Merge pull request #326 from fireeye/fix-325

main: fix reported total rule count
2026-02-05 03:16:56 -08:00 · 2020-09-23 16:07:22 -06:00
parent 29b6bd8aad c2516e7453
commit d8a32630fb
1 changed files with 7 additions and 1 deletions
--- a/capa/main.py
+++ b/capa/main.py
@@ -536,7 +536,13 @@ def main(argv=None):
    try:
        rules = get_rules(rules_path, disable_progress=args.quiet)
        rules = capa.rules.RuleSet(rules)
-        logger.debug("successfully loaded %s rules", len(rules))
+        logger.debug(
+            "successfully loaded %s rules",
+            # during the load of the RuleSet, we extract subscope statements into their own rules
+            # that are subsequently `match`ed upon. this inflates the total rule count.
+            # so, filter out the subscope rules when reporting total number of loaded rules.
+            len(filter(lambda r: "capa/subscope-rule" not in r.meta, rules.rules.values())),
+        )
        if args.tag:
            rules = rules.filter_rules_by_meta(args.tag)
            logger.debug("selected %s rules", len(rules))