gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-05 11:26:31 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
4978aa74e7f11af445ca14cc8b4eb57bf2d208bd
capa/capa/render/utils.py
Willi Ballenthin c86ab51210 fix copyright headers everywhere
2023-07-13 05:03:33 +02:00

63 lines
2.0 KiB
Python
Raw Blame History

# Copyright (C) 2023 Mandiant, Inc. All Rights Reserved.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at: [package root]/LICENSE.txt
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and limitations under the License.
import io
from typing import Union, Iterator
import termcolor
import capa.render.result_document as rd
def bold(s: str) -> str:
"""draw attention to the given string"""
return termcolor.colored(s, "cyan")
def bold2(s: str) -> str:
"""draw attention to the given string, within a `bold` section"""
return termcolor.colored(s, "green")
def warn(s: str) -> str:
return termcolor.colored(s, "yellow")
def format_parts_id(data: Union[rd.AttackSpec, rd.MBCSpec]):
"""
format canonical representation of ATT&CK/MBC parts and ID
"""
return f"{'::'.join(data.parts)} [{data.id}]"
def capability_rules(doc: rd.ResultDocument) -> Iterator[rd.RuleMatches]:
"""enumerate the rules in (namespace, name) order that are 'capability' rules (not lib/subscope/disposition/etc)."""
for _, _, rule in sorted((rule.meta.namespace or "", rule.meta.name, rule) for rule in doc.rules.values()):
if rule.meta.lib:
continue
if rule.meta.is_subscope_rule:
continue
if rule.meta.maec.analysis_conclusion:
continue
if rule.meta.maec.analysis_conclusion_ov:
continue
if rule.meta.maec.malware_family:
continue
if rule.meta.maec.malware_category:
continue
if rule.meta.maec.malware_category_ov:
continue
yield rule
class StringIO(io.StringIO):
def writeln(self, s):
self.write(s)
self.write("\n")
Reference in New Issue View Git Blame Copy Permalink