gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity
2,453 Commits 45 Branches 48 Tags
ecabd557a7cfd16369595a080cb651bb57ba4c9a
Commit Graph

46 Commits

Author SHA1 Message Date
Willi Ballenthin
ecabd557a7 *: remove /x32 and /x64 flavors from number and offset features 2022-04-05 10:35:41 -06:00
William Ballenthin
2d68fb2536 pep8 2021-11-10 12:51:27 -07:00
William Ballenthin
845df282ef tests: split out match tests and validate alternative algorithms 2021-11-10 12:44:58 -07:00
William Ballenthin
3b4cb47597 pep8 2021-08-24 11:45:48 -06:00
William Ballenthin
f55e758d47 tests: rules: demonstrate substring with description 2021-08-24 11:45:24 -06:00
William Ballenthin
6989e8b8cf rules: add substring feature 
closes #737
 2021-08-24 11:35:01 -06:00
William Ballenthin
8e689c39f4 features: add Arch feature at global scope 2021-08-16 17:06:56 -06:00
William Ballenthin
ab1326f858 features: move OS and Format to their own features, not characteristics 2021-08-16 16:28:26 -06:00
William Ballenthin
f013815b2a features: rename legacy term arch to bitness 
makes space for upcoming feature `arch: ` for things like i386/amd64/aarch64
 2021-08-16 12:21:25 -06:00
William Ballenthin
753b003107 pep8 2021-08-11 09:23:41 -06:00
William Ballenthin
97092c91db tests: assert absence of the wrong os/format 2021-08-11 09:13:56 -06:00
William Ballenthin
06f8943bc4 features: add format/pe and format/elf characteristics 2021-08-11 09:10:04 -06:00
William Ballenthin
a1eca58d7a features: support characteristic(os/*) features 2021-08-11 08:40:40 -06:00
William Ballenthin
527e993bb4 engine: remove dependency on rules, fixing circular import 2021-06-09 22:30:43 -06:00
William Ballenthin
ac59e50b5f move capa/features/__init__.py logic to common.py 
also cleanup imports across the board,
thanks to pylance.
 2021-06-09 22:20:53 -06:00
Moritz Raabe
94089ff43f parse att&ck for output doc 2021-06-02 10:37:19 +02:00
Willi Ballenthin
bd63ded1dd file scope API features (#568) 
* smda: minor unrelated fixes

* file features: extract API features at file scope for library functions

closes #567

* changelog

* ida: add file-scope API feature

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>

* fix lints from pylance

* features: use "function-name" for recognized linked functions

* pep8

* pep8

* rules: remove incorrect feature scope

* tests: xfail SMDA tests relying on function id

* tests: fixtures: order tests by sample, ideally improving memory usage

* pep8

* pep8

* smda: xfail two more tests

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>
 2021-05-27 12:59:00 -06:00
William Ballenthin
ec5cec619d rules: add tests demonstrating mnemonic descriptions 2021-05-18 13:35:24 -06:00
mike-hunhoff
49d1af7798 improve unit tests for strings containing special characters 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2021-03-24 13:22:18 -06:00
mike-hunhoff
d44fd008ae improve unit tests for strings containing special characters 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2021-03-24 13:22:04 -06:00
Michael Hunhoff
21359da766 updating test for strings with special characaters 2021-03-23 16:02:47 -06:00
Michael Hunhoff
c7d24ee290 adding support for string features with special characters e.g. '\n' 2021-03-10 13:56:54 -07:00
Moritz Raabe
7b64425c24 update doc and test case 2021-01-28 08:18:23 +01:00
Moritz Raabe
1cb9ed9c01 addressing final comments 2020-09-25 18:38:46 +02:00
Moritz Raabe
4691302a78 parse descriptions for statements 2020-09-24 15:35:30 +02:00
Moritz Raabe
34e7991081 black 20.8b1 updates 2020-08-27 11:26:28 +02:00
Michael Hunhoff
dc8870861b fixes 249 2020-08-26 16:31:07 -06:00
William Ballenthin
d3dad3a66a rules: fix bug in string counting 
closes #241
 2020-08-16 21:38:13 -06:00
Ana María Martínez Gómez
adaac03d1d extractor: remove characteristic(switch) 
Get rid of the `characteristic(switch)` feature as any of our rules use
it and its analysis is not very easy. Analysis results most likely
differ across backends, leading to inconsistency.
 2020-08-13 16:47:01 +02:00
William Ballenthin
b81b5e5993 rules: add support for arch flavors of Number and Offset features 
closes #210
 2020-08-03 16:28:47 -06:00
Ana María Martínez Gómez
61818bbe04 tests: Test statement nodes descriptions 
Add statement descriptions to `test_rule_yaml_descriptions` to ensure
rules with statement descriptions are parsed and extracted correctly.
 2020-07-28 15:58:55 +02:00
William Ballenthin
baeea5b6ec *: update license header to reference Apache 2.0 
closes #173
 2020-07-22 15:05:24 -06:00
Ana María Martínez Gómez
78dae308c2 Add test for RegExp descriptions 
Now that RegExp are a feature, ensure that descriptions are working.
 2020-07-15 22:37:38 +02:00
William Ballenthin
3faf175da7 *: add license header 
closes #144
 2020-07-15 14:14:53 -06:00
Moritz Raabe
8b5f58bf31 ensure string feature values are strings, tests 2020-07-02 23:44:39 +02:00
William Ballenthin
1188103d1c pep8: isort 2020-07-02 10:52:05 -06:00
William Ballenthin
c185e9ef09 pep8: black 2020-07-02 10:32:26 -06:00
William Ballenthin
db2b1caeae Merge branch 'master' into fmt-black 2020-07-02 10:25:24 -06:00
Ana María Martínez Gómez
152129cc25 Add tests for description feature 
Test if the parsing of feature succeeds with every time of description.
 2020-07-02 16:50:28 +02:00
Ana María Martínez Gómez
64124c0b64 Remove True from Characteristic rules and output 
Get rid of `True` in characteristic (rules, output and json) as it is
implicit. This way, the same syntax is used for characteristic as for
the rest of the features.

Co-authored-by: William Ballenthin <william.ballenthin@fireeye.com>
 2020-07-02 16:50:15 +02:00
William Ballenthin
d23ef48bb6 pep8 2020-07-01 12:33:13 -06:00
William Ballenthin
e2296f0f40 Merge branch 'master' of github.com:fireeye/capa into match-namespaces 2020-06-30 00:18:44 -06:00
Moritz Raabe
5cee0d9b80 add lint negative numbers and cleanup tests 2020-06-30 22:17:42 +02:00
William Ballenthin
3d0bd64e1b engine, rules: support matching namespaces, not just rule names 
closes #37
 2020-06-29 05:54:56 -06:00
Ana María Martínez Gómez
7e1e9e6618 Get rid of the Element class 
The `Element` class is just used for testing. By using `Element` we are
not testing the actual code. Also, every time we implement a new feature
for the `Feature` class, we need to implement it for `Element` as well.
Replace `Element` by `Integer`.
 2020-06-24 18:05:52 +02:00
William Ballenthin
add3537447 import source files, forgetting about 938 prior commits 2020-06-18 09:13:19 -06:00