gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-05 20:40:05 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,848 Commits 42 Branches 48 Tags
master
Commit Graph

5848 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Willi Ballenthin
cdc1cb7afd rename "sequence" scope to "span of calls" scope 
pep8

fix ref

update submodules

update testfiles submodule

duplicate variable
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
277504c7b7 changelog: add sequence scope 2025-01-29 02:25:06 -07:00
Willi Ballenthin
a1d46bc3c0 sequence: don't update feature locations in place 
pep8
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
e6bdcff5d9 sequence: better collect sequence-related addresses from Range statements 2025-01-29 02:25:06 -07:00
Willi Ballenthin
f55086c212 sequence: refactor into SequenceMatcher 
contains the call ids for all the calls within the sequence, so we know
where to look for related matched.

sequence: refactor SequenceMatcher

sequence: don't use sequence addresses

sequence: remove sequence address
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
39319c57a4 sequence: documentation and tests 
sequence: add more tests
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
86908c9025 sequence scope: optimize matching 2025-01-29 02:25:06 -07:00
Willi Ballenthin
294ff34a30 sequence: only match first overlapping sequence 
also, for repeating behavior, match only the first instance.
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
b06fea130c dynamic: add sequence scope 
addresses discussion in
https://github.com/mandiant/capa-rules/discussions/951

pep8

sequence: add test showing multiple sequences overlapping a single event
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
8d17319128 capabilities: use dataclasses to represent complicated return types 
foo
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
4896ff01d8 result: make copy of locations 
to ensure its not modified by reference after we expect it to be
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
8329abd3c8 rd: debugging helper formatting 2025-01-29 02:25:06 -07:00
Capa Bot
6eb55d2f39 Sync capa rules submodule 2025-01-28 11:54:46 +00:00
dependabot[bot]
c43e10cd25 build(deps-dev): bump vite from 5.4.6 to 5.4.14 in /web/explorer (#2569) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.6 to 5.4.14.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.14/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.14/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-01-28 10:11:42 +01:00
dependabot[bot]
6d336e962f build(deps): bump pip from 24.3.1 to 25.0 (#2576) 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/24.3.1...25.0)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-28 10:11:17 +01:00
dependabot[bot]
18d87b70d3 build(deps): bump deptry from 0.22.0 to 0.23.0 (#2575) 
Bumps [deptry](https://github.com/fpgmaas/deptry) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/fpgmaas/deptry/releases)
- [Changelog](https://github.com/fpgmaas/deptry/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fpgmaas/deptry/compare/0.22.0...0.23.0)

---
updated-dependencies:
- dependency-name: deptry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-28 10:10:48 +01:00
dependabot[bot]
5b53f5b6c5 build(deps): bump pre-commit from 4.0.1 to 4.1.0 (#2574) 
Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v4.0.1...v4.1.0)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-28 10:10:26 +01:00
Mike Hunhoff
160ce73a35 vmray: loosen file checks to enable processing of additional file types (#2571) 
* vmray: loosen file checks to enable addtional file types

* additional refactor to loosen file checks

* update CHANGELOG

* cleanup comments and small code refactor

* fix lints

* use NO_ADDRESS for submissions that don't have a base address

* update comments

* add test for ps1 trace
 2025-01-23 12:47:36 -07:00
Capa Bot
3702baf9a9 Sync capa-testfiles submodule 2025-01-23 18:36:54 +00:00
Colton Gabertan
de0a324117 Ghidra - Fix Security Cookie Check - #2071 (#2561) 
* fix nzxor security cookie check, fix imports for ghidra

* lint ghidra insn

* fix if statement

* re-organize logic for performance
 2025-01-22 13:35:26 -07:00
Capa Bot
1742b754c2 Sync capa rules submodule 2025-01-21 18:36:28 +00:00
Capa Bot
23cf2799ca Sync capa-testfiles submodule 2025-01-21 16:47:14 +00:00
dependabot[bot]
25d82a2a62 build(deps): bump setuptools from 75.6.0 to 75.8.0 (#2562) 2025-01-20 08:27:57 -07:00
dependabot[bot]
079a9e30b1 build(deps): bump deptry from 0.21.1 to 0.22.0 (#2563) 2025-01-20 08:27:37 -07:00
dependabot[bot]
127c217b5d build(deps): bump pygments from 2.18.0 to 2.19.1 (#2564) 2025-01-20 08:26:56 -07:00
dependabot[bot]
8c8d67c939 build(deps): bump viv-utils from 0.7.11 to 0.8.0 (#2565) 2025-01-20 08:26:37 -07:00
dependabot[bot]
c061ec5e2b build(deps): bump ruff from 0.8.0 to 0.9.2 (#2566) 2025-01-20 08:26:20 -07:00
Capa Bot
726c89794f Sync capa-testfiles submodule 2025-01-17 12:59:22 +00:00
dependabot[bot]
0a547cf0f0 build(deps): bump types-protobuf from 5.28.0.20240924 to 5.29.1.20241207 (#2534) 
Bumps [types-protobuf](https://github.com/python/typeshed) from 5.28.0.20240924 to 5.29.1.20241207.
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 02:02:08 -07:00
dependabot[bot]
e00672006f build(deps): bump six from 1.16.0 to 1.17.0 (#2533) 
Bumps [six](https://github.com/benjaminp/six) from 1.16.0 to 1.17.0.
- [Changelog](https://github.com/benjaminp/six/blob/main/CHANGES)
- [Commits](https://github.com/benjaminp/six/compare/1.16.0...1.17.0)

