Skip to content

Commit

Permalink
address comments from code review
Browse files Browse the repository at this point in the history
  • Loading branch information
mr-tz committed Oct 17, 2023
1 parent 26460a8 commit 0ade462
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 10 deletions.
1 change: 1 addition & 0 deletions capa/features/extractors/cape/extractor.py
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ def from_report(cls, report: Dict) -> "CapeExtractor":
if cr.info.version not in TESTED_VERSIONS:
logger.warning("CAPE version '%s' not tested/supported yet", cr.info.version)

# observed in 2.4-CAPE reports from capesandbox.com
if cr.static is None and cr.target.file.pe is not None:
cr.static = Static()
cr.static.pe = cr.target.file.pe
Expand Down
6 changes: 2 additions & 4 deletions capa/features/extractors/cape/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -205,11 +205,9 @@ class PE(ExactModel):
guest_signers: Signer


# TODO
# target.file.dotnet,
# target.file.extracted_files,
# target.file.extracted_files_tool,
# TODO(mr-tz): target.file.dotnet, target.file.extracted_files, target.file.extracted_files_tool,
# target.file.extracted_files_time
# https://github.com/mandiant/capa/issues/1814
class File(FlexibleModel):
type: str
cape_type_code: Optional[int] = None
Expand Down
4 changes: 2 additions & 2 deletions capa/helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ def log_unsupported_format_error():

def log_unsupported_cape_report_error(error: str):
logger.error("-" * 80)
logger.error(f" Input file is not a valid CAPE report: {error}")
logger.error("Input file is not a valid CAPE report: %s", error)
logger.error(" ")
logger.error(" capa currently only supports analyzing standard CAPE json reports.")
logger.error(
Expand All @@ -161,7 +161,7 @@ def log_unsupported_cape_report_error(error: str):

def log_empty_cape_report_error(error: str):
logger.error("-" * 80)
logger.error(f" CAPE report is empty or only contains little useful data: {error}")
logger.error(" CAPE report is empty or only contains little useful data: %s", error)
logger.error(" ")
logger.error(" Please make sure the sandbox run captures useful behaviour of your sample.")
logger.error("-" * 80)
Expand Down
10 changes: 6 additions & 4 deletions capa/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -906,9 +906,10 @@ def get_rules(
# rule_file_paths[i] corresponds to rule_contents[i].
rule_contents = [file_path.read_bytes() for file_path in rule_file_paths]

ruleset = capa.rules.cache.load_cached_ruleset(cache_dir, rule_contents)
if ruleset is not None:
return ruleset
# TODO enable cache once fixes
# ruleset = capa.rules.cache.load_cached_ruleset(cache_dir, rule_contents)
# if ruleset is not None:
# return ruleset

rules: List[Rule] = []

Expand Down Expand Up @@ -1573,8 +1574,9 @@ def main(argv: Optional[List[str]] = None):

should_save_workspace = os.environ.get("CAPA_SAVE_WORKSPACE") not in ("0", "no", "NO", "n", None)

# TODO this should be wrapped and refactored as it's tedious to update everywhere
# TODO(mr-tz): this should be wrapped and refactored as it's tedious to update everywhere
# see same code and show-features above examples
# https://github.com/mandiant/capa/issues/1813
try:
extractor = get_extractor(
args.sample,
Expand Down

0 comments on commit 0ade462

Please sign in to comment.