Willi Ballenthin
9164713dd9
Merge branch 'dotnet-main' of github.com:mandiant/capa into feature-981
2022-04-08 12:17:16 -06:00
Willi Ballenthin
bfb01e3729
extractor: viv: use handles throughout
2022-04-08 11:54:27 -06:00
Willi Ballenthin
fc1709ba6c
extractor: add types throughout
2022-04-08 11:53:42 -06:00
Willi Ballenthin
1b79aae836
extractor: introduce standardized handles for function, bb, insn
2022-04-08 11:46:07 -06:00
Willi Ballenthin
6355fb3f3e
add Address abstraction to handle various ways of identifing things in files
2022-04-08 11:44:24 -06:00
Moritz
c8a772d19a
test: update dotnet dirs and sync master ( #984 )
2022-04-08 09:34:22 -06:00
Moritz
65552575f8
Update dotnet-main ( #979 )
...
* Sync capa rules submodule
* Sync capa-testfiles submodule
* Sync capa rules submodule
* changelog
* *: remove /x32 and /x64 flavors from number and offset features
* *: remove more references to /x32 and /x64
* linter: accept instruction scope
* rules: fix max operand index (4)
* API: better support A/W functions
* vverbose: show lib rule matches
* main: accept multiple paths to rules
* main: fix removal of default rules path
* lint: fix rules path
* changelog
* capa_as_library: fix rules path is list now
* main: better handle multiple rules paths
* main: bail if python 3.6 or below
closes #964
* ida: readme: remove python 3.6 support
* capa2yara: fix rules paths
* render: meta: display rule paths on separate lines
closes #971
* render: verbose: add doc
* verbose: make rule path multiline more concise
* vverbose: don't show examples in output
closes #970
* vverbose: render subscope name, like "basic block:"
closes #963
* build(deps-dev): bump pytest from 7.0.1 to 7.1.1
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 7.0.1 to 7.1.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases )
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.1.1 )
---
updated-dependencies:
- dependency-name: pytest
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* ci: build: update pip and setuptools
* ci: build: bump pyinstall to v4.10
* Sync capa rules submodule
* Dotnet mixed mode detect (#969 )
* feat: start dotnet detection (#955 )
* feat: start dotnet detection
* Apply suggestions from code review
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* refactor: dn instead of dotnet
* refactor: format branches, extractor reorg
* refactor: format selection and dotnet detect
* feat: get format, arch, os
* refactor: log errors and exceptions
* ci: also test and build for dotnet-main dev
* fix: import path
* fix: circular dep
* fix: remove buf argument
feat: get runtime meta data
* fix: log unsupported runtime error
* fix: type ignore
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* fix: imports and add tests
* feat: detect mixed mode and tests
* feat: start dotnet detection (#955 )
* feat: start dotnet detection
* Apply suggestions from code review
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* refactor: dn instead of dotnet
* refactor: format branches, extractor reorg
* refactor: format selection and dotnet detect
* feat: get format, arch, os
* refactor: log errors and exceptions
* ci: also test and build for dotnet-main dev
* fix: import path
* fix: circular dep
* fix: remove buf argument
feat: get runtime meta data
* fix: log unsupported runtime error
* fix: type ignore
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* fix: imports and add tests
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* test: checkout submodules recursively
Co-authored-by: Capa Bot <capa-dev@mandiant.com >
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-07 17:45:29 +02:00
Moritz Raabe
97e76a88e3
fix: imports and add tests
2022-04-06 17:30:51 +02:00
Moritz
b5be876e61
feat: start dotnet detection ( #955 )
...
* feat: start dotnet detection
* Apply suggestions from code review
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* refactor: dn instead of dotnet
* refactor: format branches, extractor reorg
* refactor: format selection and dotnet detect
* feat: get format, arch, os
* refactor: log errors and exceptions
* ci: also test and build for dotnet-main dev
* fix: import path
* fix: circular dep
* fix: remove buf argument
feat: get runtime meta data
* fix: log unsupported runtime error
* fix: type ignore
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
2022-04-06 11:33:14 +02:00
Willi Ballenthin
de312d87dc
Merge pull request #960 from mandiant/feature-py37
...
upgrade min python version to 3.7
2022-04-05 10:36:33 -06:00
Willi Ballenthin
0617b87f36
ci: no longer test against py3.6
2022-04-05 10:19:09 -06:00
Willi Ballenthin
715ac64ae6
changelog
2022-04-05 10:19:04 -06:00
Willi Ballenthin
78c0afe006
setup: min python version is now 3.7
2022-04-05 10:18:55 -06:00
Willi Ballenthin
df03932f89
gitignore
2022-04-04 16:54:51 -06:00
Willi Ballenthin
b2b4471851
Merge pull request #930 from mandiant/feature-insn-scope
...
feature: instruction scope
2022-04-04 16:42:56 -06:00
Willi Ballenthin
5ffb73c5f5
ida: insn: extract operand number and offset features
2022-04-04 15:13:43 -06:00
Willi Ballenthin
ef93fcc89e
tests: smda: xfail operand number/offset features
2022-04-04 12:05:15 -06:00
Willi Ballenthin
0af60d9a7e
freeze: fix mypy
2022-04-04 12:01:13 -06:00
Willi Ballenthin
750803c3cc
freeze: register operand features
2022-04-04 11:57:02 -06:00
Willi Ballenthin
b318b0a288
freeze: fix freeze_deserialize for features with multiple args
2022-04-04 11:56:47 -06:00
Willi Ballenthin
2989af0a3f
features: use ABC to denote abstract classes
2022-04-04 11:49:51 -06:00
Moritz
3f168772aa
Merge pull request #934 from mandiant/dependabot/pip/types-colorama-0.4.10
...
