.append( - _STATEMENTNODE.fields_by_name['range']) -_STATEMENTNODE.fields_by_name['range'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] -_STATEMENTNODE.oneofs_by_name['statement'].fields.append( - _STATEMENTNODE.fields_by_name['some']) -_STATEMENTNODE.fields_by_name['some'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] -_STATEMENTNODE.oneofs_by_name['statement'].fields.append( - _STATEMENTNODE.fields_by_name['subscope']) -_STATEMENTNODE.fields_by_name['subscope'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] -_STATEMENTNODE.oneofs_by_name['statement'].fields.append( - _STATEMENTNODE.fields_by_name['compound']) -_STATEMENTNODE.fields_by_name['compound'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] -_STRINGFEATURE.oneofs_by_name['_description'].fields.append( - _STRINGFEATURE.fields_by_name['description']) -_STRINGFEATURE.fields_by_name['description'].containing_oneof = _STRINGFEATURE.oneofs_by_name['_description'] -_SUBSCOPESTATEMENT.fields_by_name['scope'].enum_type = _SCOPE -_SUBSCOPESTATEMENT.oneofs_by_name['_description'].fields.append( - _SUBSCOPESTATEMENT.fields_by_name['description']) -_SUBSCOPESTATEMENT.fields_by_name['description'].containing_oneof = _SUBSCOPESTATEMENT.oneofs_by_name['_description'] -_SUBSTRINGFEATURE.oneofs_by_name['_description'].fields.append( - _SUBSTRINGFEATURE.fields_by_name['description']) -_SUBSTRINGFEATURE.fields_by_name['description'].containing_oneof = _SUBSTRINGFEATURE.oneofs_by_name['_description'] -_ADDRESSES.fields_by_name['address'].message_type = _ADDRESS -_PAIR_ADDRESS_MATCH.fields_by_name['address'].message_type = _ADDRESS -_PAIR_ADDRESS_MATCH.fields_by_name['match'].message_type = _MATCH -_TOKEN_OFFSET.fields_by_name['token'].message_type = _INTEGER -_INTEGER.oneofs_by_name['value'].fields.append( - _INTEGER.fields_by_name['u']) -_INTEGER.fields_by_name['u'].containing_oneof = _INTEGER.oneofs_by_name['value'] -_INTEGER.oneofs_by_name['value'].fields.append( - _INTEGER.fields_by_name['i']) -_INTEGER.fields_by_name['i'].containing_oneof = _INTEGER.oneofs_by_name['value'] -_NUMBER.oneofs_by_name['value'].fields.append( - _NUMBER.fields_by_name['u']) -_NUMBER.fields_by_name['u'].containing_oneof = _NUMBER.oneofs_by_name['value'] -_NUMBER.oneofs_by_name['value'].fields.append( - _NUMBER.fields_by_name['i']) -_NUMBER.fields_by_name['i'].containing_oneof = _NUMBER.oneofs_by_name['value'] -_NUMBER.oneofs_by_name['value'].fields.append( - _NUMBER.fields_by_name['f']) -_NUMBER.fields_by_name['f'].containing_oneof = _NUMBER.oneofs_by_name['value'] -DESCRIPTOR.message_types_by_name['APIFeature'] = _APIFEATURE -DESCRIPTOR.message_types_by_name['Address'] = _ADDRESS -DESCRIPTOR.message_types_by_name['Analysis'] = _ANALYSIS -DESCRIPTOR.message_types_by_name['ArchFeature'] = _ARCHFEATURE -DESCRIPTOR.message_types_by_name['AttackSpec'] = _ATTACKSPEC -DESCRIPTOR.message_types_by_name['BasicBlockFeature'] = _BASICBLOCKFEATURE -DESCRIPTOR.message_types_by_name['BasicBlockLayout'] = _BASICBLOCKLAYOUT -DESCRIPTOR.message_types_by_name['BytesFeature'] = _BYTESFEATURE -DESCRIPTOR.message_types_by_name['CharacteristicFeature'] = _CHARACTERISTICFEATURE -DESCRIPTOR.message_types_by_name['ClassFeature'] = _CLASSFEATURE -DESCRIPTOR.message_types_by_name['CompoundStatement'] = _COMPOUNDSTATEMENT -DESCRIPTOR.message_types_by_name['ExportFeature'] = _EXPORTFEATURE -DESCRIPTOR.message_types_by_name['FeatureCounts'] = _FEATURECOUNTS -DESCRIPTOR.message_types_by_name['FeatureNode'] = _FEATURENODE -DESCRIPTOR.message_types_by_name['FormatFeature'] = _FORMATFEATURE -DESCRIPTOR.message_types_by_name['FunctionFeatureCount'] = _FUNCTIONFEATURECOUNT -DESCRIPTOR.message_types_by_name['FunctionLayout'] = _FUNCTIONLAYOUT -DESCRIPTOR.message_types_by_name['FunctionNameFeature'] = _FUNCTIONNAMEFEATURE -DESCRIPTOR.message_types_by_name['ImportFeature'] = _IMPORTFEATURE -DESCRIPTOR.message_types_by_name['Layout'] = _LAYOUT -DESCRIPTOR.message_types_by_name['LibraryFunction'] = _LIBRARYFUNCTION -DESCRIPTOR.message_types_by_name['MBCSpec'] = _MBCSPEC -DESCRIPTOR.message_types_by_name['MaecMetadata'] = _MAECMETADATA -DESCRIPTOR.message_types_by_name['Match'] = _MATCH -DESCRIPTOR.message_types_by_name['MatchFeature'] = _MATCHFEATURE -DESCRIPTOR.message_types_by_name['Metadata'] = _METADATA -DESCRIPTOR.message_types_by_name['MnemonicFeature'] = _MNEMONICFEATURE -DESCRIPTOR.message_types_by_name['NamespaceFeature'] = _NAMESPACEFEATURE -DESCRIPTOR.message_types_by_name['NumberFeature'] = _NUMBERFEATURE -DESCRIPTOR.message_types_by_name['OSFeature'] = _OSFEATURE -DESCRIPTOR.message_types_by_name['OffsetFeature'] = _OFFSETFEATURE -DESCRIPTOR.message_types_by_name['OperandNumberFeature'] = _OPERANDNUMBERFEATURE -DESCRIPTOR.message_types_by_name['OperandOffsetFeature'] = _OPERANDOFFSETFEATURE -DESCRIPTOR.message_types_by_name['PropertyFeature'] = _PROPERTYFEATURE -DESCRIPTOR.message_types_by_name['RangeStatement'] = _RANGESTATEMENT -DESCRIPTOR.message_types_by_name['RegexFeature'] = _REGEXFEATURE -DESCRIPTOR.message_types_by_name['ResultDocument'] = _RESULTDOCUMENT -DESCRIPTOR.message_types_by_name['RuleMatches'] = _RULEMATCHES -DESCRIPTOR.message_types_by_name['RuleMetadata'] = _RULEMETADATA -DESCRIPTOR.message_types_by_name['Sample'] = _SAMPLE -DESCRIPTOR.message_types_by_name['SectionFeature'] = _SECTIONFEATURE -DESCRIPTOR.message_types_by_name['SomeStatement'] = _SOMESTATEMENT -DESCRIPTOR.message_types_by_name['StatementNode'] = _STATEMENTNODE -DESCRIPTOR.message_types_by_name['StringFeature'] = _STRINGFEATURE -DESCRIPTOR.message_types_by_name['SubscopeStatement'] = _SUBSCOPESTATEMENT -DESCRIPTOR.message_types_by_name['SubstringFeature'] = _SUBSTRINGFEATURE -DESCRIPTOR.message_types_by_name['Addresses'] = _ADDRESSES -DESCRIPTOR.message_types_by_name['Pair_Address_Match'] = _PAIR_ADDRESS_MATCH -DESCRIPTOR.message_types_by_name['Token_Offset'] = _TOKEN_OFFSET -DESCRIPTOR.message_types_by_name['Integer'] = _INTEGER -DESCRIPTOR.message_types_by_name['Number'] = _NUMBER -DESCRIPTOR.enum_types_by_name['AddressType'] = _ADDRESSTYPE -DESCRIPTOR.enum_types_by_name['Flavor'] = _FLAVOR -DESCRIPTOR.enum_types_by_name['Scope'] = _SCOPE -_sym_db.RegisterFileDescriptor(DESCRIPTOR) - -APIFeature = _reflection.GeneratedProtocolMessageType('APIFeature', (_message.Message,), { - 'DESCRIPTOR' : _APIFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:APIFeature) - }) -_sym_db.RegisterMessage(APIFeature) - -Address = _reflection.GeneratedProtocolMessageType('Address', (_message.Message,), { - 'DESCRIPTOR' : _ADDRESS, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Address) - }) -_sym_db.RegisterMessage(Address) - -Analysis = _reflection.GeneratedProtocolMessageType('Analysis', (_message.Message,), { - 'DESCRIPTOR' : _ANALYSIS, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Analysis) - }) -_sym_db.RegisterMessage(Analysis) - -ArchFeature = _reflection.GeneratedProtocolMessageType('ArchFeature', (_message.Message,), { - 'DESCRIPTOR' : _ARCHFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:ArchFeature) - }) -_sym_db.RegisterMessage(ArchFeature) - -AttackSpec = _reflection.GeneratedProtocolMessageType('AttackSpec', (_message.Message,), { - 'DESCRIPTOR' : _ATTACKSPEC, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:AttackSpec) - }) -_sym_db.RegisterMessage(AttackSpec) - -BasicBlockFeature = _reflection.GeneratedProtocolMessageType('BasicBlockFeature', (_message.Message,), { - 'DESCRIPTOR' : _BASICBLOCKFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:BasicBlockFeature) - }) -_sym_db.RegisterMessage(BasicBlockFeature) - -BasicBlockLayout = _reflection.GeneratedProtocolMessageType('BasicBlockLayout', (_message.Message,), { - 'DESCRIPTOR' : _BASICBLOCKLAYOUT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:BasicBlockLayout) - }) -_sym_db.RegisterMessage(BasicBlockLayout) - -BytesFeature = _reflection.GeneratedProtocolMessageType('BytesFeature', (_message.Message,), { - 'DESCRIPTOR' : _BYTESFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:BytesFeature) - }) -_sym_db.RegisterMessage(BytesFeature) - -CharacteristicFeature = _reflection.GeneratedProtocolMessageType('CharacteristicFeature', (_message.Message,), { - 'DESCRIPTOR' : _CHARACTERISTICFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:CharacteristicFeature) - }) -_sym_db.RegisterMessage(CharacteristicFeature) - -ClassFeature = _reflection.GeneratedProtocolMessageType('ClassFeature', (_message.Message,), { - 'DESCRIPTOR' : _CLASSFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:ClassFeature) - }) -_sym_db.RegisterMessage(ClassFeature) - -CompoundStatement = _reflection.GeneratedProtocolMessageType('CompoundStatement', (_message.Message,), { - 'DESCRIPTOR' : _COMPOUNDSTATEMENT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:CompoundStatement) - }) -_sym_db.RegisterMessage(CompoundStatement) - -ExportFeature = _reflection.GeneratedProtocolMessageType('ExportFeature', (_message.Message,), { - 'DESCRIPTOR' : _EXPORTFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:ExportFeature) - }) -_sym_db.RegisterMessage(ExportFeature) - -FeatureCounts = _reflection.GeneratedProtocolMessageType('FeatureCounts', (_message.Message,), { - 'DESCRIPTOR' : _FEATURECOUNTS, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:FeatureCounts) - }) -_sym_db.RegisterMessage(FeatureCounts) - -FeatureNode = _reflection.GeneratedProtocolMessageType('FeatureNode', (_message.Message,), { - 'DESCRIPTOR' : _FEATURENODE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:FeatureNode) - }) -_sym_db.RegisterMessage(FeatureNode) - -FormatFeature = _reflection.GeneratedProtocolMessageType('FormatFeature', (_message.Message,), { - 'DESCRIPTOR' : _FORMATFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:FormatFeature) - }) -_sym_db.RegisterMessage(FormatFeature) - -FunctionFeatureCount = _reflection.GeneratedProtocolMessageType('FunctionFeatureCount', (_message.Message,), { - 'DESCRIPTOR' : _FUNCTIONFEATURECOUNT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:FunctionFeatureCount) - }) -_sym_db.RegisterMessage(FunctionFeatureCount) - -FunctionLayout = _reflection.GeneratedProtocolMessageType('FunctionLayout', (_message.Message,), { - 'DESCRIPTOR' : _FUNCTIONLAYOUT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:FunctionLayout) - }) -_sym_db.RegisterMessage(FunctionLayout) - -FunctionNameFeature = _reflection.GeneratedProtocolMessageType('FunctionNameFeature', (_message.Message,), { - 'DESCRIPTOR' : _FUNCTIONNAMEFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:FunctionNameFeature) - }) -_sym_db.RegisterMessage(FunctionNameFeature) - -ImportFeature = _reflection.GeneratedProtocolMessageType('ImportFeature', (_message.Message,), { - 'DESCRIPTOR' : _IMPORTFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:ImportFeature) - }) -_sym_db.RegisterMessage(ImportFeature) - -Layout = _reflection.GeneratedProtocolMessageType('Layout', (_message.Message,), { - 'DESCRIPTOR' : _LAYOUT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Layout) - }) -_sym_db.RegisterMessage(Layout) - -LibraryFunction = _reflection.GeneratedProtocolMessageType('LibraryFunction', (_message.Message,), { - 'DESCRIPTOR' : _LIBRARYFUNCTION, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:LibraryFunction) - }) -_sym_db.RegisterMessage(LibraryFunction) - -MBCSpec = _reflection.GeneratedProtocolMessageType('MBCSpec', (_message.Message,), { - 'DESCRIPTOR' : _MBCSPEC, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:MBCSpec) - }) -_sym_db.RegisterMessage(MBCSpec) - -MaecMetadata = _reflection.GeneratedProtocolMessageType('MaecMetadata', (_message.Message,), { - 'DESCRIPTOR' : _MAECMETADATA, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:MaecMetadata) - }) -_sym_db.RegisterMessage(MaecMetadata) - -Match = _reflection.GeneratedProtocolMessageType('Match', (_message.Message,), { - - 'CapturesEntry' : _reflection.GeneratedProtocolMessageType('CapturesEntry', (_message.Message,), { - 'DESCRIPTOR' : _MATCH_CAPTURESENTRY, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Match.CapturesEntry) - }) - , - 'DESCRIPTOR' : _MATCH, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Match) - }) -_sym_db.RegisterMessage(Match) -_sym_db.RegisterMessage(Match.CapturesEntry) - -MatchFeature = _reflection.GeneratedProtocolMessageType('MatchFeature', (_message.Message,), { - 'DESCRIPTOR' : _MATCHFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:MatchFeature) - }) -_sym_db.RegisterMessage(MatchFeature) - -Metadata = _reflection.GeneratedProtocolMessageType('Metadata', (_message.Message,), { - 'DESCRIPTOR' : _METADATA, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Metadata) - }) -_sym_db.RegisterMessage(Metadata) - -MnemonicFeature = _reflection.GeneratedProtocolMessageType('MnemonicFeature', (_message.Message,), { - 'DESCRIPTOR' : _MNEMONICFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:MnemonicFeature) - }) -_sym_db.RegisterMessage(MnemonicFeature) - -NamespaceFeature = _reflection.GeneratedProtocolMessageType('NamespaceFeature', (_message.Message,), { - 'DESCRIPTOR' : _NAMESPACEFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:NamespaceFeature) - }) -_sym_db.RegisterMessage(NamespaceFeature) - -NumberFeature = _reflection.GeneratedProtocolMessageType('NumberFeature', (_message.Message,), { - 'DESCRIPTOR' : _NUMBERFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:NumberFeature) - }) -_sym_db.RegisterMessage(NumberFeature) - -OSFeature = _reflection.GeneratedProtocolMessageType('OSFeature', (_message.Message,), { - 'DESCRIPTOR' : _OSFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:OSFeature) - }) -_sym_db.RegisterMessage(OSFeature) - -OffsetFeature = _reflection.GeneratedProtocolMessageType('OffsetFeature', (_message.Message,), { - 'DESCRIPTOR' : _OFFSETFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:OffsetFeature) - }) -_sym_db.RegisterMessage(OffsetFeature) - -OperandNumberFeature = _reflection.GeneratedProtocolMessageType('OperandNumberFeature', (_message.Message,), { - 'DESCRIPTOR' : _OPERANDNUMBERFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:OperandNumberFeature) - }) -_sym_db.RegisterMessage(OperandNumberFeature) - -OperandOffsetFeature = _reflection.GeneratedProtocolMessageType('OperandOffsetFeature', (_message.Message,), { - 'DESCRIPTOR' : _OPERANDOFFSETFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:OperandOffsetFeature) - }) -_sym_db.RegisterMessage(OperandOffsetFeature) - -PropertyFeature = _reflection.GeneratedProtocolMessageType('PropertyFeature', (_message.Message,), { - 'DESCRIPTOR' : _PROPERTYFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:PropertyFeature) - }) -_sym_db.RegisterMessage(PropertyFeature) - -RangeStatement = _reflection.GeneratedProtocolMessageType('RangeStatement', (_message.Message,), { - 'DESCRIPTOR' : _RANGESTATEMENT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:RangeStatement) - }) -_sym_db.RegisterMessage(RangeStatement) - -RegexFeature = _reflection.GeneratedProtocolMessageType('RegexFeature', (_message.Message,), { - 'DESCRIPTOR' : _REGEXFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:RegexFeature) - }) -_sym_db.RegisterMessage(RegexFeature) - -ResultDocument = _reflection.GeneratedProtocolMessageType('ResultDocument', (_message.Message,), { - - 'RulesEntry' : _reflection.GeneratedProtocolMessageType('RulesEntry', (_message.Message,), { - 'DESCRIPTOR' : _RESULTDOCUMENT_RULESENTRY, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:ResultDocument.RulesEntry) - }) - , - 'DESCRIPTOR' : _RESULTDOCUMENT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:ResultDocument) - }) -_sym_db.RegisterMessage(ResultDocument) -_sym_db.RegisterMessage(ResultDocument.RulesEntry) - -RuleMatches = _reflection.GeneratedProtocolMessageType('RuleMatches', (_message.Message,), { - 'DESCRIPTOR' : _RULEMATCHES, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:RuleMatches) - }) -_sym_db.RegisterMessage(RuleMatches) - -RuleMetadata = _reflection.GeneratedProtocolMessageType('RuleMetadata', (_message.Message,), { - 'DESCRIPTOR' : _RULEMETADATA, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:RuleMetadata) - }) -_sym_db.RegisterMessage(RuleMetadata) - -Sample = _reflection.GeneratedProtocolMessageType('Sample', (_message.Message,), { - 'DESCRIPTOR' : _SAMPLE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Sample) - }) -_sym_db.RegisterMessage(Sample) - -SectionFeature = _reflection.GeneratedProtocolMessageType('SectionFeature', (_message.Message,), { - 'DESCRIPTOR' : _SECTIONFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:SectionFeature) - }) -_sym_db.RegisterMessage(SectionFeature) - -SomeStatement = _reflection.GeneratedProtocolMessageType('SomeStatement', (_message.Message,), { - 'DESCRIPTOR' : _SOMESTATEMENT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:SomeStatement) - }) -_sym_db.RegisterMessage(SomeStatement) - -StatementNode = _reflection.GeneratedProtocolMessageType('StatementNode', (_message.Message,), { - 'DESCRIPTOR' : _STATEMENTNODE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:StatementNode) - }) -_sym_db.RegisterMessage(StatementNode) - -StringFeature = _reflection.GeneratedProtocolMessageType('StringFeature', (_message.Message,), { - 'DESCRIPTOR' : _STRINGFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:StringFeature) - }) -_sym_db.RegisterMessage(StringFeature) - -SubscopeStatement = _reflection.GeneratedProtocolMessageType('SubscopeStatement', (_message.Message,), { - 'DESCRIPTOR' : _SUBSCOPESTATEMENT, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:SubscopeStatement) - }) -_sym_db.RegisterMessage(SubscopeStatement) - -SubstringFeature = _reflection.GeneratedProtocolMessageType('SubstringFeature', (_message.Message,), { - 