gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-06-27 08:54:10 -07:00
Code Issues Packages Projects Releases Wiki Activity
635 Commits 54 Branches 49 Tags
6b8bce4f4247fc397dfd5ca29e693eb55639de92
Commit Graph

83 Commits

Author SHA1 Message Date
William Ballenthin 6b8bce4f42 tests: fixtures: factor out resolution of scope/sample 2020-08-14 12:34:00 -06:00
William Ballenthin 107a68628b tests: ida: attempt to use new framework (wip) 2020-08-14 12:22:59 -06:00
William Ballenthin 26c9811ba1 tests: viv: fix typo preventing some tests from running 2020-08-14 12:22:39 -06:00
William Ballenthin b784f086b4 tests: make fixtures more consistent in prep for other backends 2020-08-14 12:04:53 -06:00
William Ballenthin 8cbe3f8546 tests: move expected features into fixtures for reuse 
closes #225
 2020-08-14 11:25:00 -06:00
Ana María Martínez Gómez adaac03d1d extractor: remove characteristic(switch) 
Get rid of the `characteristic(switch)` feature as any of our rules use
it and its analysis is not very easy. Analysis results most likely
differ across backends, leading to inconsistency.
 2020-08-13 16:47:01 +02:00
Capa Bot e64277ed41 Sync capa-testfiles submodule 2020-08-12 23:26:45 +00:00
Willi Ballenthin 744b4915c9 Merge pull request #226 from fireeye/enhancement-223 
IDA: resolve nested data references to strings/bytes
 2020-08-12 09:05:11 -06:00
Capa Bot 15607d63ab Sync capa-testfiles submodule 2020-08-11 21:03:00 +00:00
Michael Hunhoff 70b4546c33 adding test for unmapped immediate data reference 2020-08-11 14:13:43 -06:00
Michael Hunhoff 791afd7ac8 adding code to emit number feature for unmapped immediate data reference 2020-08-11 14:12:41 -06:00
Michael Hunhoff 79d94144c6 adding IDA extractor code to resolve nested data references for string and bytes features 2020-08-11 08:44:44 -06:00
Capa Bot 7d62156a29 Sync capa-testfiles submodule 2020-08-11 07:12:56 +00:00
Capa Bot 23d31c3c2c Sync capa-testfiles submodule 2020-08-05 18:50:52 +00:00
William Ballenthin 4bb13d6075 tests: ida: fix offset arch test 2020-08-04 10:35:10 -06:00
William Ballenthin e74b80a318 extractors: ida: add helper method get_function 2020-08-04 10:32:24 -06:00
William Ballenthin e4acfd4852 merge 2020-08-04 09:48:26 -06:00
William Ballenthin f02412bcc5 tests: fix function address 2020-08-03 19:10:05 -06:00
William Ballenthin b09f29a996 features: viv: extract strings/bytes from nested pointers 
closes #200
 2020-08-03 17:35:29 -06:00
William Ballenthin b81b5e5993 rules: add support for arch flavors of Number and Offset features 
closes #210
 2020-08-03 16:28:47 -06:00
Capa Bot 9d069b11ba Sync capa-testfiles submodule 2020-08-03 16:04:03 +00:00
Capa Bot 52f9615d63 Sync capa-testfiles submodule 2020-07-31 21:17:04 +00:00
Capa Bot 6f689574d5 Sync capa-testfiles submodule 2020-07-31 15:43:08 +00:00
Capa Bot 96f207ca1f Sync capa-testfiles submodule 2020-07-29 21:13:21 +00:00
William Ballenthin c2bdeabeb8 submodule: testfiles update 2020-07-28 10:44:39 -06:00
Willi Ballenthin 137c0ca7f3 Merge pull request #209 from Ana06/statement-description 
Enable descriptions for statement nodes
 2020-07-28 10:02:07 -06:00
Capa Bot 01aa4755c5 Sync capa-testfiles submodule 2020-07-28 16:00:10 +00:00
Ana María Martínez Gómez 61818bbe04 tests: Test statement nodes descriptions 
Add statement descriptions to `test_rule_yaml_descriptions` to ensure
rules with statement descriptions are parsed and extracted correctly.
 2020-07-28 15:58:55 +02:00
Ana María Martínez Gómez a74ab922a3 Get rid of * for Statement 
They are not needed and complicate the code and make more difficult to
add more parameters to the initialization of Statements.

This produces many changes in the tests. The alternative would be to add
a parameter None in all of them, which are also a lot of changes.
 2020-07-28 14:20:13 +02:00
Capa Bot 261713d0d1 Sync capa-testfiles submodule 2020-07-27 21:05:14 +00:00
William Ballenthin 7236283b2f tests: ida: address comments 2020-07-25 11:40:04 -06:00
William Ballenthin 2fa2a98ae1 pep8 2020-07-25 10:26:57 -06:00
William Ballenthin 352d6f26fc tests: ida: ensure they all pass 
closes #202
 2020-07-25 10:10:25 -06:00
William Ballenthin 1a1caf76fa add test_ida_features 2020-07-25 01:41:23 -06:00
William Ballenthin c91f9a375e ida: parse offsets as signed numbers 
closes #197
 2020-07-25 00:58:44 -06:00
William Ballenthin 682bb14b99 submodule: testfiles update 2020-07-24 15:23:34 -06:00
William Ballenthin 12cff3599a submodule: testfiles update 2020-07-23 17:20:16 -06:00
Capa Bot 20673a3166 Sync capa-testfiles submodule 2020-07-23 17:27:15 +00:00
Capa Bot 662a750c71 Sync capa-testfiles submodule 2020-07-22 21:37:43 +00:00
William Ballenthin baeea5b6ec *: update license header to reference Apache 2.0 
closes #173
 2020-07-22 15:05:24 -06:00
Capa Bot c5626b695b Sync capa-testfiles submodule 2020-07-22 18:07:40 +00:00
Capa Bot f383181fed Sync capa-testfiles submodule 2020-07-17 17:34:44 +00:00
Ana María Martínez Gómez 07764fb31f Use isort 5 
Run `isort --profile black --length-sort --line-width 120 .`

Update documentation as well.
 2020-07-16 22:02:53 +02:00
William Ballenthin f1fa4e134a submodule: testfiles update 2020-07-15 19:11:39 -06:00
Ana María Martínez Gómez 78dae308c2 Add test for RegExp descriptions 
Now that RegExp are a feature, ensure that descriptions are working.
 2020-07-15 22:37:38 +02:00
William Ballenthin 3faf175da7 *: add license header 
closes #144
 2020-07-15 14:14:53 -06:00
William Ballenthin 61264bc500 submodule: update 2020-07-14 09:06:59 -06:00
William Ballenthin 867de57062 main: find_capabilities: extract feature counts per item, too 
closes #95
closes #96
 2020-07-03 10:12:03 -06:00
William Ballenthin 5317e1e11e feature extractor: null: add get_base_address() 
closes #88
 2020-07-03 09:32:37 -06:00
Michael Hunhoff d5a8c844db remove format changes added by black 2020-07-03 12:30:33 -06:00