c134af2304
Formatting fix
2026-05-28 13:34:48 +00:00
7f458f1844
updated Changelog (RVA deprecation)
2026-05-28 13:23:28 +00:00
61c24ebcbb
RelativeVirtualAddress deprecation warning
2026-05-28 13:09:53 +00:00
3eada453e5
Merge pull request #3065 from mandiant/dependabot/npm_and_yarn/web/explorer/postcss-8.5.12
...
build(deps): bump postcss from 8.5.3 to 8.5.12 in /web/explorer
2026-05-26 12:01:16 +02:00
88ba8f77ae
Sync capa rules submodule
2026-05-22 14:14:51 +00:00
c619ef51f6
Sync capa rules submodule
2026-05-22 11:42:31 +00:00
9ac688b8c3
build(deps-dev): bump js-cookie from 3.0.5 to 3.0.7 in /web/explorer ( #3086 )
...
Bumps [js-cookie](https://github.com/js-cookie/js-cookie ) from 3.0.5 to 3.0.7.
- [Release notes](https://github.com/js-cookie/js-cookie/releases )
- [Commits](https://github.com/js-cookie/js-cookie/compare/v3.0.5...v3.0.7 )
---
updated-dependencies:
- dependency-name: js-cookie
dependency-version: 3.0.7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-22 09:36:06 +02:00
d17bc6e14c
build(deps-dev): bump js-cookie from 3.0.5 to 3.0.7 in /web/explorer
...
Bumps [js-cookie](https://github.com/js-cookie/js-cookie ) from 3.0.5 to 3.0.7.
- [Release notes](https://github.com/js-cookie/js-cookie/releases )
- [Commits](https://github.com/js-cookie/js-cookie/compare/v3.0.5...v3.0.7 )
---
updated-dependencies:
- dependency-name: js-cookie
dependency-version: 3.0.7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-21 21:24:12 +00:00
7e00d2882e
Sync capa rules submodule
2026-05-21 07:02:20 +00:00
54da63ef2b
Sync capa-testfiles submodule
2026-05-20 18:37:49 +00:00
7fea0cebcb
Sync capa-testfiles submodule
2026-05-20 10:08:27 +00:00
0f1e0a28f5
Sync capa-testfiles submodule
2026-05-20 09:13:46 +00:00
c4e272ae75
Sync capa rules submodule
2026-05-20 09:08:30 +00:00
49bf8315cd
Sync capa-testfiles submodule
2026-05-20 08:23:02 +00:00
8572bd63e9
Sync capa-testfiles submodule
2026-05-20 08:10:43 +00:00
d9014d055e
Sync capa-testfiles submodule
2026-05-20 07:49:30 +00:00
1fd598e259
Sync capa rules submodule
2026-05-20 07:09:28 +00:00
2ed20e42ba
build(deps): bump pyghidra from 3.0.0 to 3.1.0 ( #3081 )
...
Bumps [pyghidra](https://github.com/NationalSecurityAgency/ghidra ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/NationalSecurityAgency/ghidra/releases )
- [Commits](https://github.com/NationalSecurityAgency/ghidra/commits )
---
updated-dependencies:
- dependency-name: pyghidra
dependency-version: 3.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 09:53:19 -06:00
a98fd8240e
fix duplicate rule candidate evaluation in optimized matching engine ( #3080 )
...
* fix duplicate rule candidate evaluation in optimized matching engine
* update CHANGELOG
* update comments
2026-05-18 17:40:55 -06:00
ced180ddbc
perf: optimize all_zeros using fast bytes comparison ( #3078 )
...
* perf: optimize all_zeros using fast bytes comparison
2026-05-18 10:20:10 +02:00
db0e1536ce
incorrect bytes() constructor usage in buf_filled_with ( #3077 )
2026-05-16 13:14:24 +02:00
bbe050437b
remove redundant code related to cli loading ( #3076 )
...
* remove unnecessary os_ argument from capa.loader.collect_metadata
* remove redundant limitation check in main.py
* update CHANGELOG
* Update CHANGELOG.md
2026-05-15 15:20:46 -06:00
7e06ba0ffe
Sync capa rules submodule
2026-05-15 19:12:21 +00:00
d889085aad
Sync capa rules submodule
2026-05-15 18:22:47 +00:00
cb5f56a02c
Sync capa rules submodule
2026-05-15 14:06:20 +00:00
5e8d8ac994
Sync capa rules submodule
2026-05-15 10:32:59 +00:00
8acb79ab7b
build(deps-dev): bump mypy from 1.20.0 to 2.1.0 ( #3070 )
...
