gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-05 01:07:25 -08:00
Code Issues Packages Projects Releases Wiki Activity
4,284 Commits 41 Branches 48 Tags
59a129d6d65ffe9fe083d3192135b6159ee6b30e
Commit Graph

4284 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Willi Ballenthin
59a129d6d6 cape: add pydantic model for v2.2 2023-08-15 11:54:15 +00:00
Willi Ballenthin
db40d9bc7a wip: add initial CAPE model 2023-08-15 11:41:11 +00:00
Willi Ballenthin
827b4b29b4 test_rules: fix rule scoping logic 2023-08-15 09:21:49 +00:00
Willi Ballenthin
2a31b16567 merge 2023-08-15 08:56:41 +00:00
Willi Ballenthin
c001c883f7 Merge pull request #1714 from mandiant/fix/issue-1697-1 
rule scoping tweaks
 2023-08-15 10:16:01 +02:00
Willi Ballenthin
476c7ff749 main: provide encoding to open 
fixes flake8 warning
 2023-08-15 08:13:22 +00:00
Willi Ballenthin
4978aa74e7 tests: temporarily xfail script test 
closes #1717
 2023-08-15 08:13:14 +00:00
Yacine Elhamer
4411911664 Merge remote-tracking branch 'parentrepo/dynamic-feature-extraction' into fix/issue-1697-1 2023-08-15 09:57:13 +02:00
Yacine
0e1ce21488 Merge pull request #1715 from mandiant/fix/issue-1710 
fix rendering of scope in vverbose mode
 2023-08-15 09:51:53 +02:00
Yacine
88aa17fa7b Merge pull request #1716 from mandiant/fix/issue-1697-2 
remove dynamic return address concept
 2023-08-15 08:55:12 +02:00
Willi Ballenthin
3169ee28e9 Merge pull request #1721 from mandiant/fix/issue-1704 
elf: fix parsing of symtab from viv data
 2023-08-14 17:13:50 +02:00
Willi Ballenthin
d648fdf6c0 Merge pull request #1713 from mandiant/fix/issue-1711 
record and show the analysis flavor
 2023-08-14 16:44:42 +02:00
Willi Ballenthin
3b9f5114ce Merge pull request #1722 from mandiant/dependabot/pip/mypy-1.5.0 
build(deps-dev): bump mypy from 1.4.1 to 1.5.0
 2023-08-14 16:43:57 +02:00
dependabot[bot]
623fc270c1 build(deps-dev): bump mypy from 1.4.1 to 1.5.0 
Bumps [mypy](https://github.com/python/mypy) from 1.4.1 to 1.5.0.
- [Commits](https://github.com/python/mypy/compare/v1.4.1...v1.5.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-14 14:43:40 +00:00
Willi Ballenthin
1199fb94d4 Merge pull request #1723 from mandiant/dependabot/pip/tqdm-4.66.1 
build(deps-dev): bump tqdm from 4.65.0 to 4.66.1
 2023-08-14 16:43:18 +02:00
Willi Ballenthin
26fdbbd442 Merge pull request #1725 from mandiant/dependabot/pip/ruff-0.0.284 
build(deps-dev): bump ruff from 0.0.282 to 0.0.284
 2023-08-14 16:42:26 +02:00
Willi Ballenthin
737fab7969 elf: use equality not bit masking 2023-08-14 16:40:45 +02:00
dependabot[bot]
f6ee465a0a build(deps-dev): bump ruff from 0.0.282 to 0.0.284 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.282 to 0.0.284.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.282...v0.0.284)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-14 14:16:45 +00:00
dependabot[bot]
82f352f719 build(deps-dev): bump tqdm from 4.65.0 to 4.66.1 
Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.65.0 to 4.66.1.
