fix lints

features: add BinExport2 declarations
2025-12-06 12:51:03 -08:00 · 2024-06-10 14:49:03 -06:00 · 2024-06-10 14:48:36 -06:00
2 changed files with 17 additions and 10 deletions
--- a/capa/features/common.py
+++ b/capa/features/common.py
@@ -409,9 +409,10 @@ class Bytes(Feature):
 # other candidates here: https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#machine-types
 ARCH_I386 = "i386"
 ARCH_AMD64 = "amd64"
+ARCH_AARCH64 = "aarch64"
 # dotnet
 ARCH_ANY = "any"
-VALID_ARCH = (ARCH_I386, ARCH_AMD64, ARCH_ANY)
+VALID_ARCH = (ARCH_I386, ARCH_AMD64, ARCH_ANY, ARCH_AARCH64)


 class Arch(Feature):
@@ -459,6 +460,7 @@ VALID_FORMAT = (FORMAT_PE, FORMAT_ELF, FORMAT_DOTNET)
 FORMAT_AUTO = "auto"
 FORMAT_SC32 = "sc32"
 FORMAT_SC64 = "sc64"
+FORMAT_BINEXPORT2 = "binexport2"
 FORMAT_CAPE = "cape"
 FORMAT_FREEZE = "freeze"
 FORMAT_RESULT = "result"
@@ -470,6 +472,7 @@ STATIC_FORMATS = {
    FORMAT_DOTNET,
    FORMAT_FREEZE,
    FORMAT_RESULT,
+    FORMAT_BINEXPORT2,
 }
 DYNAMIC_FORMATS = {
    FORMAT_CAPE,
--- a/capa/helpers.py
+++ b/capa/helpers.py
@@ -26,11 +26,13 @@ from capa.features.common import (
    FORMAT_DOTNET,
    FORMAT_FREEZE,
    FORMAT_UNKNOWN,
+    FORMAT_BINEXPORT2,
    Format,
 )

 EXTENSIONS_SHELLCODE_32 = ("sc32", "raw32")
 EXTENSIONS_SHELLCODE_64 = ("sc64", "raw64")
+EXTENSIONS_BINEXPORT2 = ("BinExport", "BinExport2")
 EXTENSIONS_DYNAMIC = ("json", "json_", "json.gz")
 EXTENSIONS_ELF = "elf_"
 EXTENSIONS_FREEZE = "frz"
@@ -105,15 +107,8 @@ def get_format_from_extension(sample: Path) -> str:
        format_ = get_format_from_report(sample)
    elif sample.name.endswith(EXTENSIONS_FREEZE):
        format_ = FORMAT_FREEZE
-    return format_
-
-
-def get_auto_format(path: Path) -> str:
-    format_ = get_format(path)
-    if format_ == FORMAT_UNKNOWN:
-        format_ = get_format_from_extension(path)
-    if format_ == FORMAT_UNKNOWN:
-        raise UnsupportedFormatError()
+    elif sample.name.endswith(EXTENSIONS_BINEXPORT2):
+        format_ = FORMAT_BINEXPORT2
    return format_


@@ -136,6 +131,15 @@ def get_format(sample: Path) -> str:
    return FORMAT_UNKNOWN


+def get_auto_format(path: Path) -> str:
+    format_ = get_format(path)
+    if format_ == FORMAT_UNKNOWN:
+        format_ = get_format_from_extension(path)
+    if format_ == FORMAT_UNKNOWN:
+        raise UnsupportedFormatError()
+    return format_
+
+
@contextlib.contextmanager
 def redirecting_print_to_tqdm(disable_progress):
    """
Author	SHA1	Message	Date
Mike Hunhoff	fb72e5e8fd	fix lints	2024-06-10 14:49:03 -06:00
Willi Ballenthin	89ebfe6b0c	features: add BinExport2 declarations	2024-06-10 14:48:36 -06:00