`RuleMetadata.from_capa` used `rule.meta.get("capa/subscope", False)` and
`Field(False, alias="capa/subscope")`, but the actual key set by
`_extract_subscope_rules_rec` is `"capa/subscope-rule"`. This caused
`is_subscope_rule` to always be `False` in every `RuleMetadata` instance,
making downstream filters in `render/utils.py`, `render/vverbose.py`, and
`scripts/import-to-ida.py` ineffective (though subscope rules are already
excluded from `ResultDocument` before reaching those callers).
`Scopes.from_dict` was decorated with `@classmethod` but named its first
parameter `self` instead of `cls`, and hard-coded `Scopes(...)` in the
return statement instead of `cls(...)`. This meant any subclass calling
`SubScopes.from_dict(...)` would get a `Scopes` instance back rather than
a `SubScopes` instance.
Rename the parameter to `cls` and use it in the return statement so
that subclasses receive the correct type.
`functools.lru_cache` has been in the standard library since Python 3.2.
The project requires Python >=3.10, so the `except ImportError` branch
importing `backports.functools_lru_cache` can never execute.
Remove the try/except block and keep only the direct stdlib import.
Also remove `types-backports` from dev dependencies, `backports` from
`[tool.deptry.known_first_party]`, and `types-backports` from the
DEP002 ignore list in `pyproject.toml`.
`Result.__nonzero__` is the Python 2 boolean hook; Python 3 calls
`__bool__`, which is already defined immediately above it.
`__nonzero__` is never invoked at runtime in Python 3 and adds noise
that misleads readers into thinking it serves a purpose.
EXTENSIONS_ELF = "elf_" was defined but never used: get_format_from_extension
had branches for every other EXTENSIONS_* constant except ELF. Since .elf_
files are real test fixtures and a recognised input format, the fix is to add
the missing elif branch (and import FORMAT_ELF) rather than delete the
constant.
Closes#3031
* Update README with dynamic capa heading
Added a section heading for dynamic capabilities. Used lowercase to align with other headings.
* Update README.md
Added blank line before heading
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
- basicblock.py: fix real bug (/ -> // for integer division in get_printable_len); type: ignore for _dis_regctx (dynamically set)
- extractor.py: cast+assert for funcy.cached_property basic_blocks/instructions; type: ignore for get_function_name Address vs int
- file.py: assert pe/IMAGE_NT_HEADERS not None instead of type: ignore
- function.py: cast+assert for funcy.cached_property basic_blocks/instructions; type: ignore for getBranches() base return type
- insn.py: type hint derefs() as Iterator[int]; isinstance guard before derefs calls; import Elf + isinstance assert for parsedbin; cast for f.basic_blocks[0] and bb.instructions; type: ignore for dynamically-injected REG_* constants and getBranches()
- test_binexport_accessors.py: type: ignore on .expression accesses guarded by test assertions
- test_freeze_dynamic.py: assert isinstance DynamicFeatureExtractor before compare_extractors
- test_binja_features.py: type: ignore on binaryninja guarded by skipif decorator
- engine.py: type: ignore for children/replace_child hasattr-guarded subclass attrs
- result_document.py: type: ignore for Pydantic analysis field override and alias args
- render/proto/__init__.py: type: ignore on Pydantic alias argument lines
- rules/__init__.py: type: ignore on ensure_feature_valid_for_scopes StringFactory calls
- result_document.py: fix Scope|None by extracting scope var with assert
- elf.py: fix bug where vdso_guess except handler set symtab_guess=None
- result_document.py: add assert_never after StaticAnalysis/DynamicAnalysis
- binexport2/helpers.py: guard empty operand_expressions with early return
- tests/fixtures.py: restructure kernel32-64.dll_ workaround to single if/else
Willi Ballenthin