From 44d05f9498b441ff37fd6cc289f3e975a910902f Mon Sep 17 00:00:00 2001
From: Willi Ballenthin <willi.ballenthin@gmail.com>
Date: Tue, 17 Oct 2023 11:41:40 +0000
Subject: [PATCH] dynamic: fix some tests

---
 capa/features/freeze/__init__.py |  1 +
 capa/main.py                     |  3 ---
 capa/rules/__init__.py           |  3 ++-
 rules                            |  2 +-
 scripts/lint.py                  |  8 ++------
 tests/test_rules.py              | 15 +++++++++------
 6 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/capa/features/freeze/__init__.py b/capa/features/freeze/__init__.py
index 10deb40c4..b2f880415 100644
--- a/capa/features/freeze/__init__.py
+++ b/capa/features/freeze/__init__.py
@@ -658,6 +658,7 @@ def main(argv=None):
     parser.add_argument("output", type=str, help="Path to output file")
     args = parser.parse_args(args=argv)
     capa.main.handle_common_args(args)
+    capa.main.handle_signatures_arg(args)
 
     sigpaths = capa.main.get_signatures(args.signatures)
 
diff --git a/capa/main.py b/capa/main.py
index 36cc13c1c..d0460384d 100644
--- a/capa/main.py
+++ b/capa/main.py
@@ -1556,9 +1556,6 @@ def main(argv: Optional[List[str]] = None):
             # and use those for extracting.
 
             try:
-                if format_ not in DYNAMIC_FORMATS:
-                    # signatures are loaded only for static anaylsis
-                    handle_signatures_arg(args)
                 if format_ == FORMAT_PE:
                     sig_paths = get_signatures(args.signatures)
                 else:
diff --git a/capa/rules/__init__.py b/capa/rules/__init__.py
index 35f2a0907..c169fff15 100644
--- a/capa/rules/__init__.py
+++ b/capa/rules/__init__.py
@@ -931,12 +931,13 @@ def evaluate(self, features: FeatureSet, short_circuit=True):
     def from_dict(cls, d: Dict[str, Any], definition: str) -> "Rule":
         meta = d["rule"]["meta"]
         name = meta["name"]
+
         # if scope is not specified, default to function scope.
         # this is probably the mode that rule authors will start with.
         # each rule has two scopes, a static-flavor scope, and a
         # dynamic-flavor one. which one is used depends on the analysis type.
         if "scope" in meta:
-            raise InvalidRule("rule is in legacy mode (has scope meta field). please update to the new syntax.")
+            raise InvalidRule(f"legacy rule detected (rule.meta.scope), please update to the new syntax: {name}")
         elif "scopes" in meta:
             scopes_ = meta.get("scopes")
         else:
diff --git a/rules b/rules
index 9cb8848b0..796b5b3a2 160000
--- a/rules
+++ b/rules
@@ -1 +1 @@
-Subproject commit 9cb8848b0383662181e5dff46d89dd352ffa147e
+Subproject commit 796b5b3a22e5883595a83ad6e8dc2fa4a3eca62c
diff --git a/scripts/lint.py b/scripts/lint.py
index 9fcebdd0d..09f27fe57 100644
--- a/scripts/lint.py
+++ b/scripts/lint.py
@@ -216,8 +216,8 @@ class InvalidScopes(Lint):
     recommendation = "At least one scope (static or dynamic) must be specified"
 
     def check_rule(self, ctx: Context, rule: Rule):
-        return (rule.meta.get("scope").get("static") in ("unspecified", "unsupported")) and (
-            rule.meta.get("scope").get("dynamic") in ("unspecified", "unsupported")
+        return (rule.meta.get("scopes").get("static") in ("unspecified", "unsupported")) and (
+            rule.meta.get("scopes").get("dynamic") in ("unspecified", "unsupported")
         )
 
 
@@ -979,10 +979,6 @@ def main(argv=None):
 
     default_samples_path = str(Path(__file__).resolve().parent.parent / "tests" / "data")
 
-    # TODO(yelhamer): remove once support for the legacy scope field has been added
-    # https://github.com/mandiant/capa/pull/1580
-    return 0
-
     parser = argparse.ArgumentParser(description="Lint capa rules.")
     capa.main.install_common_args(parser, wanted={"tag"})
     parser.add_argument("rules", type=str, action="append", help="Path to rules")
diff --git a/tests/test_rules.py b/tests/test_rules.py
index 50a978acb..bd47365e4 100644
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -420,8 +420,11 @@ def test_rules_flavor_filtering():
 
 
 def test_meta_scope_keywords():
-    for static_scope in sorted(capa.rules.STATIC_SCOPES):
-        for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
+    static_scopes = list(sorted(map(lambda e: e.value, capa.rules.STATIC_SCOPES)))
+    dynamic_scopes = list(sorted(map(lambda e: e.value, capa.rules.DYNAMIC_SCOPES)))
+
+    for static_scope in static_scopes:
+        for dynamic_scope in dynamic_scopes:
             _ = capa.rules.Rule.from_yaml(
                 textwrap.dedent(
                     f"""
@@ -439,7 +442,7 @@ def test_meta_scope_keywords():
             )
 
     # its also ok to specify "unsupported"
-    for static_scope in sorted(capa.rules.STATIC_SCOPES):
+    for static_scope in static_scopes:
         _ = capa.rules.Rule.from_yaml(
             textwrap.dedent(
                 f"""
@@ -455,7 +458,7 @@ def test_meta_scope_keywords():
                 """
             )
         )
-    for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
+    for dynamic_scope in dynamic_scopes:
         _ = capa.rules.Rule.from_yaml(
             textwrap.dedent(
                 f"""
@@ -473,7 +476,7 @@ def test_meta_scope_keywords():
         )
 
     # its also ok to specify "unspecified"
-    for static_scope in sorted(capa.rules.STATIC_SCOPES):
+    for static_scope in static_scopes:
         _ = capa.rules.Rule.from_yaml(
             textwrap.dedent(
                 f"""
@@ -489,7 +492,7 @@ def test_meta_scope_keywords():
                 """
             )
         )
-    for dynamic_scope in sorted(capa.rules.DYNAMIC_SCOPES):
+    for dynamic_scope in dynamic_scopes:
         _ = capa.rules.Rule.from_yaml(
             textwrap.dedent(
                 f"""