gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-06 04:41:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,668 Commits 42 Branches 48 Tags
40203a0f8353c47a0d0f47a6bc3085b730eef970
Commit Graph

5668 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Willi Ballenthin
40203a0f83 Fix/tests in master (#2592) 2025-02-04 21:48:13 +01:00
Willi Ballenthin
5467fac1a5 Fix/lints in master (#2589) 
* requirements: fix yanked protobuf version

* binja: insn: fix lints
 2025-02-04 12:08:24 +01:00
Capa Bot
ced9516bb4 Sync capa rules submodule 2025-02-04 09:23:30 +00:00
vibhatsu
a8e8935212 Replace binascii and struct with native Python methods (#2582) 
* refactor: replace binascii with bytes for hex conversions

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor: replace struct unpacking with bytes conversion

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* simplify byte extraction for ELF header

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* Revert "refactor: replace struct unpacking with bytes conversion"

This reverts commit 483f8c9a85.

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-04 09:53:36 +01:00
dependabot[bot]
96f9e7cffc build(deps): bump black from 24.10.0 to 25.1.0 (#2586) 
Bumps [black](https://github.com/psf/black) from 24.10.0 to 25.1.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.10.0...25.1.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-04 09:52:14 +01:00
dependabot[bot]
ef6bff3267 build(deps): bump isort from 5.13.2 to 6.0.0 (#2585) 
Bumps [isort](https://github.com/pycqa/isort) from 5.13.2 to 6.0.0.
- [Release notes](https://github.com/pycqa/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pycqa/isort/compare/5.13.2...6.0.0)

---
updated-dependencies:
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-04 09:51:27 +01:00
Capa Bot
b6171cf96b Sync capa rules submodule 2025-02-04 08:32:52 +00:00
Capa Bot
38c813e063 Sync capa rules submodule 2025-02-03 18:55:40 +00:00
Willi Ballenthin
6d19226ee9 rules: scopes can now have subscope blocks with same scope (#2584) 2025-02-03 19:54:05 +01:00
Dhruva Kumar Kaushal
923e5e1130 use _yield from []_ to create empty generator when needed #2572 (#2581) 
* use _yield from []_ to create empty generator when needed #2572

* Update PR with fixes

* solved CI code style error

* Fixed formatting with black

* Fixed formatting with black

* code styles error

* code styles error

* code styles error

* code style error

* Update capa-rules submodule to master

* Similar changes to other files

---------

Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-03 16:25:59 +01:00
vibhatsu
cff8a6ac87 Feat/warn for dynamic dotnet (#2568) 
* add warning for dynamic dotnet samples

* format passing

* update CHANGELOG

* minor bug fix

* refactor: add static and dynamic limitation checks to capabilites

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor: rename file limitation checks to static limitation checks

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* reformatting

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor: separate static and dynamic limitation rule checks, remove comments

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* enhance capability handling with new Capabilities dataclass and update related functions

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor: reorganize limitation rule functions

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-03 11:48:02 +01:00
vibhatsu
2798d605bc add lint for duplicate feature under a statement (#2573) 
* add lint for duplicate feature under a statement

* add support for more scopes

* fix format for duplicate feature lint

* fix false positives for duplicate features lint

* remove unused code and comments

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor duplicate feature lint to use yaml parser

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* clarify for using rule definition

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor duplicate feature lint to improve key generation and tracking of line numbers

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>
 2025-01-31 10:05:53 +01:00
Capa Bot
91d0d8c212 Sync capa rules submodule 2025-01-29 17:55:01 +00:00
Willi Ballenthin
618a5fa2e5 pyproject: remove pytest-cov 
closes #2491
 2025-01-29 18:54:42 +01:00
Willi Ballenthin
712e35c6f7 feat: add lint to validate rule dependency scope compatibility 
closes #2124
 2025-01-29 18:53:30 +01:00
Capa Bot
83ec75c49d Sync capa rules submodule 2025-01-29 09:41:14 +00:00
Willi Ballenthin
990fd20757 update submodules 2025-01-29 02:25:06 -07:00
Willi Ballenthin
caae77dab6 vverbose: don't render full ppid/pid/tid in nested blocks, only callid 2025-01-29 02:25:06 -07:00
Willi Ballenthin
4f844533c5 vverbose: don't use plural "calls" when there's a single call 2025-01-29 02:25:06 -07:00
Willi Ballenthin
9a0c4f712d vverbose: fix rendering of span-of-calls summaries 
https://github.com/mandiant/capa/pull/2532#discussion_r1920711965

vverbose: fix collection of span-of-calls call match locations
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
cdc1cb7afd rename "sequence" scope to "span of calls" scope 
pep8

fix ref

update submodules

update testfiles submodule

duplicate variable
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
277504c7b7 changelog: add sequence scope 2025-01-29 02:25:06 -07:00
Willi Ballenthin
a1d46bc3c0 sequence: don't update feature locations in place 
pep8
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
e6bdcff5d9 sequence: better collect sequence-related addresses from Range statements 2025-01-29 02:25:06 -07:00
Willi Ballenthin
f55086c212 sequence: refactor into SequenceMatcher 
contains the call ids for all the calls within the sequence, so we know
where to look for related matched.

