gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-06-12 19:11:32 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct capa/subscope-rule key in RuleMetadata.from_capa

Browse Source 
`RuleMetadata.from_capa` used `rule.meta.get("capa/subscope", False)` and
`Field(False, alias="capa/subscope")`, but the actual key set by
`_extract_subscope_rules_rec` is `"capa/subscope-rule"`. This caused
`is_subscope_rule` to always be `False` in every `RuleMetadata` instance,
making downstream filters in `render/utils.py`, `render/vverbose.py`, and
`scripts/import-to-ida.py` ineffective (though subscope rules are already
excluded from `ResultDocument` before reaching those callers).
This commit is contained in:
Willi Ballenthin
2026-04-22 17:29:38 +03:00
committed by Willi Ballenthin
parent 1ef6298b45
commit eb81901d71
5 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/import-to-bn.py
+1 -1
View File
@@ -102,7 +102,7 @@ def load_analysis(bv):
for rule in doc["rules"].values():
if rule["meta"].get("lib"):
continue
if rule["meta"].get("capa/subscope"):
if rule["meta"].get("capa/subscope-rule"):
continue
if rule["meta"]["scopes"].get("static") != "function":
continue