'DESCRIPTOR' : _SUBSTRINGFEATURE, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:SubstringFeature) - }) -_sym_db.RegisterMessage(SubstringFeature) - -Addresses = _reflection.GeneratedProtocolMessageType('Addresses', (_message.Message,), { - 'DESCRIPTOR' : _ADDRESSES, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Addresses) - }) -_sym_db.RegisterMessage(Addresses) - -Pair_Address_Match = _reflection.GeneratedProtocolMessageType('Pair_Address_Match', (_message.Message,), { - 'DESCRIPTOR' : _PAIR_ADDRESS_MATCH, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Pair_Address_Match) - }) -_sym_db.RegisterMessage(Pair_Address_Match) - -Token_Offset = _reflection.GeneratedProtocolMessageType('Token_Offset', (_message.Message,), { - 'DESCRIPTOR' : _TOKEN_OFFSET, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Token_Offset) - }) -_sym_db.RegisterMessage(Token_Offset) - -Integer = _reflection.GeneratedProtocolMessageType('Integer', (_message.Message,), { - 'DESCRIPTOR' : _INTEGER, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Integer) - }) -_sym_db.RegisterMessage(Integer) - -Number = _reflection.GeneratedProtocolMessageType('Number', (_message.Message,), { - 'DESCRIPTOR' : _NUMBER, - '__module__' : 'capa.render.proto.capa_pb2' - # @@protoc_insertion_point(class_scope:Number) - }) -_sym_db.RegisterMessage(Number) - - -_MATCH_CAPTURESENTRY._options = None -_RESULTDOCUMENT_RULESENTRY._options = None +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1c\x63\x61pa/render/proto/capa.proto\"Q\n\nAPIFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03\x61pi\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xdf\x01\n\x07\x41\x64\x64ress\x12\x1a\n\x04type\x18\x01 \x01(\x0e\x32\x0c.AddressType\x12\x15\n\x01v\x18\x02 \x01(\x0b\x32\x08.IntegerH\x00\x12%\n\x0ctoken_offset\x18\x03 \x01(\x0b\x32\r.Token_OffsetH\x00\x12\x1d\n\x08ppid_pid\x18\x04 \x01(\x0b\x32\t.Ppid_PidH\x00\x12%\n\x0cppid_pid_tid\x18\x05 \x01(\x0b\x32\r.Ppid_Pid_TidH\x00\x12+\n\x0fppid_pid_tid_id\x18\x06 \x01(\x0b\x32\x10.Ppid_Pid_Tid_IdH\x00\x42\x07\n\x05value\"\xe4\x01\n\x08\x41nalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x0c\x62\x61se_address\x18\x06 \x01(\x0b\x32\x08.Address\x12\x17\n\x06layout\x18\x07 \x01(\x0b\x32\x07.Layout\x12&\n\x0e\x66\x65\x61ture_counts\x18\x08 \x01(\x0b\x32\x0e.FeatureCounts\x12+\n\x11library_functions\x18\t \x03(\x0b\x32\x10.LibraryFunction\"S\n\x0b\x41rchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\nAttackSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x0e\n\x06tactic\x18\x02 \x01(\t\x12\x11\n\ttechnique\x18\x03 \x01(\t\x12\x14\n\x0csubtechnique\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"K\n\x11\x42\x61sicBlockFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"-\n\x10\x42\x61sicBlockLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\"U\n\x0c\x42ytesFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x62ytes\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"g\n\x15\x43haracteristicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x16\n\x0e\x63haracteristic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\x0c\x43lassFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x63lass_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"K\n\x11\x43ompoundStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xac\x01\n\x0f\x44ynamicAnalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x06layout\x18\x06 \x01(\x0b\x32\x0e.DynamicLayout\x12-\n\x0e\x66\x65\x61ture_counts\x18\x07 \x01(\x0b\x32\x15.DynamicFeatureCounts\"M\n\x14\x44ynamicFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12\'\n\tprocesses\x18\x02 \x03(\x0b\x32\x14.ProcessFeatureCount\"2\n\rDynamicLayout\x12!\n\tprocesses\x18\x01 \x03(\x0b\x32\x0e.ProcessLayout\"W\n\rExportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x65xport\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"G\n\rFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12(\n\tfunctions\x18\x02 \x03(\x0b\x32\x15.FunctionFeatureCount\"\xf7\x06\n\x0b\x46\x65\x61tureNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x02os\x18\x02 \x01(\x0b\x32\n.OSFeatureH\x00\x12\x1c\n\x04\x61rch\x18\x03 \x01(\x0b\x32\x0c.ArchFeatureH\x00\x12 \n\x06\x66ormat\x18\x04 \x01(\x0b\x32\x0e.FormatFeatureH\x00\x12\x1e\n\x05match\x18\x05 \x01(\x0b\x32\r.MatchFeatureH\x00\x12\x30\n\x0e\x63haracteristic\x18\x06 \x01(\x0b\x32\x16.CharacteristicFeatureH\x00\x12 \n\x06\x65xport\x18\x07 \x01(\x0b\x32\x0e.ExportFeatureH\x00\x12!\n\x07import_\x18\x08 \x01(\x0b\x32\x0e.ImportFeatureH\x00\x12\"\n\x07section\x18\t \x01(\x0b\x32\x0f.SectionFeatureH\x00\x12-\n\rfunction_name\x18\n \x01(\x0b\x32\x14.FunctionNameFeatureH\x00\x12&\n\tsubstring\x18\x0b \x01(\x0b\x32\x11.SubstringFeatureH\x00\x12\x1e\n\x05regex\x18\x0c \x01(\x0b\x32\r.RegexFeatureH\x00\x12 \n\x06string\x18\r \x01(\x0b\x32\x0e.StringFeatureH\x00\x12\x1f\n\x06\x63lass_\x18\x0e \x01(\x0b\x32\r.ClassFeatureH\x00\x12&\n\tnamespace\x18\x0f \x01(\x0b\x32\x11.NamespaceFeatureH\x00\x12\x1a\n\x03\x61pi\x18\x10 \x01(\x0b\x32\x0b.APIFeatureH\x00\x12%\n\tproperty_\x18\x11 \x01(\x0b\x32\x10.PropertyFeatureH\x00\x12 \n\x06number\x18\x12 \x01(\x0b\x32\x0e.NumberFeatureH\x00\x12\x1e\n\x05\x62ytes\x18\x13 \x01(\x0b\x32\r.BytesFeatureH\x00\x12 \n\x06offset\x18\x14 \x01(\x0b\x32\x0e.OffsetFeatureH\x00\x12$\n\x08mnemonic\x18\x15 \x01(\x0b\x32\x10.MnemonicFeatureH\x00\x12/\n\x0eoperand_number\x18\x16 \x01(\x0b\x32\x15.OperandNumberFeatureH\x00\x12/\n\x0eoperand_offset\x18\x17 \x01(\x0b\x32\x15.OperandOffsetFeatureH\x00\x12)\n\x0b\x62\x61sic_block\x18\x18 \x01(\x0b\x32\x12.BasicBlockFeatureH\x00\x42\t\n\x07\x66\x65\x61ture\"W\n\rFormatFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x66ormat\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"@\n\x14\x46unctionFeatureCount\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"\\\n\x0e\x46unctionLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12/\n\x14matched_basic_blocks\x18\x02 \x03(\x0b\x32\x11.BasicBlockLayout\"d\n\x13\x46unctionNameFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\rfunction_name\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"X\n\rImportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07import_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\",\n\x06Layout\x12\"\n\tfunctions\x18\x01 \x03(\x0b\x32\x0f.FunctionLayout\":\n\x0fLibraryFunction\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x0c\n\x04name\x18\x02 \x01(\t\"Y\n\x07MBCSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x11\n\tobjective\x18\x02 \x01(\t\x12\x10\n\x08\x62\x65havior\x18\x03 \x01(\t\x12\x0e\n\x06method\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"\x9a\x01\n\x0cMaecMetadata\x12\x1b\n\x13\x61nalysis_conclusion\x18\x01 \x01(\t\x12\x1e\n\x16\x61nalysis_conclusion_ov\x18\x02 \x01(\t\x12\x16\n\x0emalware_family\x18\x03 \x01(\t\x12\x18\n\x10malware_category\x18\x04 \x01(\t\x12\x1b\n\x13malware_category_ov\x18\x05 \x01(\t\"\x82\x02\n\x05Match\x12\x0f\n\x07success\x18\x01 \x01(\x08\x12#\n\tstatement\x18\x02 \x01(\x0b\x32\x0e.StatementNodeH\x00\x12\x1f\n\x07\x66\x65\x61ture\x18\x03 \x01(\x0b\x32\x0c.FeatureNodeH\x00\x12\x18\n\x08\x63hildren\x18\x05 \x03(\x0b\x32\x06.Match\x12\x1b\n\tlocations\x18\x06 \x03(\x0b\x32\x08.Address\x12&\n\x08\x63\x61ptures\x18\x07 \x03(\x0b\x32\x14.Match.CapturesEntry\x1a;\n\rCapturesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x19\n\x05value\x18\x02 \x01(\x0b\x32\n.Addresses:\x02\x38\x01\x42\x06\n\x04node\"U\n\x0cMatchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05match\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xf6\x01\n\x08Metadata\x12\x11\n\ttimestamp\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04\x61rgv\x18\x03 \x03(\t\x12\x17\n\x06sample\x18\x04 \x01(\x0b\x32\x07.Sample\x12\x1f\n\x08\x61nalysis\x18\x05 \x01(\x0b\x32\t.AnalysisB\x02\x18\x01\x12\x17\n\x06\x66lavor\x18\x06 \x01(\x0e\x32\x07.Flavor\x12*\n\x0fstatic_analysis\x18\x07 \x01(\x0b\x32\x0f.StaticAnalysisH\x00\x12,\n\x10\x64ynamic_analysis\x18\x08 \x01(\x0b\x32\x10.DynamicAnalysisH\x00\x42\x0b\n\tanalysis2\"[\n\x0fMnemonicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x10\n\x08mnemonic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10NamespaceFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\rNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x17\n\x06number\x18\x02 \x01(\x0b\x32\x07.Number\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"O\n\tOSFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\n\n\x02os\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"a\n\rOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x06offset\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_number\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_offset\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"?\n\x13ProcessFeatureCount\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"R\n\rProcessLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12&\n\x0fmatched_threads\x18\x02 \x03(\x0b\x32\r.ThreadLayout\"|\n\x0fPropertyFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tproperty_\x18\x02 \x01(\t\x12\x13\n\x06\x61\x63\x63\x65ss\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x42\t\n\x07_accessB\x0e\n\x0c_description\"\x7f\n\x0eRangeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03min\x18\x02 \x01(\x04\x12\x0b\n\x03max\x18\x03 \x01(\x04\x12\x1b\n\x05\x63hild\x18\x04 \x01(\x0b\x32\x0c.FeatureNode\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"U\n\x0cRegexFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05regex\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x90\x01\n\x0eResultDocument\x12\x17\n\x04meta\x18\x01 \x01(\x0b\x32\t.Metadata\x12)\n\x05rules\x18\x02 \x03(\x0b\x32\x1a.ResultDocument.RulesEntry\x1a:\n\nRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x1b\n\x05value\x18\x02 \x01(\x0b\x32\x0c.RuleMatches:\x02\x38\x01\"`\n\x0bRuleMatches\x12\x1b\n\x04meta\x18\x01 \x01(\x0b\x32\r.RuleMetadata\x12\x0e\n\x06source\x18\x02 \x01(\t\x12$\n\x07matches\x18\x03 \x03(\x0b\x32\x13.Pair_Address_Match\"\xa7\x02\n\x0cRuleMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x0f\n\x07\x61uthors\x18\x03 \x03(\t\x12\x19\n\x05scope\x18\x04 \x01(\x0e\x32\x06.ScopeB\x02\x18\x01\x12\x1b\n\x06\x61ttack\x18\x05 \x03(\x0b\x32\x0b.AttackSpec\x12\x15\n\x03mbc\x18\x06 \x03(\x0b\x32\x08.MBCSpec\x12\x12\n\nreferences\x18\x07 \x03(\t\x12\x10\n\x08\x65xamples\x18\x08 \x03(\t\x12\x13\n\x0b\x64\x65scription\x18\t \x01(\t\x12\x0b\n\x03lib\x18\n \x01(\x08\x12\x1b\n\x04maec\x18\x0b \x01(\x0b\x32\r.MaecMetadata\x12\x18\n\x10is_subscope_rule\x18\x0c \x01(\x08\x12\x17\n\x06scopes\x18\r \x01(\x0b\x32\x07.Scopes\"A\n\x06Sample\x12\x0b\n\x03md5\x18\x01 \x01(\t\x12\x0c\n\x04sha1\x18\x02 \x01(\t\x12\x0e\n\x06sha256\x18\x03 \x01(\t\x12\x0c\n\x04path\x18\x04 \x01(\t\"Z\n\x06Scopes\x12\x1b\n\x06static\x18\x01 \x01(\x0e\x32\x06.ScopeH\x00\x88\x01\x01\x12\x1c\n\x07\x64ynamic\x18\x02 \x01(\x0e\x32\x06.ScopeH\x01\x88\x01\x01\x42\t\n\x07_staticB\n\n\x08_dynamic\"Y\n\x0eSectionFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07section\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\rSomeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\r\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xbc\x01\n\rStatementNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12 \n\x05range\x18\x02 \x01(\x0b\x32\x0f.RangeStatementH\x00\x12\x1e\n\x04some\x18\x03 \x01(\x0b\x32\x0e.SomeStatementH\x00\x12&\n\x08subscope\x18\x04 \x01(\x0b\x32\x12.SubscopeStatementH\x00\x12&\n\x08\x63ompound\x18\x05 \x01(\x0b\x32\x12.CompoundStatementH\x00\x42\x0b\n\tstatement\"\xf6\x01\n\x0eStaticAnalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x0c\x62\x61se_address\x18\x06 \x01(\x0b\x32\x08.Address\x12\x1d\n\x06layout\x18\x07 \x01(\x0b\x32\r.StaticLayout\x12,\n\x0e\x66\x65\x61ture_counts\x18\x08 \x01(\x0b\x32\x14.StaticFeatureCounts\x12+\n\x11library_functions\x18\t \x03(\x0b\x32\x10.LibraryFunction\"M\n\x13StaticFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12(\n\tfunctions\x18\x02 \x03(\x0b\x32\x15.FunctionFeatureCount\"2\n\x0cStaticLayout\x12\"\n\tfunctions\x18\x01 \x03(\x0b\x32\x0f.FunctionLayout\"W\n\rStringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06string\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"b\n\x11SubscopeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\x05scope\x18\x02 \x01(\x0e\x32\x06.Scope\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10SubstringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tsubstring\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\")\n\x0cThreadLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\"&\n\tAddresses\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x03(\x0b\x32\x08.Address\"F\n\x12Pair_Address_Match\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x15\n\x05match\x18\x02 \x01(\x0b\x32\x06.Match\"7\n\x0cToken_Offset\x12\x17\n\x05token\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x0e\n\x06offset\x18\x02 \x01(\x04\"9\n\x08Ppid_Pid\x12\x16\n\x04ppid\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x15\n\x03pid\x18\x02 \x01(\x0b\x32\x08.Integer\"T\n\x0cPpid_Pid_Tid\x12\x16\n\x04ppid\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x15\n\x03pid\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x15\n\x03tid\x18\x03 \x01(\x0b\x32\x08.Integer\"m\n\x0fPpid_Pid_Tid_Id\x12\x16\n\x04ppid\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x15\n\x03pid\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x15\n\x03tid\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x14\n\x02id\x18\x04 \x01(\x0b\x32\x08.Integer\",\n\x07Integer\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x42\x07\n\x05value\"8\n\x06Number\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x12\x0b\n\x01\x66\x18\x03 \x01(\x01H\x00\x42\x07\n\x05value*\x92\x02\n\x0b\x41\x64\x64ressType\x12\x1b\n\x17\x41\x44\x44RESSTYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14\x41\x44\x44RESSTYPE_ABSOLUTE\x10\x01\x12\x18\n\x14\x41\x44\x44RESSTYPE_RELATIVE\x10\x02\x12\x14\n\x10\x41\x44\x44RESSTYPE_FILE\x10\x03\x12\x18\n\x14\x41\x44\x44RESSTYPE_DN_TOKEN\x10\x04\x12\x1f\n\x1b\x41\x44\x44RESSTYPE_DN_TOKEN_OFFSET\x10\x05\x12\x1a\n\x16\x41\x44\x44RESSTYPE_NO_ADDRESS\x10\x06\x12\x17\n\x13\x41\x44\x44RESSTYPE_PROCESS\x10\x07\x12\x16\n\x12\x41\x44\x44RESSTYPE_THREAD\x10\x08\x12\x14\n\x10\x41\x44\x44RESSTYPE_CALL\x10\t*G\n\x06\x46lavor\x12\x16\n\x12\x46LAVOR_UNSPECIFIED\x10\x00\x12\x11\n\rFLAVOR_STATIC\x10\x01\x12\x12\n\x0e\x46LAVOR_DYNAMIC\x10\x02*\xa5\x01\n\x05Scope\x12\x15\n\x11SCOPE_UNSPECIFIED\x10\x00\x12\x0e\n\nSCOPE_FILE\x10\x01\x12\x12\n\x0eSCOPE_FUNCTION\x10\x02\x12\x15\n\x11SCOPE_BASIC_BLOCK\x10\x03\x12\x15\n\x11SCOPE_INSTRUCTION\x10\x04\x12\x11\n\rSCOPE_PROCESS\x10\x05\x12\x10\n\x0cSCOPE_THREAD\x10\x06\x12\x0e\n\nSCOPE_CALL\x10\x07\x62\x06proto3') + +_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals()) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'capa.render.proto.capa_pb2', globals()) +if _descriptor._USE_C_DESCRIPTORS == False: + + DESCRIPTOR._options = None + _MATCH_CAPTURESENTRY._options = None + _MATCH_CAPTURESENTRY._serialized_options = b'8\001' + _METADATA.fields_by_name['analysis']._options = None + _METADATA.fields_by_name['analysis']._serialized_options = b'\030\001' + _RESULTDOCUMENT_RULESENTRY._options = None + _RESULTDOCUMENT_RULESENTRY._serialized_options = b'8\001' + _RULEMETADATA.fields_by_name['scope']._options = None + _RULEMETADATA.fields_by_name['scope']._serialized_options = b'\030\001' + _ADDRESSTYPE._serialized_start=7510 + _ADDRESSTYPE._serialized_end=7784 + _FLAVOR._serialized_start=7786 + _FLAVOR._serialized_end=7857 + _SCOPE._serialized_start=7860 + _SCOPE._serialized_end=8025 + _APIFEATURE._serialized_start=32 + _APIFEATURE._serialized_end=113 + _ADDRESS._serialized_start=116 + _ADDRESS._serialized_end=339 + _ANALYSIS._serialized_start=342 + _ANALYSIS._serialized_end=570 + _ARCHFEATURE._serialized_start=572 + _ARCHFEATURE._serialized_end=655 + _ATTACKSPEC._serialized_start=657 + _ATTACKSPEC._serialized_end=753 + _BASICBLOCKFEATURE._serialized_start=755 + _BASICBLOCKFEATURE._serialized_end=830 + _BASICBLOCKLAYOUT._serialized_start=832 + _BASICBLOCKLAYOUT._serialized_end=877 + _BYTESFEATURE._serialized_start=879 + _BYTESFEATURE._serialized_end=964 + _CHARACTERISTICFEATURE._serialized_start=966 + _CHARACTERISTICFEATURE._serialized_end=1069 + _CLASSFEATURE._serialized_start=1071 + _CLASSFEATURE._serialized_end=1157 + _COMPOUNDSTATEMENT._serialized_start=1159 + _COMPOUNDSTATEMENT._serialized_end=1234 + _DYNAMICANALYSIS._serialized_start=1237 + _DYNAMICANALYSIS._serialized_end=1409 + _DYNAMICFEATURECOUNTS._serialized_start=1411 + _DYNAMICFEATURECOUNTS._serialized_end=1488 + _DYNAMICLAYOUT._serialized_start=1490 + _DYNAMICLAYOUT._serialized_end=1540 + _EXPORTFEATURE._serialized_start=1542 + _EXPORTFEATURE._serialized_end=1629 + _FEATURECOUNTS._serialized_start=1631 + _FEATURECOUNTS._serialized_end=1702 + _FEATURENODE._serialized_start=1705 + _FEATURENODE._serialized_end=2592 + _FORMATFEATURE._serialized_start=2594 + _FORMATFEATURE._serialized_end=2681 + _FUNCTIONFEATURECOUNT._serialized_start=2683 + _FUNCTIONFEATURECOUNT._serialized_end=2747 + _FUNCTIONLAYOUT._serialized_start=2749 + _FUNCTIONLAYOUT._serialized_end=2841 + _FUNCTIONNAMEFEATURE._serialized_start=2843 + _FUNCTIONNAMEFEATURE._serialized_end=2943 + _IMPORTFEATURE._serialized_start=2945 + _IMPORTFEATURE._serialized_end=3033 + _LAYOUT._serialized_start=3035 + _LAYOUT._serialized_end=3079 + _LIBRARYFUNCTION._serialized_start=3081 + _LIBRARYFUNCTION._serialized_end=3139 + _MBCSPEC._serialized_start=3141 + _MBCSPEC._serialized_end=3230 + _MAECMETADATA._serialized_start=3233 + _MAECMETADATA._serialized_end=3387 + _MATCH._serialized_start=3390 + _MATCH._serialized_end=3648 + _MATCH_CAPTURESENTRY._serialized_start=3581 + _MATCH_CAPTURESENTRY._serialized_end=3640 + _MATCHFEATURE._serialized_start=3650 + _MATCHFEATURE._serialized_end=3735 + _METADATA._serialized_start=3738 + _METADATA._serialized_end=3984 + _MNEMONICFEATURE._serialized_start=3986 + _MNEMONICFEATURE._serialized_end=4077 + _NAMESPACEFEATURE._serialized_start=4079 + _NAMESPACEFEATURE._serialized_end=4172 + _NUMBERFEATURE._serialized_start=4174 + _NUMBERFEATURE._serialized_end=4270 + _OSFEATURE._serialized_start=4272 + _OSFEATURE._serialized_end=4351 + _OFFSETFEATURE._serialized_start=4353 + _OFFSETFEATURE._serialized_end=4450 + _OPERANDNUMBERFEATURE._serialized_start=4452 + _OPERANDNUMBERFEATURE._serialized_end=4579 + _OPERANDOFFSETFEATURE._serialized_start=4581 + _OPERANDOFFSETFEATURE._serialized_end=4708 + _PROCESSFEATURECOUNT._serialized_start=4710 + _PROCESSFEATURECOUNT._serialized_end=4773 + _PROCESSLAYOUT._serialized_start=4775 + _PROCESSLAYOUT._serialized_end=4857 + _PROPERTYFEATURE._serialized_start=4859 + _PROPERTYFEATURE._serialized_end=4983 + _RANGESTATEMENT._serialized_start=4985 + _RANGESTATEMENT._serialized_end=5112 + _REGEXFEATURE._serialized_start=5114 + _REGEXFEATURE._serialized_end=5199 + _RESULTDOCUMENT._serialized_start=5202 + _RESULTDOCUMENT._serialized_end=5346 + _RESULTDOCUMENT_RULESENTRY._serialized_start=5288 + _RESULTDOCUMENT_RULESENTRY._serialized_end=5346 + _RULEMATCHES._serialized_start=5348 + _RULEMATCHES._serialized_end=5444 + _RULEMETADATA._serialized_start=5447 + _RULEMETADATA._serialized_end=5742 + _SAMPLE._serialized_start=5744 + _SAMPLE._serialized_end=5809 + _SCOPES._serialized_start=5811 + _SCOPES._serialized_end=5901 + _SECTIONFEATURE._serialized_start=5903 + _SECTIONFEATURE._serialized_end=5992 + _SOMESTATEMENT._serialized_start=5994 + _SOMESTATEMENT._serialized_end=6080 + _STATEMENTNODE._serialized_start=6083 + _STATEMENTNODE._serialized_end=6271 + _STATICANALYSIS._serialized_start=6274 + _STATICANALYSIS._serialized_end=6520 + _STATICFEATURECOUNTS._serialized_start=6522 + _STATICFEATURECOUNTS._serialized_end=6599 + _STATICLAYOUT._serialized_start=6601 + _STATICLAYOUT._serialized_end=6651 + _STRINGFEATURE._serialized_start=6653 + _STRINGFEATURE._serialized_end=6740 + _SUBSCOPESTATEMENT._serialized_start=6742 + _SUBSCOPESTATEMENT._serialized_end=6840 + _SUBSTRINGFEATURE._serialized_start=6842 + _SUBSTRINGFEATURE._serialized_end=6935 + _THREADLAYOUT._serialized_start=6937 + _THREADLAYOUT._serialized_end=6978 + _ADDRESSES._serialized_start=6980 + _ADDRESSES._serialized_end=7018 + _PAIR_ADDRESS_MATCH._serialized_start=7020 + _PAIR_ADDRESS_MATCH._serialized_end=7090 + _TOKEN_OFFSET._serialized_start=7092 + _TOKEN_OFFSET._serialized_end=7147 + _PPID_PID._serialized_start=7149 + _PPID_PID._serialized_end=7206 + _PPID_PID_TID._serialized_start=7208 + _PPID_PID_TID._serialized_end=7292 + _PPID_PID_TID_ID._serialized_start=7294 + _PPID_PID_TID_ID._serialized_end=7403 + _INTEGER._serialized_start=7405 + _INTEGER._serialized_end=7449 + _NUMBER._serialized_start=7451 + _NUMBER._serialized_end=7507 # @@protoc_insertion_point(module_scope) diff --git a/capa/render/proto/capa_pb2.pyi b/capa/render/proto/capa_pb2.pyi index d00e8fdb..f90c26b6 100644 --- a/capa/render/proto/capa_pb2.pyi +++ b/capa/render/proto/capa_pb2.pyi @@ -31,6 +31,9 @@ class _AddressTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._En ADDRESSTYPE_DN_TOKEN: _AddressType.ValueType # 4 ADDRESSTYPE_DN_TOKEN_OFFSET: _AddressType.ValueType # 5 ADDRESSTYPE_NO_ADDRESS: _AddressType.ValueType # 6 + ADDRESSTYPE_PROCESS: _AddressType.ValueType # 7 + ADDRESSTYPE_THREAD: _AddressType.ValueType # 8 + ADDRESSTYPE_CALL: _AddressType.ValueType # 9 class AddressType(_AddressType, metaclass=_AddressTypeEnumTypeWrapper): ... @@ -41,6 +44,9 @@ ADDRESSTYPE_FILE: AddressType.ValueType # 3 ADDRESSTYPE_DN_TOKEN: AddressType.ValueType # 4 ADDRESSTYPE_DN_TOKEN_OFFSET: AddressType.ValueType # 5 ADDRESSTYPE_NO_ADDRESS: AddressType.ValueType # 6 +ADDRESSTYPE_PROCESS: AddressType.ValueType # 7 +ADDRESSTYPE_THREAD: AddressType.ValueType # 8 +ADDRESSTYPE_CALL: AddressType.ValueType # 9 global___AddressType = AddressType class _Flavor: @@ -71,6 +77,9 @@ class _ScopeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumType SCOPE_FUNCTION: _Scope.ValueType # 2 SCOPE_BASIC_BLOCK: _Scope.ValueType # 3 SCOPE_INSTRUCTION: _Scope.ValueType # 4 + SCOPE_PROCESS: _Scope.ValueType # 5 + SCOPE_THREAD: _Scope.ValueType # 6 + SCOPE_CALL: _Scope.ValueType # 7 class Scope(_Scope, metaclass=_ScopeEnumTypeWrapper): ... @@ -79,6 +88,9 @@ SCOPE_FILE: Scope.ValueType # 1 SCOPE_FUNCTION: Scope.ValueType # 2 SCOPE_BASIC_BLOCK: Scope.ValueType # 3 SCOPE_INSTRUCTION: Scope.ValueType # 4 +SCOPE_PROCESS: Scope.ValueType # 5 +SCOPE_THREAD: Scope.ValueType # 6 +SCOPE_CALL: Scope.ValueType # 7 global___Scope = Scope @typing_extensions.final @@ -111,21 +123,33 @@ class Address(google.protobuf.message.Message): TYPE_FIELD_NUMBER: builtins.int V_FIELD_NUMBER: builtins.int TOKEN_OFFSET_FIELD_NUMBER: builtins.int + PPID_PID_FIELD_NUMBER: builtins.int + PPID_PID_TID_FIELD_NUMBER: builtins.int + PPID_PID_TID_ID_FIELD_NUMBER: builtins.int type: global___AddressType.ValueType @property def v(self) -> global___Integer: ... @property def token_offset(self) -> global___Token_Offset: ... + @property + def ppid_pid(self) -> global___Ppid_Pid: ... + @property + def ppid_pid_tid(self) -> global___Ppid_Pid_Tid: ... + @property + def ppid_pid_tid_id(self) -> global___Ppid_Pid_Tid_Id: ... def __init__( self, *, type: global___AddressType.ValueType = ..., v: global___Integer | None = ..., token_offset: global___Token_Offset | None = ..., + ppid_pid: global___Ppid_Pid | None = ..., + ppid_pid_tid: global___Ppid_Pid_Tid | None = ..., + ppid_pid_tid_id: global___Ppid_Pid_Tid_Id | None = ..., ) -> None: ... - def HasField(self, field_name: typing_extensions.Literal["token_offset", b"token_offset", "v", b"v", "value", b"value"]) -> builtins.bool: ... - def ClearField(self, field_name: typing_extensions.Literal["token_offset", b"token_offset", "type", b"type", "v", b"v", "value", b"value"]) -> None: ... - def WhichOneof(self, oneof_group: typing_extensions.Literal["value", b"value"]) -> typing_extensions.Literal["v", "token_offset"] | None: ... + def HasField(self, field_name: typing_extensions.Literal["ppid_pid", b"ppid_pid", "ppid_pid_tid", b"ppid_pid_tid", "ppid_pid_tid_id", b"ppid_pid_tid_id", "token_offset", b"token_offset", "v", b"v", "value", b"value"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["ppid_pid", b"ppid_pid", "ppid_pid_tid", b"ppid_pid_tid", "ppid_pid_tid_id", b"ppid_pid_tid_id", "token_offset", b"token_offset", "type", b"type", "v", b"v", "value", b"value"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["value", b"value"]) -> typing_extensions.Literal["v", "token_offset", "ppid_pid", "ppid_pid_tid", "ppid_pid_tid_id"] | None: ... global___Address = Address @@ -352,6 +376,78 @@ class CompoundStatement(google.protobuf.message.Message): global___CompoundStatement = CompoundStatement +@typing_extensions.final +class DynamicAnalysis(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FORMAT_FIELD_NUMBER: builtins.int + ARCH_FIELD_NUMBER: builtins.int + OS_FIELD_NUMBER: builtins.int + EXTRACTOR_FIELD_NUMBER: builtins.int + RULES_FIELD_NUMBER: builtins.int + LAYOUT_FIELD_NUMBER: builtins.int + FEATURE_COUNTS_FIELD_NUMBER: builtins.int + format: builtins.str + arch: builtins.str + os: builtins.str + extractor: builtins.str + @property + def rules(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + @property + def layout(self) -> global___DynamicLayout: ... + @property + def feature_counts(self) -> global___DynamicFeatureCounts: ... + def __init__( + self, + *, + format: builtins.str = ..., + arch: builtins.str = ..., + os: builtins.str = ..., + extractor: builtins.str = ..., + rules: collections.abc.Iterable[builtins.str] | None = ..., + layout: global___DynamicLayout | None = ..., + feature_counts: global___DynamicFeatureCounts | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["feature_counts", b"feature_counts", "layout", b"layout"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["arch", b"arch", "extractor", b"extractor", "feature_counts", b"feature_counts", "format", b"format", "layout", b"layout", "os", b"os", "rules", b"rules"]) -> None: ... + +global___DynamicAnalysis = DynamicAnalysis + +@typing_extensions.final +class DynamicFeatureCounts(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FILE_FIELD_NUMBER: builtins.int + PROCESSES_FIELD_NUMBER: builtins.int + file: builtins.int + @property + def processes(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___ProcessFeatureCount]: ... + def __init__( + self, + *, + file: builtins.int = ..., + processes: collections.abc.Iterable[global___ProcessFeatureCount] | None = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["file", b"file", "processes", b"processes"]) -> None: ... + +global___DynamicFeatureCounts = DynamicFeatureCounts + +@typing_extensions.final +class DynamicLayout(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + PROCESSES_FIELD_NUMBER: builtins.int + @property + def processes(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___ProcessLayout]: ... + def __init__( + self, + *, + processes: collections.abc.Iterable[global___ProcessLayout] | None = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["processes", b"processes"]) -> None: ... + +global___DynamicLayout = DynamicLayout + @typing_extensions.final class ExportFeature(google.protobuf.message.Message): DESCRIPTOR: google.protobuf.descriptor.Descriptor @@ -794,6 +890,8 @@ class Metadata(google.protobuf.message.Message): SAMPLE_FIELD_NUMBER: builtins.int ANALYSIS_FIELD_NUMBER: builtins.int FLAVOR_FIELD_NUMBER: builtins.int + STATIC_ANALYSIS_FIELD_NUMBER: builtins.int + DYNAMIC_ANALYSIS_FIELD_NUMBER: builtins.int timestamp: builtins.str """iso8601 format, like: 2019-01-01T00:00:00Z""" version: builtins.str @@ -802,8 +900,16 @@ class Metadata(google.protobuf.message.Message): @property def sample(self) -> global___Sample: ... @property - def analysis(self) -> global___Analysis: ... + def analysis(self) -> global___Analysis: + """deprecated in v7.0. + use analysis2 instead. + """ flavor: global___Flavor.ValueType + @property + def static_analysis(self) -> global___StaticAnalysis: + """use analysis2 instead of analysis (deprecated in v7.0).""" + @property + def dynamic_analysis(self) -> global___DynamicAnalysis: ... def __init__( self, *, @@ -813,9 +919,12 @@ class Metadata(google.protobuf.message.Message): sample: global___Sample | None = ..., analysis: global___Analysis | None = ..., flavor: global___Flavor.ValueType = ..., + static_analysis: global___StaticAnalysis | None = ..., + dynamic_analysis: global___DynamicAnalysis | None = ..., ) -> None: ... - def HasField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "sample", b"sample"]) -> builtins.bool: ... - def ClearField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "argv", b"argv", "flavor", b"flavor", "sample", b"sample", "timestamp", b"timestamp", "version", b"version"]) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "analysis2", b"analysis2", "dynamic_analysis", b"dynamic_analysis", "sample", b"sample", "static_analysis", b"static_analysis"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "analysis2", b"analysis2", "argv", b"argv", "dynamic_analysis", b"dynamic_analysis", "flavor", b"flavor", "sample", b"sample", "static_analysis", b"static_analysis", "timestamp", b"timestamp", "version", b"version"]) -> None: ... + def WhichOneof(self, oneof_group: typing_extensions.Literal["analysis2", b"analysis2"]) -> typing_extensions.Literal["static_analysis", "dynamic_analysis"] | None: ... global___Metadata = Metadata @@ -993,6 +1102,47 @@ class OperandOffsetFeature(google.protobuf.message.Message): global___OperandOffsetFeature = OperandOffsetFeature +@typing_extensions.final +class ProcessFeatureCount(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ADDRESS_FIELD_NUMBER: builtins.int + COUNT_FIELD_NUMBER: builtins.int + @property + def address(self) -> global___Address: ... + count: builtins.int + def __init__( + self, + *, + address: global___Address | None = ..., + count: builtins.int = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["address", b"address"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["address", b"address", "count", b"count"]) -> None: ... + +global___ProcessFeatureCount = ProcessFeatureCount + +@typing_extensions.final +class ProcessLayout(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ADDRESS_FIELD_NUMBER: builtins.int + MATCHED_THREADS_FIELD_NUMBER: builtins.int + @property + def address(self) -> global___Address: ... + @property + def matched_threads(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___ThreadLayout]: ... + def __init__( + self, + *, + address: global___Address | None = ..., + matched_threads: collections.abc.Iterable[global___ThreadLayout] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["address", b"address"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["address", b"address", "matched_threads", b"matched_threads"]) -> None: ... + +global___ProcessLayout = ProcessLayout + @typing_extensions.final class PropertyFeature(google.protobuf.message.Message): DESCRIPTOR: google.protobuf.descriptor.Descriptor @@ -1156,11 +1306,15 @@ class RuleMetadata(google.protobuf.message.Message): LIB_FIELD_NUMBER: builtins.int MAEC_FIELD_NUMBER: builtins.int IS_SUBSCOPE_RULE_FIELD_NUMBER: builtins.int + SCOPES_FIELD_NUMBER: builtins.int name: builtins.str namespace: builtins.str @property def authors(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... scope: global___Scope.ValueType + """deprecated in v7.0. + use scopes instead. + """ @property def attack(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___AttackSpec]: ... @property @@ -1174,6 +1328,9 @@ class RuleMetadata(google.protobuf.message.Message): @property def maec(self) -> global___MaecMetadata: ... is_subscope_rule: builtins.bool + @property + def scopes(self) -> global___Scopes: + """use scopes over scope (deprecated in v7.0).""" def __init__( self, *, @@ -1189,9 +1346,10 @@ class RuleMetadata(google.protobuf.message.Message): lib: builtins.bool = ..., maec: global___MaecMetadata | None = ..., is_subscope_rule: builtins.bool = ..., + scopes: global___Scopes | None = ..., ) -> None: ... - def HasField(self, field_name: typing_extensions.Literal["maec", b"maec"]) -> builtins.bool: ... - def ClearField(self, field_name: typing_extensions.Literal["attack", b"attack", "authors", b"authors", "description", b"description", "examples", b"examples", "is_subscope_rule", b"is_subscope_rule", "lib", b"lib", "maec", b"maec", "mbc", b"mbc", "name", b"name", "namespace", b"namespace", "references", b"references", "scope", b"scope"]) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["maec", b"maec", "scopes", b"scopes"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["attack", b"attack", "authors", b"authors", "description", b"description", "examples", b"examples", "is_subscope_rule", b"is_subscope_rule", "lib", b"lib", "maec", b"maec", "mbc", b"mbc", "name", b"name", "namespace", b"namespace", "references", b"references", "scope", b"scope", "scopes", b"scopes"]) -> None: ... global___RuleMetadata = RuleMetadata @@ -1219,6 +1377,29 @@ class Sample(google.protobuf.message.Message): global___Sample = Sample +@typing_extensions.final +class Scopes(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + STATIC_FIELD_NUMBER: builtins.int + DYNAMIC_FIELD_NUMBER: builtins.int + static: global___Scope.ValueType + dynamic: global___Scope.ValueType + def __init__( + self, + *, + static: global___Scope.ValueType | None = ..., + dynamic: global___Scope.ValueType | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["_dynamic", b"_dynamic", "_static", b"_static", "dynamic", b"dynamic", "static", b"static"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["_dynamic", b"_dynamic", "_static", b"_static", "dynamic", b"dynamic", "static", b"static"]) -> None: ... + @typing.overload + def WhichOneof(self, oneof_group: typing_extensions.Literal["_dynamic", b"_dynamic"]) -> typing_extensions.Literal["dynamic"] | None: ... + @typing.overload + def WhichOneof(self, oneof_group: typing_extensions.Literal["_static", b"_static"]) -> typing_extensions.Literal["static"] | None: ... + +global___Scopes = Scopes + @typing_extensions.final class SectionFeature(google.protobuf.message.Message): DESCRIPTOR: google.protobuf.descriptor.Descriptor @@ -1298,6 +1479,86 @@ class StatementNode(google.protobuf.message.Message): global___StatementNode = StatementNode +@typing_extensions.final +class StaticAnalysis(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FORMAT_FIELD_NUMBER: builtins.int + ARCH_FIELD_NUMBER: builtins.int + OS_FIELD_NUMBER: builtins.int + EXTRACTOR_FIELD_NUMBER: builtins.int + RULES_FIELD_NUMBER: builtins.int + BASE_ADDRESS_FIELD_NUMBER: builtins.int + LAYOUT_FIELD_NUMBER: builtins.int + FEATURE_COUNTS_FIELD_NUMBER: builtins.int + LIBRARY_FUNCTIONS_FIELD_NUMBER: builtins.int + format: builtins.str + arch: builtins.str + os: builtins.str + extractor: builtins.str + @property + def rules(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: ... + @property + def base_address(self) -> global___Address: ... + @property + def layout(self) -> global___StaticLayout: ... + @property + def feature_counts(self) -> global___StaticFeatureCounts: ... + @property + def library_functions(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___LibraryFunction]: ... + def __init__( + self, + *, + format: builtins.str = ..., + arch: builtins.str = ..., + os: builtins.str = ..., + extractor: builtins.str = ..., + rules: collections.abc.Iterable[builtins.str] | None = ..., + base_address: global___Address | None = ..., + layout: global___StaticLayout | None = ..., + feature_counts: global___StaticFeatureCounts | None = ..., + library_functions: collections.abc.Iterable[global___LibraryFunction] | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["base_address", b"base_address", "feature_counts", b"feature_counts", "layout", b"layout"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["arch", b"arch", "base_address", b"base_address", "extractor", b"extractor", "feature_counts", b"feature_counts", "format", b"format", "layout", b"layout", "library_functions", b"library_functions", "os", b"os", "rules", b"rules"]) -> None: ... + +global___StaticAnalysis = StaticAnalysis + +@typing_extensions.final +class StaticFeatureCounts(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FILE_FIELD_NUMBER: builtins.int + FUNCTIONS_FIELD_NUMBER: builtins.int + file: builtins.int + @property + def functions(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___FunctionFeatureCount]: ... + def __init__( + self, + *, + file: builtins.int = ..., + functions: collections.abc.Iterable[global___FunctionFeatureCount] | None = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["file", b"file", "functions", b"functions"]) -> None: ... + +global___StaticFeatureCounts = StaticFeatureCounts + +@typing_extensions.final +class StaticLayout(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + FUNCTIONS_FIELD_NUMBER: builtins.int + @property + def functions(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___FunctionLayout]: ... + def __init__( + self, + *, + functions: collections.abc.Iterable[global___FunctionLayout] | None = ..., + ) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["functions", b"functions"]) -> None: ... + +global___StaticLayout = StaticLayout + @typing_extensions.final class StringFeature(google.protobuf.message.Message): DESCRIPTOR: google.protobuf.descriptor.Descriptor @@ -1367,6 +1628,23 @@ class SubstringFeature(google.protobuf.message.Message): global___SubstringFeature = SubstringFeature +@typing_extensions.final +class ThreadLayout(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + ADDRESS_FIELD_NUMBER: builtins.int + @property + def address(self) -> global___Address: ... + def __init__( + self, + *, + address: global___Address | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["address", b"address"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["address", b"address"]) -> None: ... + +global___ThreadLayout = ThreadLayout + @typing_extensions.final class Addresses(google.protobuf.message.Message): DESCRIPTOR: google.protobuf.descriptor.Descriptor @@ -1425,6 +1703,81 @@ class Token_Offset(google.protobuf.message.Message): global___Token_Offset = Token_Offset +@typing_extensions.final +class Ppid_Pid(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + PPID_FIELD_NUMBER: builtins.int + PID_FIELD_NUMBER: builtins.int + @property + def ppid(self) -> global___Integer: ... + @property + def pid(self) -> global___Integer: ... + def __init__( + self, + *, + ppid: global___Integer | None = ..., + pid: global___Integer | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["pid", b"pid", "ppid", b"ppid"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["pid", b"pid", "ppid", b"ppid"]) -> None: ... + +global___Ppid_Pid = Ppid_Pid + +@typing_extensions.final +class Ppid_Pid_Tid(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + PPID_FIELD_NUMBER: builtins.int + PID_FIELD_NUMBER: builtins.int + TID_FIELD_NUMBER: builtins.int + @property + def ppid(self) -> global___Integer: ... + @property + def pid(self) -> global___Integer: ... + @property + def tid(self) -> global___Integer: ... + def __init__( + self, + *, + ppid: global___Integer | None = ..., + pid: global___Integer | None = ..., + tid: global___Integer | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["pid", b"pid", "ppid", b"ppid", "tid", b"tid"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["pid", b"pid", "ppid", b"ppid", "tid", b"tid"]) -> None: ... + +global___Ppid_Pid_Tid = Ppid_Pid_Tid + +@typing_extensions.final +class Ppid_Pid_Tid_Id(google.protobuf.message.Message): + DESCRIPTOR: google.protobuf.descriptor.Descriptor + + PPID_FIELD_NUMBER: builtins.int + PID_FIELD_NUMBER: builtins.int + TID_FIELD_NUMBER: builtins.int + ID_FIELD_NUMBER: builtins.int + @property + def ppid(self) -> global___Integer: ... + @property + def pid(self) -> global___Integer: ... + @property + def tid(self) -> global___Integer: ... + @property + def id(self) -> global___Integer: ... + def __init__( + self, + *, + ppid: global___Integer | None = ..., + pid: global___Integer | None = ..., + tid: global___Integer | None = ..., + id: global___Integer | None = ..., + ) -> None: ... + def HasField(self, field_name: typing_extensions.Literal["id", b"id", "pid", b"pid", "ppid", b"ppid", "tid", b"tid"]) -> builtins.bool: ... + def ClearField(self, field_name: typing_extensions.Literal["id", b"id", "pid", b"pid", "ppid", b"ppid", "tid", b"tid"]) -> None: ... + +global___Ppid_Pid_Tid_Id = Ppid_Pid_Tid_Id + @typing_extensions.final class Integer(google.protobuf.message.Message): DESCRIPTOR: google.protobuf.descriptor.Descriptor diff --git a/doc/installation.md b/doc/installation.md index 65258e45..c178edf5 100644 --- a/doc/installation.md +++ b/doc/installation.md @@ -107,25 +107,26 @@ We use [pre-commit](https://pre-commit.com/) so that its trivial to run the same Run all linters liks: - ❯ pre-commit run --all-files + ❯ pre-commit run --hook-stage=manual --all-files isort....................................................................Passed black....................................................................Passed ruff.....................................................................Passed flake8...................................................................Passed mypy.....................................................................Passed + pytest (fast)............................................................Passed Or run a single linter like: - ❯ pre-commit run --all-files isort + ❯ pre-commit run --all-files --hook-stage=manual isort isort....................................................................Passed Importantly, you can configure pre-commit to run automatically before every commit by running: - ❯ pre-commit install --hook-type pre-commit + ❯ pre-commit install --hook-type=pre-commit pre-commit installed at .git/hooks/pre-commit - ❯ pre-commit install --hook-type pre-push + ❯ pre-commit install --hook-type=pre-push pre-commit installed at .git/hooks/pre-push This way you can ensure that you don't commit code style or formatting offenses. diff --git a/tests/fixtures.py b/tests/fixtures.py index 3c7b007d..1cf095cb 100644 --- a/tests/fixtures.py +++ b/tests/fixtures.py @@ -1439,29 +1439,42 @@ def get_result_doc(path: Path): @pytest.fixture def pma0101_rd(): + # python -m capa.main tests/data/Practical\ Malware\ Analysis\ Lab\ 01-01.dll_ --json > tests/data/rd/Practical\ Malware\ Analysis\ Lab\ 01-01.dll_.json return get_result_doc(CD / "data" / "rd" / "Practical Malware Analysis Lab 01-01.dll_.json") @pytest.fixture def dotnet_1c444e_rd(): + # .NET sample + # python -m capa.main tests/data/dotnet/1c444ebeba24dcba8628b7dfe5fec7c6.exe_ --json > tests/data/rd/1c444ebeba24dcba8628b7dfe5fec7c6.exe_.json return get_result_doc(CD / "data" / "rd" / "1c444ebeba24dcba8628b7dfe5fec7c6.exe_.json") @pytest.fixture def a3f3bbc_rd(): + # python -m capa.main tests/data/3f3bbcf8fd90bdcdcdc5494314ed4225.exe_ --json > tests/data/rd/3f3bbcf8fd90bdcdcdc5494314ed4225.exe_.json return get_result_doc(CD / "data" / "rd" / "3f3bbcf8fd90bdcdcdc5494314ed4225.exe_.json") @pytest.fixture def al_khaserx86_rd(): + # python -m capa.main tests/data/al-khaser_x86.exe_ --json > tests/data/rd/al-khaser_x86.exe_.json return get_result_doc(CD / "data" / "rd" / "al-khaser_x86.exe_.json") @pytest.fixture def al_khaserx64_rd(): + # python -m capa.main tests/data/al-khaser_x64.exe_ --json > tests/data/rd/al-khaser_x64.exe_.json return get_result_doc(CD / "data" / "rd" / "al-khaser_x64.exe_.json") @pytest.fixture def a076114_rd(): + # python -m capa.main tests/data/0761142efbda6c4b1e801223de723578.dll_ --json > tests/data/rd/0761142efbda6c4b1e801223de723578.dll_.json return get_result_doc(CD / "data" / "rd" / "0761142efbda6c4b1e801223de723578.dll_.json") + + +@pytest.fixture +def dynamic_a0000a6_rd(): + # python -m capa.main tests/data/dynamic/cape/v2.2/0000a65749f5902c4d82ffa701198038f0b4870b00a27cfca109f8f933476d82.json --json > tests/data/rd/0000a65749f5902c4d82ffa701198038f0b4870b00a27cfca109f8f933476d82.json + return get_result_doc(CD / "data" / "rd" / "0000a65749f5902c4d82ffa701198038f0b4870b00a27cfca109f8f933476d82.json") diff --git a/tests/_test_proto.py b/tests/test_proto.py similarity index 73% rename from tests/_test_proto.py rename to tests/test_proto.py