* build(deps-dev): bump mypy from 1.20.0 to 2.1.0
Bumps [mypy](https://github.com/python/mypy ) from 1.20.0 to 2.1.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.20.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: mypy
dependency-version: 2.1.0
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix mypy lints
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com >
2026-05-13 15:05:51 -06:00
4618822884
Sync capa-testfiles submodule
2026-05-13 17:50:02 +00:00
f9973d71be
build(deps): bump markdown-it-py from 4.0.0 to 4.2.0 ( #3071 )
...
Bumps [markdown-it-py](https://github.com/executablebooks/markdown-it-py ) from 4.0.0 to 4.2.0.
- [Release notes](https://github.com/executablebooks/markdown-it-py/releases )
- [Changelog](https://github.com/executablebooks/markdown-it-py/blob/master/CHANGELOG.md )
- [Commits](https://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.2.0 )
---
updated-dependencies:
- dependency-name: markdown-it-py
dependency-version: 4.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-13 11:28:45 -06:00
dba405912d
build(deps-dev): bump pytest from 9.0.2 to 9.0.3 ( #3064 )
...
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 9.0.2 to 9.0.3.
- [Release notes](https://github.com/pytest-dev/pytest/releases )
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3 )
---
updated-dependencies:
- dependency-name: pytest
dependency-version: 9.0.3
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com >
2026-05-13 11:26:51 -06:00
237a9bd995
build(deps-dev): bump build from 1.4.0 to 1.5.0 ( #3067 )
...
Bumps [build](https://github.com/pypa/build ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/pypa/build/releases )
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/build/compare/1.4.0...1.5.0 )
---
updated-dependencies:
- dependency-name: build
dependency-version: 1.5.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 14:04:25 -06:00
2f35d9cd2a
build(deps-dev): bump mypy-protobuf from 5.0.0 to 5.1.0 ( #3068 )
...
Bumps [mypy-protobuf](https://github.com/nipunn1313/mypy-protobuf ) from 5.0.0 to 5.1.0.
- [Changelog](https://github.com/nipunn1313/mypy-protobuf/blob/main/CHANGELOG.md )
- [Commits](https://github.com/nipunn1313/mypy-protobuf/compare/v5.0.0...v5.1.0 )
---
updated-dependencies:
- dependency-name: mypy-protobuf
dependency-version: 5.1.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 14:02:59 -06:00
61adf156ee
tests: xfail a few known Ghidra analysis failures
2026-05-11 11:14:28 +02:00
a1ff01bc44
fix: Windows path reference in main
2026-05-11 11:14:28 +02:00
2cd07666bf
changelog
2026-05-11 11:14:28 +02:00
a82f4aea88
bump submodules
2026-05-11 11:14:28 +02:00
9ba497f6f7
idalib: remove custom idalib loading
2026-05-11 11:14:28 +02:00
b5f81e30f0
tests: add negative substring feature test fixture
2026-05-11 11:14:28 +02:00
eb258c719f
tests: cleanup tests and fixtures
2026-05-11 11:14:28 +02:00
2604c91668
fix: lints
2026-05-11 11:14:28 +02:00
3e2c017dfd
tests: ida: better handle stale databases and concurrent access
2026-05-11 11:14:28 +02:00
018e5b45e5
tests: cleanup tests and fixtures
2026-05-11 11:14:28 +02:00
745cb037d4
rules: parse operand features
2026-05-11 11:14:28 +02:00
251a4e285f
tests: consolidate feature test fixtures and runners
2026-05-11 11:14:28 +02:00
9fd4f8dd74
tests: migrate to data-driven fixtures
2026-05-11 11:14:28 +02:00
65573944d7
rules: introduce helper to parse features from parts
2026-05-11 11:14:28 +02:00
5a60f3a0f8
fix: register all data-ref addresses for imports in Ghidra helpers
...
The original code stored only one IAT address per import (addr=0 fallback
on master, addr=first with break in prior fix). When an import has multiple
data references, instruction-level lookups could miss the one actually
referenced, breaking API feature extraction and causing spurious
cross-section-flow characteristics.
Collect all data-ref addresses into a list and register the import under
each, matching how map_fake_import_addrs already stores all refs. Also
preserves ex_loc registration when no data refs exist.
2026-05-08 17:58:07 +02:00
99b3cfe096
fix: use singular get_segment_at API in binja file string extractor
2026-05-08 17:58:07 +02:00
a28fcce72b
fix: linter tests needing placeholder rule sets to function
2026-05-08 17:58:07 +02:00
5ca6c3e35b
gitignore: script test temp files
2026-05-08 17:58:07 +02:00
Ange Albertini