sequence: refactor SequenceMatcher

sequence: don't use sequence addresses

sequence: remove sequence address
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
39319c57a4 sequence: documentation and tests 
sequence: add more tests
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
86908c9025 sequence scope: optimize matching 2025-01-29 02:25:06 -07:00
Willi Ballenthin
294ff34a30 sequence: only match first overlapping sequence 
also, for repeating behavior, match only the first instance.
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
b06fea130c dynamic: add sequence scope 
addresses discussion in
https://github.com/mandiant/capa-rules/discussions/951

pep8

sequence: add test showing multiple sequences overlapping a single event
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
8d17319128 capabilities: use dataclasses to represent complicated return types 
foo
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
4896ff01d8 result: make copy of locations 
to ensure its not modified by reference after we expect it to be
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
8329abd3c8 rd: debugging helper formatting 2025-01-29 02:25:06 -07:00
Capa Bot
6eb55d2f39 Sync capa rules submodule 2025-01-28 11:54:46 +00:00
dependabot[bot]
c43e10cd25 build(deps-dev): bump vite from 5.4.6 to 5.4.14 in /web/explorer (#2569) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.6 to 5.4.14.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.14/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.14/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-01-28 10:11:42 +01:00
dependabot[bot]
6d336e962f build(deps): bump pip from 24.3.1 to 25.0 (#2576) 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/24.3.1...25.0)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-28 10:11:17 +01:00
dependabot[bot]
18d87b70d3 build(deps): bump deptry from 0.22.0 to 0.23.0 (#2575) 
Bumps [deptry](https://github.com/fpgmaas/deptry) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/fpgmaas/deptry/releases)
- [Changelog](https://github.com/fpgmaas/deptry/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fpgmaas/deptry/compare/0.22.0...0.23.0)

---
updated-dependencies:
- dependency-name: deptry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-28 10:10:48 +01:00
dependabot[bot]
5b53f5b6c5 build(deps): bump pre-commit from 4.0.1 to 4.1.0 (#2574) 
Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v4.0.1...v4.1.0)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-28 10:10:26 +01:00
Mike Hunhoff
160ce73a35 vmray: loosen file checks to enable processing of additional file types (#2571) 
* vmray: loosen file checks to enable addtional file types

* additional refactor to loosen file checks

* update CHANGELOG

* cleanup comments and small code refactor

* fix lints

* use NO_ADDRESS for submissions that don't have a base address

* update comments

* add test for ps1 trace
 2025-01-23 12:47:36 -07:00
Capa Bot
3702baf9a9 Sync capa-testfiles submodule 2025-01-23 18:36:54 +00:00
Colton Gabertan
de0a324117 Ghidra - Fix Security Cookie Check - #2071 (#2561) 
* fix nzxor security cookie check, fix imports for ghidra

* lint ghidra insn

* fix if statement

* re-organize logic for performance
 2025-01-22 13:35:26 -07:00
Capa Bot
1742b754c2 Sync capa rules submodule 2025-01-21 18:36:28 +00:00
Capa Bot
23cf2799ca Sync capa-testfiles submodule 2025-01-21 16:47:14 +00:00
dependabot[bot]
25d82a2a62 build(deps): bump setuptools from 75.6.0 to 75.8.0 (#2562) 2025-01-20 08:27:57 -07:00
dependabot[bot]
079a9e30b1 build(deps): bump deptry from 0.21.1 to 0.22.0 (#2563) 2025-01-20 08:27:37 -07:00
dependabot[bot]
127c217b5d build(deps): bump pygments from 2.18.0 to 2.19.1 (#2564) 2025-01-20 08:26:56 -07:00
dependabot[bot]
8c8d67c939 build(deps): bump viv-utils from 0.7.11 to 0.8.0 (#2565) 2025-01-20 08:26:37 -07:00
dependabot[bot]
c061ec5e2b build(deps): bump ruff from 0.8.0 to 0.9.2 (#2566) 2025-01-20 08:26:20 -07:00
Capa Bot
726c89794f Sync capa-testfiles submodule 2025-01-17 12:59:22 +00:00
dependabot[bot]
0a547cf0f0 build(deps): bump types-protobuf from 5.28.0.20240924 to 5.29.1.20241207 (#2534) 
Bumps [types-protobuf](https://github.com/python/typeshed) from 5.28.0.20240924 to 5.29.1.20241207.
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 02:02:08 -07:00
dependabot[bot]
e00672006f build(deps): bump six from 1.16.0 to 1.17.0 (#2533) 
Bumps [six](https://github.com/benjaminp/six) from 1.16.0 to 1.17.0.
- [Changelog](https://github.com/benjaminp/six/blob/main/CHANGES)
- [Commits](https://github.com/benjaminp/six/compare/1.16.0...1.17.0)

---
updated-dependencies:
- dependency-name: six
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 02:01:00 -07:00