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](https://github.com/tqdm/tqdm/compare/v4.65.0...v4.66.1)

---
updated-dependencies:
- dependency-name: tqdm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-14 14:16:16 +00:00
Yacine Elhamer
846bd62817 Merge remote-tracking branch 'parentrepo/dynamic-feature-extraction' into fix/issue-1711 2023-08-14 16:05:20 +02:00
Yacine
84cddc70fd Merge pull request #1709 from mandiant/fix/issue-1702 
fix rendering of call and return addresses
 2023-08-14 16:00:16 +03:00
Willi Ballenthin
2dc5295c0c Merge branch 'master' into fix/issue-1704 2023-08-14 13:15:23 +02:00
Willi Ballenthin
8479bc2f1f Merge pull request #1720 from mandiant/fix/issue-1705 
elf: detect Android OS via note and dependencies
 2023-08-14 13:11:23 +02:00
Capa Bot
7c1522d84d Sync capa-testfiles submodule 2023-08-14 11:11:05 +00:00
Willi Ballenthin
9afe19a096 changelog 2023-08-14 11:10:06 +00:00
Willi Ballenthin
bd5c65d22c elf: fix parsing of symtab from viv 
closes #1704
 2023-08-14 11:08:19 +00:00
Willi Ballenthin
e6cb3d3b3b os: detect Android via dependencies, too 2023-08-14 10:27:19 +00:00
Willi Ballenthin
18058beb0a changelog 2023-08-14 10:20:30 +00:00
Willi Ballenthin
8003547414 elf: detect Android OS via note 
closes #1705
 2023-08-14 10:13:42 +00:00
Yacine
2a83f1fc23 Merge pull request #1708 from mandiant/fix/issue-1707 
tests: create workspaces only during tests, not import
 2023-08-14 12:24:02 +03:00
Yacine Elhamer
751231b730 fixtures.py: fix the path of '0000a567' in get_data_path_by_name() method 2023-08-14 12:37:15 +03:00
Willi Ballenthin
c6d400bcf3 address: remove dynamic return address concept, as its unused today 2023-08-11 11:18:54 +00:00
Willi Ballenthin
fd1cd05b99 vverbose: render relevant scope at top of match tree 
closes #1710
 2023-08-11 10:59:44 +00:00
Willi Ballenthin
8202e9e921 main: don't use analysis flavor to filter rules 
im worried this will interact poorly with our rule cache,
unless we add more handling there, which needs more testing.
so, since the filtering likely has only a small impact on performance,
revert the rule filtering changes for simplicity.
 2023-08-11 10:36:59 +00:00
Willi Ballenthin
3c069a6784 rules: don't change passed-in argument 
make a local copy of the scopes dict
 2023-08-11 10:35:40 +00:00
Willi Ballenthin
e100a63cc8 rules: use set instead of tuple, add doc 
since the primary operation is `contain()`,
set is more appropriate than tuple.
 2023-08-11 10:34:41 +00:00
Willi Ballenthin
3057b5fb9d render: show analysis flavor 
closes #1711
 2023-08-11 09:49:13 +00:00
Willi Ballenthin
c91dc71e75 result document: wire analysis flavor through metadata 
ref #1711
 2023-08-11 09:33:30 +00:00
Willi Ballenthin
f48e4a8ad8 render: verbose: render dynamic call return address 2023-08-11 09:07:11 +00:00
Willi Ballenthin
dafbefb325 render: verbose: render call address 
closes #1702
 2023-08-11 09:02:29 +00:00
Willi Ballenthin
6de23a9748 tests: main: demonstrate CAPE analysis (and bug #1702) 2023-08-11 08:56:06 +00:00
Willi Ballenthin
1cf33e4343 tests: create workspaces only during tests, not import 
closes #1707
 2023-08-11 08:38:06 +00:00
Willi Ballenthin
34db63171f sync submodule testfiles 2023-08-11 08:36:29 +00:00
Capa Bot
ec93ca5b21 Sync capa rules submodule 2023-08-11 07:07:57 +00:00
Willi Ballenthin
19495f69d7 freeze: pydantic v2 fixes 2023-08-10 13:29:52 +00:00
Willi Ballenthin
c1fbb27d73 Merge branch 'master' into dynamic-feature-extraction 2023-08-10 13:21:49 +00:00
Willi Ballenthin
3cf748a135 vverbose: render both scopes nicely 2023-08-10 11:39:56 +02:00
Willi Ballenthin
85b58d041b process: simplify string enumeration loop 2023-08-10 11:38:43 +02:00
Willi Ballenthin
ae9d773e04 add TODO for typing.TypeAlias 2023-08-10 11:37:50 +02:00
Willi Ballenthin
582bb7c897 docstrings: improve wording 2023-08-10 11:36:51 +02:00