gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-06-27 08:54:10 -07:00
Code Issues Packages Projects Releases Wiki Activity
5,110 Commits 54 Branches 49 Tags
100df45cc055eea9fd2b5da77511dee701bd8ea6
Commit Graph

5110 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Willi Ballenthin 2b59fef1b2 changelog 2023-08-25 09:05:57 +00:00
Willi Ballenthin ddff8634de changelog 2023-08-25 09:04:26 +00:00
Willi Ballenthin 1905f1bfbd changelog 2023-08-25 09:02:03 +00:00
Yacine Elhamer f34b0355e7 test_result_document.py: re-enable result-document related tests 2023-08-25 10:56:12 +02:00
Willi Ballenthin 7a70bc9b2a version: v6.1.0 2023-08-25 08:47:11 +00:00
Yacine 3ee56e3bee Merge pull request #1762 from yelhamer/modify-sample-hashes 
Modify sample hashes
 2023-08-25 10:29:38 +03:00
Yacine Elhamer 49bf2eb6d4 base_extractor.py: replace dunder with single underscore for sample_hashes attribute 2023-08-25 10:14:25 +02:00
Yacine Elhamer 707dee4c3f base_Extractor.py: make sample_hashes attribute private 2023-08-25 09:53:08 +02:00
Yacine Elhamer 0ded827290 modify null extractor 2023-08-25 08:50:34 +02:00
Yacine Elhamer f74107d960 initial commit 2023-08-25 08:37:57 +02:00
Mike Hunhoff 448b122ef0 fix ints_to_bytes performance (#1761) 
* fix ints_to_bytes performance
 2023-08-24 16:01:41 -07:00
colton-gabertan bd2f7bc1f4 hotfix: fix indirect address dereference handling 2023-08-24 22:09:08 +00:00
Yacine acd3a30d27 Merge pull request #1758 from yelhamer/fix-cape2fmt 
Add dynamic scopes to capa2fmt
 2023-08-24 15:43:34 +03:00
Yacine Elhamer b636f23e3c Merge branch 'fix-cape2fmt' of https://github.com/yelhamer/capa into fix-cape2fmt 2023-08-24 15:01:00 +02:00
Yacine Elhamer 70eae1a6f0 freeze/__init__.py: fix missing space 2023-08-24 15:00:34 +02:00
Yacine Elhamer 3574bd49bd Merge remote-tracking branch 'parentrepo/dynamic-feature-extraction' into fix-cape2fmt 2023-08-24 14:48:07 +02:00
Yacine Elhamer 46217a3acb test_main.py: remove unused pytest 2023-08-24 14:47:40 +02:00
Yacine Elhamer 9eb1255b29 cape2yara.py: update for use of scopes, and fix bug 2023-08-24 14:32:49 +02:00
Yacine d66f834e54 Update tests/test_scripts.py 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-24 13:48:32 +02:00
Yacine Elhamer 7c101f01e5 test_binja.py: revert ruleset-related xfails 2023-08-24 13:36:53 +02:00
Yacine Elhamer 42689ef1da test_main.py: revert ruleset-related xfails 2023-08-24 13:30:22 +02:00
Colton Gabertan 70d36ab640 properly set bounds for find_byte_sequence (#1757) 2023-08-23 15:40:15 -06:00
Colton Gabertan 19b8000c00 Ghidra: Fixes & Enhancements (#1733) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix dereference function

