gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-18 23:55:52 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'parentrepo/dynamic-feature-extraction' into sync-1657

Browse Source
This commit is contained in:
Yacine Elhamer
2023-07-20 09:33:48 +01:00
parent 4eabee7329 ce15a2b01e
commit e38e56ccf6
47 changed files with 1782 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
capa/ida/plugin/form.py
View File

@@ -1191,10 +1191,13 @@ class CapaExplorerForm(idaapi.PluginForm):
return
is_match: bool = False
if self.rulegen_current_function is not None and rule.scope in (
capa.rules.Scope.FUNCTION,
capa.rules.Scope.BASIC_BLOCK,
capa.rules.Scope.INSTRUCTION,
if self.rulegen_current_function is not None and any(
s in rule.scopes
for s in (
capa.rules.Scope.FUNCTION,
capa.rules.Scope.BASIC_BLOCK,
capa.rules.Scope.INSTRUCTION,
)
):
try:
_, func_matches, bb_matches, insn_matches = self.rulegen_feature_cache.find_code_capabilities(
@@ -1204,13 +1207,13 @@ class CapaExplorerForm(idaapi.PluginForm):
self.set_rulegen_status(f"Failed to create function rule matches from rule set ({e})")
return
if rule.scope == capa.rules.Scope.FUNCTION and rule.name in func_matches:
if capa.rules.Scope.FUNCTION in rule.scopes and rule.name in func_matches:
is_match = True
elif rule.scope == capa.rules.Scope.BASIC_BLOCK and rule.name in bb_matches:
elif capa.rules.Scope.BASIC_BLOCK in rule.scopes and rule.name in bb_matches:
is_match = True
elif rule.scope == capa.rules.Scope.INSTRUCTION and rule.name in insn_matches:
elif capa.rules.Scope.INSTRUCTION in rule.scopes and rule.name in insn_matches:
is_match = True
elif rule.scope == capa.rules.Scope.FILE:
elif capa.rules.Scope.FILE in rule.scopes:
try:
_, file_matches = self.rulegen_feature_cache.find_file_capabilities(ruleset)
except Exception as e: