* main: suggest --os flag when OS detection fails for ELF files
When capa cannot detect the target OS of an ELF file, it exits with an
error. Some ELF files lack the standard metadata capa uses for OS
detection (GNU ABI tag, OSABI field, library dependencies, etc.) even
though they do target a valid OS (e.g. a stripped Linux binary using
only raw syscalls).
Add a hint to the unsupported-OS error message telling users they can
specify the OS explicitly with the --os flag, matching the workaround
recommended in the issue.
Fixes#2577
Strings extracted from analyzed samples may contain bracket characters
that Rich interprets as markup (e.g. [/tag]). When these are embedded
directly in markup templates like f"[dim]{s}", Rich raises a
MarkupError if the brackets form an invalid tag.
Use rich.markup.escape() to sanitize all user-controlled strings before
embedding them in Rich markup templates in bold(), bold2(), mute(), and
warn().
Fixes#2699
Catch envi.exc.SegmentationViolation raised by vivisect when processing
malformed ELF files with invalid relocations and convert it to a
CorruptFile exception with a descriptive message.
Closes#2794
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
* loader: gracefully handle ELF files with unsupported architectures
When analyzing ELF files with unsupported architectures (e.g., ARM64 variant),
vivisect raises a generic Exception with message 'Unsupported Architecture: %d'.
This was not caught by existing error handlers, causing capa to crash with an
unfriendly error message.
This change adds exception handling to detect the 'Unsupported Architecture'
error message and convert it to a user-friendly CorruptFile exception,
following the same pattern as the existing 'Couldn't convert rva' handler.
The architecture number is extracted from the exception args and included
in the error message to help users understand what went wrong.
closes#2793
* loader: address review feedback for PR #2800
- Add e.args check to prevent IndexError when accessing exception arguments
- Use error_msg variable instead of directly accessing e.args[0]
- Update CHANGELOG to reference PR #2800 instead of issue #2793
Addresses feedback from @mike-hunhoff and gemini-code-assist bot
* chore: move unsupported architecture bug fix to master (unreleased) section
* ida: add Qt compatibility layer for PyQt5 and PySide6
Introduce a new module `qt_compat.py` providing a unified import
interface and API compatibility for Qt modules. It handles differences between
PyQt5 (used in IDA <9.2) and PySide6 (used in IDA >=9.2). Update all
plugin modules to import Qt components via this compatibility layer
instead of directly importing from PyQt5. This enhances plugin
compatibility across different IDA versions.
thanks @mike-hunhoff!
changelog
* qt_compat: use __all__ rather than noqa
---------
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
