gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-08 03:11:05 -08:00
Code Issues Packages Projects Releases Wiki Activity
2,705 Commits 41 Branches 48 Tags
246ef58e7bd98e581534db2c4b8405b7db1bfc80
Commit Graph

395 Commits

Author SHA1 Message Date
Willi Ballenthin
246ef58e7b tests: fix render test for ATT&CK metadata 2022-06-20 14:24:01 -06:00
William Ballenthin
c417b5dd79 merge master 2022-06-14 17:05:46 -06:00
Willi Ballenthin
3103307601 tests: fix reference error 2022-06-10 14:58:26 -06:00
Capa Bot
c653dd7e72 Sync capa-testfiles submodule 2022-06-10 20:48:49 +00:00
Willi Ballenthin
1c771da848 pep8 2022-06-10 14:47:23 -06:00
William Ballenthin
c3418fddb5 tests: json: fix address representation 2022-06-08 13:29:04 -06:00
William Ballenthin
faf414e3d8 tests: add more dotnet tests 2022-06-08 13:28:53 -06:00
Willi Ballenthin
0987141970 tests: add tests demonstrating rending of .NET samples 2022-06-06 15:13:20 -06:00
Willi Ballenthin
c73db051c1 fixtures: add path to extractors 2022-06-06 15:13:11 -06:00
Willi Ballenthin
1a290a38c4 Merge branch 'master' into feature-981 2022-06-06 14:07:51 -06:00
Moritz
d8e68255a0 Merge pull request #1044 from mandiant/fix/rules-meta-authors 
fix!: authors instead of author
 2022-06-01 14:12:31 +02:00
Capa Bot
781ec74310 Sync capa-testfiles submodule 2022-06-01 12:12:01 +00:00
Moritz Raabe
1df60186f0 fix!: authors instead of author 2022-05-31 23:05:13 +02:00
Mike Hunhoff
3514d5c05c dotnet: support file/function scope class and namespace features (#1030) 2022-05-26 11:19:31 -06:00
Willi Ballenthin
3879e33cce freeze: model each features separately 2022-05-25 17:12:02 -06:00
Willi Ballenthin
6b633efdba freeze: fix schema to support overlapping functions 2022-05-25 15:28:02 -06:00
Willi Ballenthin
adb425aeb3 freeze: use pydantic for (de)serialization 
also, move null extractor to its own namespace
 2022-05-25 15:09:31 -06:00
Willi Ballenthin
b35fe6cdb2 json, render: work with and serialize addresses 2022-05-24 13:52:56 -06:00
Willi Ballenthin
d728869690 freeze: mypy and pep8 2022-05-24 13:52:40 -06:00
Willi Ballenthin
6b6dd70110 freeze: use address abstraction 2022-05-24 12:30:06 -06:00
Willi Ballenthin
314ad4ea4d Merge pull request #1028 from mandiant/fix-988 
elf: better detect Linux OS
 2022-05-23 11:29:13 -06:00
Moritz Raabe
b2853cc56b feat: update dnfile tests and extractor 2022-05-12 18:37:02 +02:00
Moritz Raabe
716a73dfb4 feat: add handles and type annotations 2022-05-12 15:42:25 +02:00
Capa Bot
cded1d3125 Sync capa-testfiles submodule 2022-05-12 06:35:04 +00:00
Willi Ballenthin
78e9280a93 Merge branch 'master' into feature-981 2022-05-11 13:20:48 -06:00
Willi Ballenthin
07e35780d3 Merge branch 'master' into fix-988 2022-05-11 13:10:45 -06:00
Willi Ballenthin
521cbf9104 pep8 2022-05-11 13:10:08 -06:00
Willi Ballenthin
a6427364e0 tests: add test demonstrating elf OS detection 2022-05-11 13:09:12 -06:00
Mike Hunhoff
0d849142ba dotnet: emit mixed mode characteristic (#1024) 2022-05-06 14:32:06 -06:00
Mike Hunhoff
6fb9dd961a dotnet: emit unmanaged call characteristic (#1023) 2022-05-06 13:05:48 -06:00
Mike Hunhoff
a9c9b3cea8 dotnet: extract file function names (#1015) 2022-05-06 08:34:50 -06:00
Mike Hunhoff
24c4215820 dotnet: add file string parsing (#1012) 2022-05-05 13:39:29 -06:00
Willi Ballenthin
808b7fb4dc dnfile: fix types 2022-04-08 18:33:12 -06:00
Willi Ballenthin
ed1009096d Merge branch 'master' of github.com:mandiant/capa into feature-981 2022-04-08 16:01:59 -06:00
Mike Hunhoff
580a2d7e45 dotnet: basic detection and feature extraction (#987) 2022-04-08 14:55:00 -06:00
Moritz
c8a772d19a test: update dotnet dirs and sync master (#984) 2022-04-08 09:34:22 -06:00
Capa Bot
5bc44aef0f Sync capa-testfiles submodule 2022-04-08 10:34:02 +00:00
Willi Ballenthin
8a2276f398 smda: implement operand number/offset features 
cause its not too hard
 2022-04-07 12:48:25 -06:00
Moritz
65552575f8 Update dotnet-main (#979) 
* Sync capa rules submodule

