Skip to content

Commit

Permalink
dynamic: fix some tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@williballenthin
williballenthin committed Oct 17, 2023
1 parent bf233c1 commit 44d05f9
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 17 deletions.
1 change: 1 addition & 0 deletions capa/features/freeze/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -658,6 +658,7 @@ def main(argv=None):
parser.add_argument("output", type=str, help="Path to output file")
args = parser.parse_args(args=argv)
capa.main.handle_common_args(args)
capa.main.handle_signatures_arg(args)

sigpaths = capa.main.get_signatures(args.signatures)

Expand Down
3 changes: 0 additions & 3 deletions capa/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1556,9 +1556,6 @@ def main(argv: Optional[List[str]] = None):
# and use those for extracting.

try:
if format_ not in DYNAMIC_FORMATS:
# signatures are loaded only for static anaylsis
handle_signatures_arg(args)
if format_ == FORMAT_PE:
sig_paths = get_signatures(args.signatures)
else:
Expand Down
3 changes: 2 additions & 1 deletion capa/rules/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -931,12 +931,13 @@ def evaluate(self, features: FeatureSet, short_circuit=True):
def from_dict(cls, d: Dict[str, Any], definition: str) -> "Rule":
meta = d["rule"]["meta"]
name = meta["name"]

# if scope is not specified, default to function scope.
# this is probably the mode that rule authors will start with.
# each rule has two scopes, a static-flavor scope, and a
# dynamic-flavor one. which one is used depends on the analysis type.
if "scope" in meta:
raise InvalidRule("rule is in legacy mode (has scope meta field). please update to the new syntax.")
raise InvalidRule(f"legacy rule detected (rule.meta.scope), please update to the new syntax: {name}")
elif "scopes" in meta:
scopes_ = meta.get("scopes")
else:
Expand Down
2 changes: 1 addition & 1 deletion rules
Submodule rules updated 20 files
+3 −1 collection/network/capture-packets-using-sharppcap.yml
+3 −1 host-interaction/network/connectivity/set-tcp-connection-state.yml
+3 −1 host-interaction/process/inject/allocate-or-change-rwx-memory.yml
+26 −0 lib/allocate-or-change-rw-memory.yml
+3 −1 lib/change-memory-protection.yml
+3 −1 load-code/dotnet/load-windows-common-language-runtime.yml
+3 −1 nursery/add-value-to-global-atom-table.yml
+3 −1 nursery/capture-process-snapshot-data.yml
+3 −1 nursery/communicate-with-kernel-module-via-netlink-socket-on-linux.yml
+3 −1 nursery/encrypt-data-using-rc4-via-systemfunction032.yml
+3 −1 nursery/enumerate-processes-that-use-resource.yml
+3 −1 nursery/get-current-pid-on-linux.yml
+3 −1 nursery/get-file-system-information-on-linux.yml
+3 −1 nursery/get-ntoskrnl-base-address.yml
+3 −1 nursery/get-password-database-entry-on-linux.yml
+3 −1 nursery/log-keystrokes-via-input-method-manager.yml
+3 −1 nursery/mark-thread-detached-on-linux.yml
+3 −1 nursery/persist-via-gnome-autostart-on-linux.yml
+3 −1 nursery/send-sms-on-android.yml
+3 −1 nursery/set-thread-name-on-linux.yml
8 changes: 2 additions & 6 deletions scripts/lint.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,8 +216,8 @@ class InvalidScopes(Lint):
recommendation = "At least one scope (static or dynamic) must be specified"

def check_rule(self, ctx: Context, rule: Rule):
return (rule.meta.get("scope").get("static") in ("unspecified", "unsupported")) and (
rule.meta.get("scope").get("dynamic") in ("unspecified", "unsupported")
return (rule.meta.get("scopes").get("static") in ("unspecified", "unsupported")) and (
rule.meta.get("scopes").get("dynamic") in ("unspecified", "unsupported")
)


Expand Down Expand Up @@ -979,10 +979,6 @@ def main(argv=None):

default_samples_path = str(Path(__file__).resolve().parent.parent / "tests" / "data")

# TODO(yelhamer): remove once support for the legacy scope field has been added
# https://github.com/mandiant/capa/pull/1580
return 0

parser = argparse.ArgumentParser(description="Lint capa rules.")
capa.main.install_common_args(parser, wanted={"tag"})
parser.add_argument("rules", type=str, action="append", help="Path to rules")
Expand Down
15 changes: 9 additions & 6 deletions tests/test_rules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -420,8 +420,11 @@ def test_rules_flavor_filtering():


def test_meta_scope_keywords():
for static_scope in sorted(capa.rules.STATIC_SCOPES):
for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
static_scopes = list(sorted(map(lambda e: e.value, capa.rules.STATIC_SCOPES)))
dynamic_scopes = list(sorted(map(lambda e: e.value, capa.rules.DYNAMIC_SCOPES)))

for static_scope in static_scopes:
for dynamic_scope in dynamic_scopes:
_ = capa.rules.Rule.from_yaml(
textwrap.dedent(
f"""
Expand All @@ -439,7 +442,7 @@ def test_meta_scope_keywords():
)

# its also ok to specify "unsupported"
for static_scope in sorted(capa.rules.STATIC_SCOPES):
for static_scope in static_scopes:
_ = capa.rules.Rule.from_yaml(
textwrap.dedent(
f"""
Expand All @@ -455,7 +458,7 @@ def test_meta_scope_keywords():
"""
)
)
for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
for dynamic_scope in dynamic_scopes:
_ = capa.rules.Rule.from_yaml(
textwrap.dedent(
f"""
Expand All @@ -473,7 +476,7 @@ def test_meta_scope_keywords():
)

# its also ok to specify "unspecified"
for static_scope in sorted(capa.rules.STATIC_SCOPES):
for static_scope in static_scopes:
_ = capa.rules.Rule.from_yaml(
textwrap.dedent(
f"""
Expand All @@ -489,7 +492,7 @@ def test_meta_scope_keywords():
"""
)
)
for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
for dynamic_scope in dynamic_scopes:
_ = capa.rules.Rule.from_yaml(
textwrap.dedent(
f"""
Expand Down

0 comments on commit 44d05f9

Please sign in to comment.