detect (and short circuit) file limitations at file scope (#586)

* smda: move pe carve into helpers * smda: simplify test parametrization/xfail * extractors: add pefile extractor for file scope features * pep8 * main: bail early on file limitation detected at file scope closes #583 * changelog
2025-12-23 15:37:37 -08:00 · 2021-05-28 08:14:44 -06:00
parent b3fff51002
commit ed02088c82
9 changed files with 289 additions and 76 deletions
--- a/tests/test_pefile_features.py
+++ b/tests/test_pefile_features.py
@@ -0,0 +1,29 @@
+# Copyright (C) 2020 FireEye, Inc. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at: [package root]/LICENSE.txt
+# Unless required by applicable law or agreed to in writing, software distributed under the License
+#  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+import sys
+
+import pytest
+from fixtures import *
+from fixtures import parametrize
+
+import capa.features.file
+
+
+@parametrize(
+    "sample,scope,feature,expected",
+    FEATURE_PRESENCE_TESTS,
+    indirect=["sample", "scope"],
+)
+def test_pefile_features(sample, scope, feature, expected):
+    if scope.__name__ != "file":
+        pytest.xfail("pefile only extract file scope features")
+
+    if isinstance(feature, capa.features.file.FunctionName):
+        pytest.xfail("pefile only doesn't extract function names")
+
+    do_test_feature_presence(get_pefile_extractor, sample, scope, feature, expected)