* Sync capa-testfiles submodule

* Sync capa rules submodule

* changelog

* *: remove /x32 and /x64 flavors from number and offset features

* *: remove more references to /x32 and /x64

* linter: accept instruction scope

* rules: fix max operand index (4)

* API: better support A/W functions

* vverbose: show lib rule matches

* main: accept multiple paths to rules

* main: fix removal of default rules path

* lint: fix rules path

* changelog

* capa_as_library: fix rules path is list now

* main: better handle multiple rules paths

* main: bail if python 3.6 or below

closes #964

* ida: readme: remove python 3.6 support

* capa2yara: fix rules paths

* render: meta: display rule paths on separate lines

closes #971

* render: verbose: add doc

* verbose: make rule path multiline more concise

* vverbose: don't show examples in output

closes #970

* vverbose: render subscope name, like "basic block:"

closes #963

* build(deps-dev): bump pytest from 7.0.1 to 7.1.1

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.1 to 7.1.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.1.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* ci: build: update pip and setuptools

* ci: build: bump pyinstall to v4.10

* Sync capa rules submodule

* Dotnet mixed mode detect (#969)

* feat: start dotnet detection (#955)

* feat: start dotnet detection

* Apply suggestions from code review

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* refactor: dn instead of dotnet

* refactor: format branches, extractor reorg

* refactor: format selection and dotnet detect

* feat: get format, arch, os

* refactor: log errors and exceptions

* ci: also test and build for dotnet-main dev

* fix: import path

* fix: circular dep

* fix: remove buf argument
feat: get runtime meta data

* fix: log unsupported runtime error

* fix: type ignore

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* fix: imports and add tests

* feat: detect mixed mode and tests

* feat: start dotnet detection (#955)

* feat: start dotnet detection

* Apply suggestions from code review

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* refactor: dn instead of dotnet

* refactor: format branches, extractor reorg

* refactor: format selection and dotnet detect

* feat: get format, arch, os

* refactor: log errors and exceptions

* ci: also test and build for dotnet-main dev

* fix: import path

* fix: circular dep

* fix: remove buf argument
feat: get runtime meta data

* fix: log unsupported runtime error

* fix: type ignore

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* fix: imports and add tests

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* test: checkout submodules recursively

Co-authored-by: Capa Bot <capa-dev@mandiant.com>
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-07 17:45:29 +02:00
Willi Ballenthin
1c7b6bcf7d fixtures: use function that IDA doesn't recognize as lib func 2022-04-06 15:07:35 -06:00
Willi Ballenthin
b843cef986 tests: add tests for #320 2022-04-06 14:38:56 -06:00
Willi Ballenthin
0e95691cde tests: fixtures: enable assertions against instruction scope 2022-04-06 14:38:33 -06:00
Willi Ballenthin
55a5d10859 Merge pull request #961 from mandiant/feature-remove-flavors 
remove /x32 and /x64 flavors of number and offset features
 2022-04-06 12:57:18 -06:00
Capa Bot
633d8df1a4 Sync capa-testfiles submodule 2022-04-06 17:21:09 +00:00
Moritz Raabe
97e76a88e3 fix: imports and add tests 2022-04-06 17:30:51 +02:00
Moritz
b5be876e61 feat: start dotnet detection (#955) 
* feat: start dotnet detection

* Apply suggestions from code review

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* refactor: dn instead of dotnet

* refactor: format branches, extractor reorg

* refactor: format selection and dotnet detect

* feat: get format, arch, os

* refactor: log errors and exceptions

* ci: also test and build for dotnet-main dev

* fix: import path

* fix: circular dep

* fix: remove buf argument
feat: get runtime meta data

* fix: log unsupported runtime error

* fix: type ignore

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2022-04-06 11:33:14 +02:00
Willi Ballenthin
aee61b35e4 *: remove more references to /x32 and /x64 2022-04-05 10:41:03 -06:00
Willi Ballenthin
ecabd557a7 *: remove /x32 and /x64 flavors from number and offset features 2022-04-05 10:35:41 -06:00
Willi Ballenthin
ef93fcc89e tests: smda: xfail operand number/offset features 2022-04-04 12:05:15 -06:00
Willi Ballenthin
9da4ff10da *: rename OperandImmediate to OperandNumber 2022-03-31 10:37:06 -06:00