Skip to content

Commit

Permalink
make Process model flexible and procmemory optional
Browse files Browse the repository at this point in the history
  • Loading branch information
mr-tz committed Dec 3, 2024
1 parent 201ec07 commit 959a234
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
- binja: support loading raw x86/x86_64 shellcode #2489 @xusheng6
- binja: fix crash when the IL of certain functions are not available. #2249 @xusheng6
- binja: major performance improvement on the binja extractor. #1414 @xusheng6
- cape: make Process model flexible and procmemory optional to load newest reports #2466 @mr-tz

### capa Explorer Web

Expand Down
7 changes: 5 additions & 2 deletions capa/features/extractors/cape/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,10 @@ class Call(ExactModel):
id: int


class Process(ExactModel):
# FlexibleModel to account for extended fields
# refs: https://github.com/mandiant/capa/issues/2466
# https://github.com/kevoreilly/CAPEv2/pull/2199
class Process(FlexibleModel):
process_id: int
process_name: str
parent_id: int
Expand Down Expand Up @@ -400,7 +403,7 @@ class CapeReport(FlexibleModel):
CAPE: Optional[Union[Cape, list]] = None
dropped: Optional[list[File]] = None
procdump: Optional[list[ProcessFile]] = None
procmemory: ListTODO
procmemory: Optional[ListTODO] = None

# =========================================================================
# information we won't use in capa
Expand Down

0 comments on commit 959a234

Please sign in to comment.