---
updated-dependencies:
- dependency-name: six
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 02:01:00 -07:00
dependabot[bot]
8f8db7b023 build(deps): bump msgspec from 0.18.6 to 0.19.0 (#2547) 
Bumps [msgspec](https://github.com/jcrist/msgspec) from 0.18.6 to 0.19.0.
- [Release notes](https://github.com/jcrist/msgspec/releases)
- [Commits](https://github.com/jcrist/msgspec/compare/0.18.6...0.19.0)

---
updated-dependencies:
- dependency-name: msgspec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 02:00:00 -07:00
dependabot[bot]
4411170869 build(deps): bump mypy from 1.13.0 to 1.14.1 (#2550) 
Bumps [mypy](https://github.com/python/mypy) from 1.13.0 to 1.14.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 01:59:45 -07:00
Willi Ballenthin
72fe291742 strings: fix type hints and uncovered bugs (#2555) 
* strings: fix type hints and uncovered bugs

changelog

add strings tests

strings: fix buf_filled_with

fix strings tests

refactor: optimize and document buf_filled_with function in strings.py

docs: add docstring to buf_filled_with function

doc

strings: add typing

* strings: more validation and testing

thanks @fariss

* copyright
 2025-01-16 01:59:16 -07:00
Capa Bot
3eef829410 Sync capa rules submodule 2025-01-15 21:25:53 +00:00
Willi Ballenthin
8c412f361a elffile: fix handling of symbols without a name 
closes #2553

elffile: fix key error
 2025-01-15 13:45:38 -07:00
Ana Maria Martinez Gomez
df7697db84 [copyright + license] Add missing headers 
Add copyright and license information headers to the source code files
inside the `web` directory and the `capa/render/proto/capa.proto` file.
I have used addlicense to add the headers.
 2025-01-15 08:52:42 -07:00
Ana Maria Martinez Gomez
3cd97ae9f2 [copyright + license] Fix headers 
Replace the header from source code files using the following script:
```Python
for dir_path, dir_names, file_names in os.walk("capa"):
    for file_name in file_names:
        # header are only in `.py` and `.toml` files
        if file_name[-3:] not in (".py", "oml"):
            continue
        file_path = f"{dir_path}/{file_name}"
        f = open(file_path, "rb+")
        content = f.read()
        m = re.search(OLD_HEADER, content)
        if not m:
            continue
        print(f"{file_path}: {m.group('year')}")
        content = content.replace(m.group(0), NEW_HEADER % m.group("year"))
        f.seek(0)
        f.write(content)
```

Some files had the copyright headers inside a `"""` comment and needed
manual changes before applying the script. `hook-vivisect.py` and
`pyinstaller.spec` didn't include the license in the header and also
needed manual changes.

The old header had the confusing sentence `All rights reserved`, which
does not make sense for an open source license. Replace the header by
the default Google header that corrects this issue and keep capa
consistent with other Google projects.

Adapt the linter to work with the new header.

Replace also the copyright text in the `web/public/index.html` file for
consistency.
 2025-01-15 08:52:42 -07:00
Ana Maria Martinez Gomez
b4aa65daa1 [CONTRIBUTING] Use Google's Code of Conduct 
Use Google's default Code of Conduct for consistency with other Google's
projects.
 2025-01-15 08:52:42 -07:00
Ana Maria Martinez Gomez
bf9753ef93 [CONTRIBUTING] Improve CLA information 
Improve CLA information to adhere to Google policies.
 2025-01-15 08:52:42 -07:00
Ana Maria Martinez Gomez
f768f684b5 [LICENSE] Correct LICENSE file 
Replace LICENSE text file with the official Apache one:
https://www.apache.org/licenses/LICENSE-2.0.txt

This changes `Copyright (C) 2021 Mandiant, Inc.` by the following
template language that had been incorrectly replaced:
`Copyright [yyyy] [name of copyright owner]`
 2025-01-15 08:52:42 -07:00
Mike Hunhoff
c3c93685e2 vmray: skip non-printable strings (#2551) 2025-01-08 08:40:32 -07:00
Capa Bot
462e11443e Sync capa rules submodule 2025-01-07 20:03:05 +00:00
Moritz
32d6181f02 Merge pull request #2541 from mandiant/dependabot/npm_and_yarn/web/explorer/nanoid-3.3.8 
build(deps): bump nanoid from 3.3.7 to 3.3.8 in /web/explorer
 2024-12-17 14:29:32 +01:00
Moritz
6cf944b321 Merge pull request #2542 from mandiant/dependabot/pip/flake8-bugbear-24.12.12 
build(deps): bump flake8-bugbear from 24.10.31 to 24.12.12
 2024-12-17 14:29:19 +01:00
Moritz
369fbc713e Merge pull request #2538 from mandiant/williballenthin-patch-1 
readme: avoid scroll on github homepage
 2024-12-17 14:28:24 +01:00
Moritz
e3a1dbfac2 Merge pull request #2537 from mandiant/fix/vmray-improvements 
VMRay and dynamic improvements
 2024-12-17 14:27:52 +01:00
dependabot[bot]
e5fe935a8e build(deps): bump flake8-bugbear from 24.10.31 to 24.12.12 
Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 24.10.31 to 24.12.12.
- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases)
- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/24.10.31...24.12.12)

---
updated-dependencies:
- dependency-name: flake8-bugbear
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-16 14:12:27 +00:00
dependabot[bot]
233f8dcf9f build(deps): bump nanoid from 3.3.7 to 3.3.8 in /web/explorer 
Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8.
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ai/nanoid/compare/3.3.7...3.3.8)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-16 03:58:18 +00:00
mr-tz
51d606bc0d use default emptry list for ElfFileSection 2024-12-13 11:51:47 +00:00
Willi Ballenthin
2b46796d08 Update README.md 
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
 2024-12-12 18:49:39 +01:00