gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-08 03:11:05 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,796 Commits 41 Branches 48 Tags
722ee2f3d05460538de322b016a4724643f4e789
Commit Graph

3796 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yacine Elhamer
722ee2f3d0 remove redundant print 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-07-10 12:54:15 +01:00
Yacine Elhamer
e5f5d542d0 replace ppid and pid fields with process in thread address 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-07-10 12:53:27 +01:00
Yacine Elhamer
1ac64aca10 feature freeze: fix Addres.from_capa() not returning bug 2023-07-10 12:44:27 +01:00
Yacine Elhamer
78054eea5a update changelog 2023-07-10 12:18:16 +01:00
Yacine Elhamer
ff63b0ff1a rename test_freeze.py to test_static_freeze.py 2023-07-10 12:15:38 +01:00
Yacine Elhamer
e2e367f091 update tests 2023-07-10 12:15:06 +01:00
Yacine Elhamer
5aa1a1afc7 initial commit: add ProcessAddress and ThreadAddress 2023-07-10 12:14:53 +01:00
Moritz
e140fba5df enhance various dynamic-related functions (#1590) 
* enhance various dynamic-related functions

* test_cape_features(): update API(NtQueryValueKey) feature count to 7

---------

Co-authored-by: Yacine Elhamer <elhamer.yacine@gmail.com>
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-07-07 13:59:12 +02:00
Willi Ballenthin
670faf1d1d Merge pull request #1576 from yelhamer/process-scope 2023-06-28 16:34:15 +02:00
Yacine Elhamer
659163a93c thread scope: fix feature inheritance error 2023-06-28 14:52:00 +01:00
Yacine Elhamer
2b163edc0e add thread scope 2023-06-28 13:08:11 +01:00
Yacine Elhamer
0d38f85db7 process scope: add MatchedRule feature 2023-06-28 11:27:08 +01:00
Willi Ballenthin
1dc2825a75 Merge pull request #1577 from mandiant/master 
sync dynamic-feature-extraction
 2023-06-28 11:16:01 +02:00
Willi Ballenthin
630e2d23c9 Merge pull request #1569 from yelhamer/static-extractor 
add a StaticFeatureExtractor class
 2023-06-28 11:13:46 +02:00
Yacine Elhamer
c73187e7d4 Update capa/rules/__init__.py 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-28 10:08:29 +01:00
Capa Bot
4548303a0c Sync capa rules submodule 2023-06-28 06:25:24 +00:00
Yacine Elhamer
e18afe5d1e Merge branch 'dynamic-feature-extraction' into process-scope 2023-06-28 01:46:39 +01:00
Yacine Elhamer
7534e3f739 update changelog 2023-06-28 01:41:13 +01:00
Yacine Elhamer
0e01d91cec update changelog 2023-06-28 01:39:11 +01:00
Yacine Elhamer
06aea6b97c fix mypy and codestyle issues 2023-06-27 11:32:21 +01:00
Yacine Elhamer
a99ff813cb DynamicFeatureExtractor: remove get_base_address() method 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-27 11:22:35 +01:00
Yacine Elhamer
92734416a6 update base_extractor.py example 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-27 11:20:41 +01:00
Yacine Elhamer
2f32d4fe49 Update base_extractor.py with review comments 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-27 11:20:02 +01:00
Willi Ballenthin
81d35eb645 Merge branch 'dynamic-feature-extraction' into static-extractor 2023-06-27 09:42:16 +02:00
Willi Ballenthin
ac24ac2507 Merge pull request #1566 from yelhamer/dynamic-show-features 
integrate the CAPE extractor with the show-features.py script
 2023-06-27 09:37:27 +02:00
Willi Ballenthin
39bb4ed842 Merge pull request #1570 from mandiant/dependabot/pip/ruff-0.0.275 
build(deps-dev): bump ruff from 0.0.270 to 0.0.275
 2023-06-27 09:34:23 +02:00
dependabot[bot]