build(deps-dev): bump types-colorama from 0.4.9 to 0.4.10
2022-04-04 17:42:16 +02:00
Moritz
2ba25f096d
Merge pull request #935 from mandiant/dependabot/pip/types-requests-2.27.16
...
build(deps-dev): bump types-requests from 2.27.15 to 2.27.16
2022-04-04 17:42:02 +02:00
Moritz
6d35e19571
Merge pull request #933 from mandiant/dependabot/pip/tqdm-4.64.0
...
build(deps): bump tqdm from 4.63.1 to 4.64.0
2022-04-04 17:41:56 +02:00
dependabot[bot]
0d9583f7e7
build(deps-dev): bump types-requests from 2.27.15 to 2.27.16
...
Bumps [types-requests](https://github.com/python/typeshed ) from 2.27.15 to 2.27.16.
- [Release notes](https://github.com/python/typeshed/releases )
- [Commits](https://github.com/python/typeshed/commits )
---
updated-dependencies:
- dependency-name: types-requests
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-04-04 14:12:27 +00:00
dependabot[bot]
fe6b18135c
build(deps-dev): bump types-colorama from 0.4.9 to 0.4.10
...
Bumps [types-colorama](https://github.com/python/typeshed ) from 0.4.9 to 0.4.10.
- [Release notes](https://github.com/python/typeshed/releases )
- [Commits](https://github.com/python/typeshed/commits )
---
updated-dependencies:
- dependency-name: types-colorama
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-04-04 14:12:24 +00:00
dependabot[bot]
e89fe57def
build(deps): bump tqdm from 4.63.1 to 4.64.0
...
Bumps [tqdm](https://github.com/tqdm/tqdm ) from 4.63.1 to 4.64.0.
- [Release notes](https://github.com/tqdm/tqdm/releases )
- [Commits](https://github.com/tqdm/tqdm/compare/v4.63.1...v4.64.0 )
---
updated-dependencies:
- dependency-name: tqdm
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-04-04 14:12:21 +00:00
Willi Ballenthin
85b1d50945
isort
2022-03-31 10:40:48 -06:00
Willi Ballenthin
856443319c
viv: insn: fix OperandNumber reference
2022-03-31 10:39:18 -06:00
Willi Ballenthin
9da4ff10da
*: rename OperandImmediate to OperandNumber
2022-03-31 10:37:06 -06:00
Willi Ballenthin
76831e9b9d
changelog
2022-03-30 13:20:51 -06:00
Willi Ballenthin
997daf537e
viv: insn: extract OperandOffset and OperandImmediate
2022-03-30 13:14:08 -06:00
Willi Ballenthin
c7aadca25c
tests: demonstrate OperandOffset and OperandImmediate
2022-03-30 13:13:50 -06:00
Willi Ballenthin
6cbbd4d97f
rules: parse OperandOffset and OperandImmediate features
2022-03-30 13:13:30 -06:00
Willi Ballenthin
e4c5ec278d
features: insn: define OperandImmediate and OperandOffset
2022-03-30 13:13:07 -06:00
Willi Ballenthin
cce1e41519
formatting
2022-03-30 13:12:49 -06:00
Willi Ballenthin
b942050c4e
features: viv: factor out operand feature extraction
2022-03-30 09:58:08 -06:00
Willi Ballenthin
d8d671e36f
rules: add global scope features to file scope
2022-03-30 09:40:43 -06:00
Willi Ballenthin
49adb8de0c
pep8
2022-03-29 13:00:28 -06:00
Willi Ballenthin
fb6b60bee3
tests: add tests demonstrating instruction (sub)scope matching
2022-03-29 12:58:38 -06:00
Willi Ballenthin
e0fca277f2
rules: update valid features per scope
2022-03-29 12:58:27 -06:00
Willi Ballenthin
0effb5f8b0
changelog
2022-03-29 12:33:55 -06:00
Willi Ballenthin
1839746bf8
main: factor out matching at instruction scope
2022-03-29 12:29:54 -06:00
Willi Ballenthin
1a28c324f1
rules: doc
2022-03-29 12:26:39 -06:00
Willi Ballenthin
c1b28f58d0
rules: don't use global features to downselect rules
...
closes #931
2022-03-29 12:25:27 -06:00
Willi Ballenthin
565e4e0a2f
Merge branch 'feature-insn-scope' of github.com:mandiant/capa into feature-insn-scope
2022-03-29 11:52:45 -06:00
Willi Ballenthin
7487da89a1
Merge branch 'master' into feature-insn-scope
2022-03-29 11:51:14 -06:00
Willi Ballenthin
fe5d88585c
setup: bump black to 22.3.0 to fix CI
2022-03-29 11:40:34 -06:00
Willi Ballenthin
bd6e62e9bf
Update scripts/lint.py
...
Co-authored-by: Moritz <mr-tz@users.noreply.github.com >
2022-03-29 11:26:21 -06:00
Willi Ballenthin
b76930d2a3
main: split out basic block feature, match extraction
2022-03-28 13:47:53 -06:00
