initial commit

2025-12-23 07:28:34 -08:00 · 2023-07-17 11:50:49 +01:00
parent ce15a2b01e
commit e3f60ea0fb
9 changed files with 396 additions and 70 deletions
--- a/scripts/bulk-process.py
+++ b/scripts/bulk-process.py
@@ -129,11 +129,9 @@ def get_capa_results(args):
            "error": f"unexpected error: {e}",
        }

-    meta = capa.main.collect_metadata([], path, format, os_, [], extractor)
    capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True)

-    meta.analysis.feature_counts = counts["feature_counts"]
-    meta.analysis.library_functions = counts["library_functions"]
+    meta = capa.main.collect_metadata([], path, format, os_, [], extractor, counts)
    meta.analysis.layout = capa.main.compute_layout(rules, extractor, capabilities)

    doc = rd.ResultDocument.from_capa(meta, rules, capabilities)
--- a/scripts/capa_as_library.py
+++ b/scripts/capa_as_library.py
@@ -170,10 +170,7 @@ def capa_details(rules_path, file_path, output_format="dictionary"):
    capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True)

    # collect metadata (used only to make rendering more complete)
-    meta = capa.main.collect_metadata([], file_path, FORMAT_AUTO, OS_AUTO, rules_path, extractor)
-
-    meta.analysis.feature_counts = counts["feature_counts"]
-    meta.analysis.library_functions = counts["library_functions"]
+    meta = capa.main.collect_metadata([], file_path, FORMAT_AUTO, OS_AUTO, rules_path, extractor, counts)
    meta.analysis.layout = capa.main.compute_layout(rules, extractor, capabilities)

    capa_output: Any = False
--- a/scripts/import-to-ida.py
+++ b/scripts/import-to-ida.py
@@ -89,7 +89,7 @@ def main():
            continue
        if rule.meta.is_subscope_rule:
            continue
-        if rule.meta.scope != capa.rules.Scope.FUNCTION:
+        if capa.rules.Scope.FUNCTION in rule.meta.scopes:
            continue

        ns = rule.meta.namespace
--- a/scripts/show-capabilities-by-function.py
+++ b/scripts/show-capabilities-by-function.py
@@ -94,6 +94,7 @@ def render_matches_by_function(doc: rd.ResultDocument):
          - send HTTP request
          - connect to HTTP server
    """
+    assert isinstance(doc.meta.analysis, rd.StaticAnalysis)
    functions_by_bb: Dict[Address, Address] = {}
    for finfo in doc.meta.analysis.layout.functions:
        faddress = finfo.address
@@ -106,10 +107,10 @@ def render_matches_by_function(doc: rd.ResultDocument):

    matches_by_function = collections.defaultdict(set)
    for rule in rutils.capability_rules(doc):
-        if rule.meta.scope == capa.rules.FUNCTION_SCOPE:
+        if capa.rules.FUNCTION_SCOPE in rule.meta.scopes:
            for addr, _ in rule.matches:
                matches_by_function[addr].add(rule.meta.name)
-        elif rule.meta.scope == capa.rules.BASIC_BLOCK_SCOPE:
+        elif capa.rules.BASIC_BLOCK_SCOPE in rule.meta.scopes:
            for addr, _ in rule.matches:
                function = functions_by_bb[addr]
                matches_by_function[function].add(rule.meta.name)
@@ -178,11 +179,9 @@ def main(argv=None):
            capa.helpers.log_unsupported_runtime_error()
            return -1

-    meta = capa.main.collect_metadata(argv, args.sample, format_, args.os, args.rules, extractor)
    capabilities, counts = capa.main.find_capabilities(rules, extractor)

-    meta.analysis.feature_counts = counts["feature_counts"]
-    meta.analysis.library_functions = counts["library_functions"]
+    meta = capa.main.collect_metadata(argv, args.sample, format_, args.os, args.rules, extractor, counts)
    meta.analysis.layout = capa.main.compute_layout(rules, extractor, capabilities)

    if capa.main.has_file_limitation(rules, capabilities):