From d6c5d98b0d99e0afff08b905df4abeb39dfeb2b6 Mon Sep 17 00:00:00 2001
From: Yacine Elhamer <elhamer.yacine@gmail.com>
Date: Fri, 20 Oct 2023 10:16:09 +0200
Subject: [PATCH] move `is_file_limitation_rule()` to the rules module (Rule
 class)

---
 capa/capabilities/common.py | 8 ++------
 capa/main.py                | 4 ----
 capa/rules/__init__.py      | 6 ++++++
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/capa/capabilities/common.py b/capa/capabilities/common.py
index 0563b538..f20e2615 100644
--- a/capa/capabilities/common.py
+++ b/capa/capabilities/common.py
@@ -11,7 +11,7 @@ import itertools
 import collections
 from typing import Any, Tuple
 
-from capa.rules import Rule, Scope, RuleSet
+from capa.rules import Scope, RuleSet
 from capa.engine import FeatureSet, MatchResults
 from capa.features.address import NO_ADDRESS
 from capa.features.extractors.base_extractor import FeatureExtractor, StaticFeatureExtractor, DynamicFeatureExtractor
@@ -40,12 +40,8 @@ def find_file_capabilities(ruleset: RuleSet, extractor: FeatureExtractor, functi
     return matches, len(file_features)
 
 
-def is_file_limitation_rule(rule: Rule) -> bool:
-    return rule.meta.get("namespace", "") == "internal/limitation/file"
-
-
 def has_file_limitation(rules: RuleSet, capabilities: MatchResults, is_standalone=True) -> bool:
-    file_limitation_rules = list(filter(is_file_limitation_rule, rules.rules.values()))
+    file_limitation_rules = list(filter(lambda r: r.is_file_limitation_rule(), rules.rules.values()))
 
     for file_limitation_rule in file_limitation_rules:
         if file_limitation_rule.name not in capabilities:
diff --git a/capa/main.py b/capa/main.py
index 54052433..1756513a 100644
--- a/capa/main.py
+++ b/capa/main.py
@@ -140,10 +140,6 @@ def has_rule_with_namespace(rules: RuleSet, capabilities: MatchResults, namespac
     )
 
 
-def is_internal_rule(rule: Rule) -> bool:
-    return rule.meta.get("namespace", "").startswith("internal/")
-
-
 def is_supported_format(sample: Path) -> bool:
     """
     Return if this is a supported file based on magic header values
diff --git a/capa/rules/__init__.py b/capa/rules/__init__.py
index 9b8af10b..13dda29e 100644
--- a/capa/rules/__init__.py
+++ b/capa/rules/__init__.py
@@ -869,6 +869,12 @@ class Rule:
             for child in statement.get_children():
                 yield from self._extract_subscope_rules_rec(child)
 
+    def is_internal_rule(self) -> bool:
+        return self.meta.get("namespace", "").startswith("internal/")
+
+    def is_file_limitation_rule(self) -> bool:
+        return self.meta.get("namespace", "") == "internal/limitation/file"
+
     def is_subscope_rule(self):
         return bool(self.meta.get("capa/subscope-rule", False))