8edeb0e6e8 build(deps-dev): bump ruff from 0.0.270 to 0.0.275 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.270 to 0.0.275.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.270...v0.0.275)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-27 07:33:03 +00:00
Willi Ballenthin
e3b58eac67 Merge pull request #1573 from mandiant/dependabot/pip/mypy-1.4.1 
build(deps-dev): bump mypy from 1.3.0 to 1.4.1
 2023-06-27 09:32:25 +02:00
Willi Ballenthin
8b23a86d2e Merge branch 'master' into dependabot/pip/mypy-1.4.1 2023-06-27 09:32:14 +02:00
Willi Ballenthin
d95acc9734 Merge pull request #1574 from mandiant/dependabot/pip/pytest-7.4.0 
build(deps-dev): bump pytest from 7.3.1 to 7.4.0
 2023-06-27 09:32:03 +02:00
Yacine Elhamer
b172f9a354 FeatureExtractor alias: fix mypy typing issues by adding ininstance-based assert statements 2023-06-26 22:46:27 +01:00
Yacine Elhamer
63e4d3d5eb fix TypeAlias importing: import from typing_extensions to support Python 3.9 and lower 2023-06-26 21:14:17 +01:00
Yacine Elhamer
c74c8871f8 scripts: add type-related assert statements 2023-06-26 21:06:35 +01:00
Yacine Elhamer
3f5d08aedb base_extractor.py: add TypeAlias keyword, use union instead of bar operator, add an extract_file_features() and extract_global_features() methods 2023-06-26 20:57:51 +01:00
Yacine Elhamer
ddcb299834 main.py: address review suggestions (using elif for type casts, renaming to find_static_capabilities()) 2023-06-26 20:53:41 +01:00
Yacine Elhamer
a9f70dd1e5 main.py: update extractor type casting 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-26 20:01:30 +01:00
dependabot[bot]
7c72b56a4e build(deps-dev): bump pytest from 7.3.1 to 7.4.0 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to 7.4.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.3.1...7.4.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-26 14:58:39 +00:00
dependabot[bot]
8429d6b8e2 build(deps-dev): bump mypy from 1.3.0 to 1.4.1 
Bumps [mypy](https://github.com/python/mypy) from 1.3.0 to 1.4.1.
- [Commits](https://github.com/python/mypy/compare/v1.3.0...v1.4.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-26 14:58:26 +00:00
Yacine Elhamer
aff0c6b49b show-featurex.py: bugfix in ida_main() 2023-06-26 09:41:14 +01:00
Yacine Elhamer
417bb42ac8 show_features.py: rename show_{function,process}_features to show_{static,dynamic}_features.py 2023-06-26 09:16:59 +01:00
Yacine Elhamer
040ed4fa57 get_format_from_report(): use strings instead of literals 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-26 09:05:20 +01:00
Yacine Elhamer
94fc7b4e9a FeatureExtractor alias: add type casts to either StaticFeatureExtractor or DynamicFeatureExtractor 2023-06-26 01:23:01 +01:00
Yacine Elhamer
172e7a7649 update changelog 2023-06-25 23:03:13 +01:00
Yacine Elhamer
37ed138dcf base_extractor(): add a StaticFeatureExtractor and DynamicFeatureExtractor base classes, as well as a FeatureExtractor type alias 2023-06-25 22:57:39 +01:00
Yacine Elhamer
5f6aade92b get_format_from_report(): fix bugs and add a list of dynamic formats 2023-06-25 00:54:55 +01:00
Yacine Elhamer
0c62a5736e add support for determining the format of a sandbox report 2023-06-24 23:51:12 +01:00
Capa Bot
a92d91e82a Sync capa rules submodule 2023-06-24 08:21:24 +00:00
Yacine Elhamer
f1406c1ffd scripts/show-features.py: prefix {static,dynamic}_analysis() functions' name with 'print_' 2023-06-23 13:58:34 +01:00
Yacine Elhamer
1cdc3e5232 fix codestyle 2023-06-23 13:48:49 +01:00
Yacine Elhamer
bd9870254e Apply suggestions from code review: use EXTENSIONS_CAPE, and ident 'thread' by one more space 2023-06-23 13:31:35 +01:00