* doc: add table comparing ways to consume capa output
Add a short table to usage.md for CLI, IDA, Ghidra, CAPE, and web.
Fixes#2273
* doc: add links to each option in the ways-to-consume table
Addresses reviewer feedback to provide a link to learn more for each
consumption method (IDA Pro, Ghidra, CAPE, Web/capa Explorer).
Refs #2273
* doc: add Binary Ninja to ways-to-consume table
Fixes#2273
* webui: show error when JSON does not follow expected schema
Validate result document has required fields (meta, meta.version,
meta.analysis, meta.analysis.layout, rules) after parse. Show
user-friendly error; for URL loads suggest reanalyzing (e.g. VT).
Fixes#2363
* webui: fix array validation bug and deduplicate VT suggestion string
- introduce isInvalidObject() helper (checks !v || typeof !== "object" || Array.isArray)
so that arrays are correctly rejected in schema validation
- extract VT_REANALYZE_SUGGESTION constant to eliminate the duplicated string
in loadRdoc()
Addresses review feedback on #2871
* webui: address review - validate feature_counts, hoist VT_REANALYZE_SUGGESTION
- Add validation for meta.analysis.feature_counts in validateRdocSchema()
so parseFunctionCapabilities and other consumers do not hit missing/invalid
feature_counts at runtime.
- Require feature_counts to have either 'functions' or 'processes' array
(static vs dynamic result documents).
- Move VT_REANALYZE_SUGGESTION to module top level to avoid redefining
on every loadRdoc call.
* webui: allow file-scoped-only result documents in schema validation
- Validation: allow feature_counts without functions/processes arrays; if
present they must be arrays.
- rdocParser: default feature_counts.functions to [] when missing so
file-scoped-only docs do not throw.
* webui: remove leading space from VT_REANALYZE_SUGGESTION constant
Per review feedback: the concatenation at call sites handles spacing,
so the constant should not carry a leading space.
* ida-explorer: fix TypeError when sorting mixed address types
When a feature has multiple locations and those locations contain a mix
of integer-based addresses (e.g. AbsoluteVirtualAddress) and non-integer
addresses (e.g. _NoAddress), calling sorted() raises a TypeError because
Python falls back to the reflected comparison (__gt__) which is not
defined on _NoAddress.
Add a sort key to sorted() that places integer-based addresses first
(sorted by value) and non-integer addresses last, avoiding the
cross-type comparison.
Fixes#2195
* ida-explorer: fix comparison at source so sorted(locations) works everywhere
Implement the gt solution per review: fix comparison for all addresses
so we can use sorted(locations) / sorted(addrs) consistently without
per-call-site sort keys.
- Add _NoAddress.__gt__ so mixed-type comparison works: (real_address <
NO_ADDRESS) invokes it and NoAddress sorts last. Avoids TypeError
when sorting AbsoluteVirtualAddress with _NoAddress.
- In ida/plugin/model.py, use sorted(locations) instead of a custom
key. view.py (lines 1054, 1077) already use sorted(); they now work
with mixed address types without change.
Fixes#2195
* changelog: move address sort fix to Bug Fixes section
Per maintainer feedback: fix applies beyond ida-explorer.
* webui: fix 404 for \"View rule in capa-rules\" links
The createCapaRulesUrl function was constructing URLs by lowercasing
the rule name and replacing spaces with hyphens, which produced URLs
like /rules/packaged-as-single-file-.net-application/ (404).
The capa-rules website uses the original rule name with URL encoding
(e.g. /rules/packaged%20as%20single-file%20.NET%20application/).
Use encodeURIComponent() on the rule name to produce correct URLs.
Fixes#2482
* refactor: extract baseUrl constant in createCapaRulesUrl per code review
* main: suggest --os flag when OS detection fails for ELF files
When capa cannot detect the target OS of an ELF file, it exits with an
error. Some ELF files lack the standard metadata capa uses for OS
detection (GNU ABI tag, OSABI field, library dependencies, etc.) even
though they do target a valid OS (e.g. a stripped Linux binary using
only raw syscalls).
Add a hint to the unsupported-OS error message telling users they can
specify the OS explicitly with the --os flag, matching the workaround
recommended in the issue.
Fixes#2577
Strings extracted from analyzed samples may contain bracket characters
that Rich interprets as markup (e.g. [/tag]). When these are embedded
directly in markup templates like f"[dim]{s}", Rich raises a
MarkupError if the brackets form an invalid tag.
Use rich.markup.escape() to sanitize all user-controlled strings before
embedding them in Rich markup templates in bold(), bold2(), mute(), and
warn().
Fixes#2699
Catch envi.exc.SegmentationViolation raised by vivisect when processing
malformed ELF files with invalid relocations and convert it to a
CorruptFile exception with a descriptive message.
Closes#2794
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
* Add msgpack group in dependabot.yml
Add msgpack group in dependabot.yml
* Change to make a vivisect group
Change to make a vivisect group
* Update dependabot.yml