* fix ghidra state variables

* implement dereferencing for string extraction

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection

* fix number & offset extractors

* yield both signed & unsgned values for offset extraction

* add LEA insn handling to number & offset extraction

* fix indirect call extraction

* implement thunk function checking for dereferences

* revise ghidra feature count tests, pass unit testing

* fix feature test format

* implement additional support for dereferencing thunked functions

* integrate external locations into find_file_imports

* change api yield string for .elf samples to match other extractors

* fix potential NoneType errors during dereferencing

* user helper in global_

* fix GHIDRAIO class, implement in global_

* comment on getOriginalByte

* simplify get_file_imports

* implement explicit thunk chain handling

* simplify LEA number extraction

* simplify thunk handling

* temp: demonstrate CI failure & output

* fix log path

* run new test against mimikatz
 2023-08-23 14:35:18 -06:00
colton-gabertan 06f48063d0 Merge branch 'master' into backend-ghidra 2023-08-23 18:05:58 +00:00
Yacine 5ba7325646 Merge pull request #1753 from yelhamer/update-linter 
Update the rules linter
 2023-08-23 11:50:51 +03:00
Yacine 86effec1a2 capa/rules/__init__.py: merge features from small scopes into larger ones 
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2023-08-23 08:49:36 +03:00
Yacine cdb469eca0 capa/features/freeze/__init__.py: remove comment 
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2023-08-23 08:45:21 +03:00
Yacine 39c8fd8286 Update capa/features/freeze/__init__.py 
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2023-08-23 08:43:36 +03:00
Yacine Elhamer 5730e5515f lint.py: update recommendation messages 2023-08-23 01:42:22 +02:00
Yacine Elhamer 901ba551bc lint.py: fix boolean statement 2023-08-23 01:41:44 +02:00
Yacine Elhamer 77b3fadf79 lint.py: add 'unsupported' keyword 2023-08-23 01:39:14 +02:00
Yacine Elhamer 44fc3357d1 initial commit 2023-08-23 01:32:01 +02:00
Willi Ballenthin 25414044ef Merge pull request #1748 from mandiant/feat/issue-1744 
rules: add scope terms "unsupported" and "unspecified"
 2023-08-22 15:59:57 +02:00
Yacine Elhamer d1068991e3 test_rules_insn_scope.py: update rules missing the dynamic scope 2023-08-22 16:26:54 +02:00
Willi Ballenthin 4ab240e990 rules: add scope terms "unsupported" and "unspecified" 
closes #1744
 2023-08-22 12:58:06 +00:00
Willi Ballenthin 9489927bed Merge pull request #1746 from mandiant/fix/issue-1745 
fix detection of CAPE reports
 2023-08-22 14:34:23 +02:00
Willi Ballenthin c160f45849 main: fix rendering of logging message 2023-08-22 12:32:53 +00:00
Willi Ballenthin 5b585c0e39 cape: better detect CAPE reports 
fixes #1745
 2023-08-22 12:32:30 +00:00
Aayush Goel c6ee919619 Update capa/features/common.py 
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2023-08-22 15:52:04 +05:30
Willi Ballenthin 675ad364ac point submodule rules to branch dynamic-syntax 2023-08-22 08:50:18 +00:00
Willi Ballenthin 21cefa0932 Merge branch 'master' into dynamic-feature-extraction 2023-08-22 09:53:42 +02:00
Willi Ballenthin 934d0f969b Merge pull request #1740 from mandiant/dependabot/pip/mypy-1.5.1 
build(deps-dev): bump mypy from 1.5.0 to 1.5.1
 2023-08-22 09:53:15 +02:00
dependabot[bot] b7b79b565b build(deps-dev): bump mypy from 1.5.0 to 1.5.1 
Bumps [mypy](https://github.com/python/mypy) from 1.5.0 to 1.5.1.
- [Commits](https://github.com/python/mypy/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-22 07:48:33 +00:00
Moritz 979aab3098 Merge pull request #1741 from mandiant/dependabot/pip/ruff-0.0.285 
build(deps-dev): bump ruff from 0.0.284 to 0.0.285
 2023-08-22 09:47:50 +02:00
Willi Ballenthin 89c8c6d212 Update capa/rules/__init__.py 2023-08-22 09:38:41 +02:00
Willi Ballenthin e5af7165ea Update capa/features/freeze/__init__.py 2023-08-22 09:31:35 +02:00
Willi Ballenthin ee936f9257 Merge pull request #1729 from mandiant/feat/cape-pydantic 
add Pydantic models for CAPE sandbox
 2023-08-22 09:25:02 +02:00
Colton Gabertan 058c1fefd2 ghidra: unit tests (#1727) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix ghidra state variables

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection
 2023-08-21 12:16:13 -06:00
dependabot[bot] 8ed00a2847 build(deps-dev): bump ruff from 0.0.284 to 0.0.285 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.284 to 0.0.285.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.284...v0.0.285)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-21 14:50:50 +00:00
Aayush Goel 6482848fa4 Merge branch 'Aayush-Goel-04/Issue#322' of https://github.com/Aayush-Goel-04/capa into Aayush-Goel-04/Issue#322 2023-08-20 00:39:50 +05:30