index 8720a1cf..518c11ab 100644 --- a/tests/_test_proto.py +++ b/tests/test_proto.py @@ -46,7 +46,7 @@ def test_doc_to_pb2(request, rd_file): assert matches.meta.name == m.name assert cmp_optional(matches.meta.namespace, m.namespace) assert list(matches.meta.authors) == m.authors - assert capa.render.proto.scope_to_pb2(matches.meta.scope) == m.scope + assert capa.render.proto.scopes_to_pb2(matches.meta.scopes) == m.scopes assert len(matches.meta.attack) == len(m.attack) for rd_attack, proto_attack in zip(matches.meta.attack, m.attack): @@ -116,10 +116,27 @@ def test_addr_to_pb2(): def test_scope_to_pb2(): - assert capa.render.proto.scope_to_pb2(capa.rules.Scope(capa.rules.Scope.FILE)) == capa_pb2.SCOPE_FILE - assert capa.render.proto.scope_to_pb2(capa.rules.Scope(capa.rules.Scope.FUNCTION)) == capa_pb2.SCOPE_FUNCTION - assert capa.render.proto.scope_to_pb2(capa.rules.Scope(capa.rules.Scope.BASIC_BLOCK)) == capa_pb2.SCOPE_BASIC_BLOCK - assert capa.render.proto.scope_to_pb2(capa.rules.Scope(capa.rules.Scope.INSTRUCTION)) == capa_pb2.SCOPE_INSTRUCTION + assert capa.render.proto.scope_to_pb2(capa.rules.Scope.FILE) == capa_pb2.SCOPE_FILE + assert capa.render.proto.scope_to_pb2(capa.rules.Scope.FUNCTION) == capa_pb2.SCOPE_FUNCTION + assert capa.render.proto.scope_to_pb2(capa.rules.Scope.BASIC_BLOCK) == capa_pb2.SCOPE_BASIC_BLOCK + assert capa.render.proto.scope_to_pb2(capa.rules.Scope.INSTRUCTION) == capa_pb2.SCOPE_INSTRUCTION + assert capa.render.proto.scope_to_pb2(capa.rules.Scope.PROCESS) == capa_pb2.SCOPE_PROCESS + assert capa.render.proto.scope_to_pb2(capa.rules.Scope.THREAD) == capa_pb2.SCOPE_THREAD + assert capa.render.proto.scope_to_pb2(capa.rules.Scope.CALL) == capa_pb2.SCOPE_CALL + + +def test_scopes_to_pb2(): + assert capa.render.proto.scopes_to_pb2( + capa.rules.Scopes.from_dict({"static": "file", "dynamic": "file"}) + ) == capa_pb2.Scopes( + static=capa_pb2.SCOPE_FILE, + dynamic=capa_pb2.SCOPE_FILE, + ) + assert capa.render.proto.scopes_to_pb2( + capa.rules.Scopes.from_dict({"static": "file", "dynamic": "unsupported"}) + ) == capa_pb2.Scopes( + static=capa_pb2.SCOPE_FILE, + ) def cmp_optional(a: Any, b: Any) -> bool: @@ -128,8 +145,59 @@ def cmp_optional(a: Any, b: Any) -> bool: return a == b +def assert_static_analyis(analysis: rd.StaticAnalysis, dst: capa_pb2.StaticAnalysis): + assert analysis.format == dst.format + assert analysis.arch == dst.arch + assert analysis.os == dst.os + assert analysis.extractor == dst.extractor + assert list(analysis.rules) == dst.rules + + assert capa.render.proto.addr_to_pb2(analysis.base_address) == dst.base_address + + assert len(analysis.layout.functions) == len(dst.layout.functions) + for rd_f, proto_f in zip(analysis.layout.functions, dst.layout.functions): + assert capa.render.proto.addr_to_pb2(rd_f.address) == proto_f.address + + assert len(rd_f.matched_basic_blocks) == len(proto_f.matched_basic_blocks) + for rd_bb, proto_bb in zip(rd_f.matched_basic_blocks, proto_f.matched_basic_blocks): + assert capa.render.proto.addr_to_pb2(rd_bb.address) == proto_bb.address + + assert analysis.feature_counts.file == dst.feature_counts.file + assert len(analysis.feature_counts.functions) == len(dst.feature_counts.functions) + for rd_cf, proto_cf in zip(analysis.feature_counts.functions, dst.feature_counts.functions): + assert capa.render.proto.addr_to_pb2(rd_cf.address) == proto_cf.address + assert rd_cf.count == proto_cf.count + + assert len(analysis.library_functions) == len(dst.library_functions) + for rd_lf, proto_lf in zip(analysis.library_functions, dst.library_functions): + assert capa.render.proto.addr_to_pb2(rd_lf.address) == proto_lf.address + assert rd_lf.name == proto_lf.name + + +def assert_dynamic_analyis(analysis: rd.DynamicAnalysis, dst: capa_pb2.DynamicAnalysis): + assert analysis.format == dst.format + assert analysis.arch == dst.arch + assert analysis.os == dst.os + assert analysis.extractor == dst.extractor + assert list(analysis.rules) == dst.rules + + assert len(analysis.layout.processes) == len(dst.layout.processes) + for rd_p, proto_p in zip(analysis.layout.processes, dst.layout.processes): + assert capa.render.proto.addr_to_pb2(rd_p.address) == proto_p.address + + assert len(rd_p.matched_threads) == len(proto_p.matched_threads) + for rd_t, proto_t in zip(rd_p.matched_threads, proto_p.matched_threads): + assert capa.render.proto.addr_to_pb2(rd_t.address) == proto_t.address + + assert analysis.feature_counts.processes == dst.feature_counts.processes + assert len(analysis.feature_counts.processes) == len(dst.feature_counts.processes) + for rd_cp, proto_cp in zip(analysis.feature_counts.processes, dst.feature_counts.processes): + assert capa.render.proto.addr_to_pb2(rd_cp.address) == proto_cp.address + assert rd_cp.count == proto_cp.count + + def assert_meta(meta: rd.Metadata, dst: capa_pb2.Metadata): - assert isinstance(rd.Metadata.analysis, rd.StaticAnalysis) + assert isinstance(meta.analysis, rd.StaticAnalysis) assert str(meta.timestamp) == dst.timestamp assert meta.version == dst.version if meta.argv is None: @@ -142,32 +210,18 @@ def assert_meta(meta: rd.Metadata, dst: capa_pb2.Metadata): assert meta.sample.sha256 == dst.sample.sha256 assert meta.sample.path == dst.sample.path - assert meta.analysis.format == dst.analysis.format - assert meta.analysis.arch == dst.analysis.arch - assert meta.analysis.os == dst.analysis.os - assert meta.analysis.extractor == dst.analysis.extractor - assert list(meta.analysis.rules) == dst.analysis.rules - assert capa.render.proto.addr_to_pb2(meta.analysis.base_address) == dst.analysis.base_address - - assert isinstance(rd.Metadata.analysis.layout, rd.StaticLayout) - assert len(meta.analysis.layout.functions) == len(dst.analysis.layout.functions) - for rd_f, proto_f in zip(meta.analysis.layout.functions, dst.analysis.layout.functions): - assert capa.render.proto.addr_to_pb2(rd_f.address) == proto_f.address - - assert len(rd_f.matched_basic_blocks) == len(proto_f.matched_basic_blocks) - for rd_bb, proto_bb in zip(rd_f.matched_basic_blocks, proto_f.matched_basic_blocks): - assert capa.render.proto.addr_to_pb2(rd_bb.address) == proto_bb.address - - assert meta.analysis.feature_counts.file == dst.analysis.feature_counts.file - assert len(meta.analysis.feature_counts.functions) == len(dst.analysis.feature_counts.functions) - for rd_cf, proto_cf in zip(meta.analysis.feature_counts.functions, dst.analysis.feature_counts.functions): - assert capa.render.proto.addr_to_pb2(rd_cf.address) == proto_cf.address - assert rd_cf.count == proto_cf.count - - assert len(meta.analysis.library_functions) == len(dst.analysis.library_functions) - for rd_lf, proto_lf in zip(meta.analysis.library_functions, dst.analysis.library_functions): - assert capa.render.proto.addr_to_pb2(rd_lf.address) == proto_lf.address - assert rd_lf.name == proto_lf.name + if meta.flavor == rd.Flavor.STATIC: + assert dst.flavor == capa_pb2.FLAVOR_STATIC + assert dst.WhichOneof("analysis2") == "static_analysis" + assert isinstance(meta.analysis, rd.StaticAnalysis) + assert_static_analyis(meta.analysis, dst.static_analysis) + elif meta.flavor == rd.Flavor.DYNAMIC: + assert dst.flavor == capa_pb2.FLAVOR_DYNAMIC + assert dst.WhichOneof("analysis2") == "dynamic_analysis" + assert isinstance(meta.analysis, rd.DynamicAnalysis) + assert_dynamic_analyis(meta.analysis, dst.dynamic_analysis) + else: + assert_never(dst.flavor) def assert_match(ma: rd.Match, mb: capa_pb2.Match): @@ -320,20 +374,22 @@ def assert_round_trip(doc: rd.ResultDocument): # show the round trip works # first by comparing the objects directly, # which works thanks to pydantic model equality. + assert one.meta == two.meta + assert one.rules == two.rules assert one == two + # second by showing their protobuf representations are the same. - assert capa.render.proto.doc_to_pb2(one).SerializeToString(deterministic=True) == capa.render.proto.doc_to_pb2( - two - ).SerializeToString(deterministic=True) + one_bytes = capa.render.proto.doc_to_pb2(one).SerializeToString(deterministic=True) + two_bytes = capa.render.proto.doc_to_pb2(two).SerializeToString(deterministic=True) + assert one_bytes == two_bytes # now show that two different versions are not equal. three = copy.deepcopy(two) three.meta.__dict__.update({"version": "0.0.0"}) assert one.meta.version != three.meta.version assert one != three - assert capa.render.proto.doc_to_pb2(one).SerializeToString(deterministic=True) != capa.render.proto.doc_to_pb2( - three - ).SerializeToString(deterministic=True) + three_bytes = capa.render.proto.doc_to_pb2(three).SerializeToString(deterministic=True) + assert one_bytes != three_bytes @pytest.mark.parametrize( @@ -345,6 +401,7 @@ def assert_round_trip(doc: rd.ResultDocument): pytest.param("a076114_rd"), pytest.param("pma0101_rd"), pytest.param("dotnet_1c444e_rd"), + pytest.param("dynamic_a0000a6_rd"), ], ) def test_round_trip(request, rd_file):