gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-15 06:13:33 -08:00
Code Issues Packages Projects Releases Wiki Activity
4,557 Commits 41 Branches 48 Tags
d5ae2ffd9148c41be71b9c4246e387a4c369d593
Commit Graph

778 Commits

Author SHA1 Message Date
Yacine Elhamer
96fb204d9d move capa.features.capabilities to capa.capabilities, and update scripts 2023-10-20 09:54:24 +02:00
Yacine Elhamer
37caeb2736 capabilities: add a test file for the new capabilities module, and move the corresponding tests from main to there 2023-10-19 10:54:53 +02:00
Yacine Elhamer
5c48f38208 capa/main.py: add a capabilities module and move all of the capability extraction there 2023-10-19 10:39:14 +02:00
Yacine
9609d63f8a Update tests/test_main.py 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-10-19 08:10:29 +02:00
Willi Ballenthin
1aac4a1a69 mypy 2023-10-17 14:42:58 +00:00
Willi Ballenthin
cb5fa36fc8 flake8 2023-10-17 11:44:48 +00:00
Willi Ballenthin
44d05f9498 dynamic: fix some tests 2023-10-17 11:41:40 +00:00
Willi Ballenthin
182a9868ca merge master 2023-10-17 10:32:25 +00:00
Capa Bot
40ba6679f0 Sync capa-testfiles submodule 2023-10-11 14:36:05 +00:00
Yacine Elhamer
953b2e82d2 rendering: several fixes and added types/classes 2023-10-11 11:52:16 +02:00
Willi Ballenthin
8a019aa360 Merge branch 'master' into test_binja_forwarded_export 2023-09-27 08:48:21 +02:00
Capa Bot
79cef0e783 Sync capa-testfiles submodule 2023-09-22 10:33:01 +00:00
Willi Ballenthin
09b54a86f0 Merge branch 'master' into test_binja_forwarded_export 2023-09-21 12:10:13 +02:00
Xusheng
55af6f052f binja: add support for symtab names. Fix #1504 2023-09-21 17:24:42 +08:00
Xusheng
d2d32f88ef binja: add support for forwarded exports 2023-09-21 15:32:55 +08:00
Xusheng
bc71c94171 binja: use binaryninja.load to open a binary 2023-09-21 09:51:01 +08:00
Xusheng
59d03b3ba3 binja: bump Binary Ninja version to 3.5 2023-09-20 21:00:04 +08:00
Capa Bot
d04ae5294e Sync capa-testfiles submodule 2023-09-13 14:50:29 +00:00
Yacine Elhamer
73c158ad68 point submodules towards the right branch 2023-08-30 11:42:43 +02:00
Yacine Elhamer
49adecb25c add yaml representer for the Scope class, as well as other bugfixes 2023-08-26 18:11:35 +02:00
Yacine Elhamer
e9a9b3a6b6 point the data file to the latest PR 2023-08-26 13:04:45 +02:00
Mike Hunhoff
65179805a7 add a Ghidra entry script users can invoke to run capa against a loaded Ghidra database (#1767) 
* enable use of Ghidra with show-features.py

* fix bug in is_supported_file_type

* fix bug in GhidraFeatureExtractor.get_function

* refactor get_insn_in_range

* add Ghidra entry script for users to more easily run capa against a loaded Ghidra database

* update CHANGELOG

* fixing lint

* fix fixtures import issue

* fix bug in is_supported_arch_type

* add check for supported arch type

* fix extract_embedded_pe performance
 2023-08-25 18:35:59 -07:00
Willi Ballenthin
a734358377 rules: use Scope enum instead of constants 2023-08-25 12:54:57 +00:00
Yacine Elhamer
f34b0355e7 test_result_document.py: re-enable result-document related tests 2023-08-25 10:56:12 +02:00
Yacine
d66f834e54 Update tests/test_scripts.py 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-24 13:48:32 +02:00
Yacine Elhamer
3574bd49bd Merge remote-tracking branch 'parentrepo/dynamic-feature-extraction' into fix-cape2fmt 2023-08-24 14:48:07 +02:00
Yacine Elhamer
46217a3acb test_main.py: remove unused pytest 2023-08-24 14:47:40 +02:00
Yacine Elhamer
9eb1255b29 cape2yara.py: update for use of scopes, and fix bug 2023-08-24 14:32:49 +02:00
Yacine Elhamer
7c101f01e5 test_binja.py: revert ruleset-related xfails 2023-08-24 13:36:53 +02:00
Yacine Elhamer
42689ef1da test_main.py: revert ruleset-related xfails 2023-08-24 13:30:22 +02:00
Colton Gabertan
19b8000c00 Ghidra: Fixes & Enhancements (#1733) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix dereference function

* fix ghidra state variables

* implement dereferencing for string extraction

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection

* fix number & offset extractors

* yield both signed & unsgned values for offset extraction

* add LEA insn handling to number & offset extraction

* fix indirect call extraction

* implement thunk function checking for dereferences

* revise ghidra feature count tests, pass unit testing

* fix feature test format

* implement additional support for dereferencing thunked functions

* integrate external locations into find_file_imports

* change api yield string for .elf samples to match other extractors

* fix potential NoneType errors during dereferencing

* user helper in global_

* fix GHIDRAIO class, implement in global_

* comment on getOriginalByte

* simplify get_file_imports

* implement explicit thunk chain handling

* simplify LEA number extraction

* simplify thunk handling

* temp: demonstrate CI failure & output

* fix log path

* run new test against mimikatz
 2023-08-23 14:35:18 -06:00
Yacine Elhamer
d1068991e3 test_rules_insn_scope.py: update rules missing the dynamic scope 2023-08-22 16:26:54 +02:00
Willi Ballenthin
4ab240e990 rules: add scope terms "unsupported" and "unspecified" 
closes #1744
 2023-08-22 12:58:06 +00:00
Colton Gabertan
058c1fefd2 ghidra: unit tests (#1727) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix ghidra state variables

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection
 2023-08-21 12:16:13 -06:00
Willi Ballenthin
8788a40d12 Merge branch 'dynamic-feature-extraction' into feat/cape-pydantic 2023-08-16 13:13:29 +02:00
Willi Ballenthin
4be1c89c5b cape: models: more data shapes 2023-08-16 09:50:13 +00:00
Willi Ballenthin
26539e68d9 cape: models: add tests 2023-08-16 08:57:54 +00:00
Willi Ballenthin
bb2b1824a9 Merge branch 'master' into dynamic-feature-extraction 2023-08-15 14:01:30 +02:00
Willi Ballenthin
59a129d6d6 cape: add pydantic model for v2.2 2023-08-15 11:54:15 +00:00
Willi Ballenthin
db40d9bc7a wip: add initial CAPE model 2023-08-15 11:41:11 +00:00
Yacine
d71ecc7a79 Update tests/test_ida_features.py 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-15 12:26:19 +02:00
Willi Ballenthin
827b4b29b4 test_rules: fix rule scoping logic 2023-08-15 09:21:49 +00:00
Willi Ballenthin
2a31b16567 merge 2023-08-15 08:56:41 +00:00
Willi Ballenthin
e6d64ef561 pydantic: remove use of deprecated routines 
closes #1718
 2023-08-15 08:41:56 +00:00
Willi Ballenthin
408c5076c6 tests: ida: don't collect tests as pytest tests 
closes #1719
 2023-08-15 08:26:59 +00:00
Willi Ballenthin
c001c883f7 Merge pull request #1714 from mandiant/fix/issue-1697-1 
rule scoping tweaks
 2023-08-15 10:16:01 +02:00
Willi Ballenthin
4978aa74e7 tests: temporarily xfail script test 
closes #1717
 2023-08-15 08:13:14 +00:00
Willi Ballenthin
8479bc2f1f Merge pull request #1720 from mandiant/fix/issue-1705 
elf: detect Android OS via note and dependencies
 2023-08-14 13:11:23 +02:00
Capa Bot
7c1522d84d Sync capa-testfiles submodule 2023-08-14 11:11:05 +00:00
Willi Ballenthin
e6cb3d3b3b os: detect Android via dependencies, too 2023-08-14 10:27:19 +00:00