From e90b303465d3f05ee74a7a44c4fabcfd055e1cd8 Mon Sep 17 00:00:00 2001 From: Pratik Mohapatra Date: Tue, 19 Mar 2024 18:37:53 +0530 Subject: [PATCH] saved black hook formatting --- capa/ghidra/capa_explorer.py | 63 +++++++----------------------------- 1 file changed, 12 insertions(+), 51 deletions(-) diff --git a/capa/ghidra/capa_explorer.py b/capa/ghidra/capa_explorer.py index 725fb8169..1d5dbcc6e 100644 --- a/capa/ghidra/capa_explorer.py +++ b/capa/ghidra/capa_explorer.py @@ -48,10 +48,7 @@ def create_label(ghidra_addr, name, capa_namespace): # prevent duplicate labels under the same capa-generated namespace symbol_table = currentProgram().getSymbolTable() # type: ignore [name-defined] # noqa: F821 for sym in symbol_table.getSymbols(ghidra_addr): - if ( - sym.getName(True) - == capa_namespace.getName(True) + Namespace.DELIMITER + name - ): + if sym.getName(True) == capa_namespace.getName(True) + Namespace.DELIMITER + name: return # create SymbolType.LABEL at addr @@ -101,9 +98,7 @@ def bookmark_functions(self): for part in item.get("parts", {}): attack_txt = attack_txt + part + Namespace.DELIMITER attack_txt = attack_txt + item.get("id", {}) - add_bookmark( - func_addr, attack_txt, "CapaExplorer::MITRE ATT&CK" - ) + add_bookmark(func_addr, attack_txt, "CapaExplorer::MITRE ATT&CK") if self.mbc != []: for item in self.mbc: @@ -132,28 +127,11 @@ def set_pre_comment(self, ghidra_addr, sub_type, description): """set pre comments at subscoped matches of main rules""" comment = getPreComment(ghidra_addr) # type: ignore [name-defined] # noqa: F821 if comment is None: - comment = ( - "capa: " - + sub_type - + "(" - + description - + ")" - + ' matched in "' - + self.capability - + '"\n' - ) + comment = "capa: " + sub_type + "(" + description + ")" + ' matched in "' + self.capability + '"\n' setPreComment(ghidra_addr, comment) # type: ignore [name-defined] # noqa: F821 elif self.capability not in comment: comment = ( - comment - + "capa: " - + sub_type - + "(" - + description - + ")" - + ' matched in "' - + self.capability - + '"\n' + comment + "capa: " + sub_type + "(" + description + ")" + ' matched in "' + self.capability + '"\n' ) setPreComment(ghidra_addr, comment) # type: ignore [name-defined] # noqa: F821 else: @@ -189,9 +167,7 @@ def label_matches(self): # precomment subscope matches under the function if node != {}: for sub_type, description in parse_node(node): - self.set_pre_comment( - sub_ghidra_addr, sub_type, description - ) + self.set_pre_comment(sub_ghidra_addr, sub_type, description) else: # resolve the encompassing function for the capa namespace # of non-function scoped main matches @@ -215,9 +191,7 @@ def label_matches(self): if func is not None: # basic block/ insn scope under resolved function for sub_type, description in parse_node(node): - self.set_pre_comment( - sub_ghidra_addr, sub_type, description - ) + self.set_pre_comment(sub_ghidra_addr, sub_type, description) else: # this would be a global/file scoped main match # try to resolve the encompassing function via the subscope match, instead @@ -233,9 +207,7 @@ def label_matches(self): ) self.set_plate_comment(sub_func_addr) for sub_type, description in parse_node(node): - self.set_pre_comment( - sub_ghidra_addr, sub_type, description - ) + self.set_pre_comment(sub_ghidra_addr, sub_type, description) else: # addr is in some other file section like .data # represent this location with a label symbol under the capa namespace @@ -243,14 +215,10 @@ def label_matches(self): for sub_type, description in parse_node(node): # in many cases, these will be ghidra-labeled data, so just add the existing # label symbol to the capa namespace - for sym in symbol_table.getSymbols( - sub_ghidra_addr - ): + for sym in symbol_table.getSymbols(sub_ghidra_addr): if sym.getSymbolType() == SymbolType.LABEL: sym.setNamespace(capa_namespace) - self.set_pre_comment( - sub_ghidra_addr, sub_type, description - ) + self.set_pre_comment(sub_ghidra_addr, sub_type, description) def get_capabilities(): @@ -274,13 +242,9 @@ def get_capabilities(): meta = capa.ghidra.helpers.collect_metadata([rules_path]) extractor = capa.features.extractors.ghidra.extractor.GhidraFeatureExtractor() - capabilities, counts = capa.capabilities.common.find_capabilities( - rules, extractor, True - ) + capabilities, counts = capa.capabilities.common.find_capabilities(rules, extractor, True) - if capa.capabilities.common.has_file_limitation( - rules, capabilities, is_standalone=False - ): + if capa.capabilities.common.has_file_limitation(rules, capabilities, is_standalone=False): popup("capa explorer encountered warnings during analysis. Please check the console output for more information.") # type: ignore [name-defined] # noqa: F821 logger.info("capa encountered warnings during analysis") @@ -399,7 +363,6 @@ def main(): popup("capa explorer found no matches.") # type: ignore [name-defined] # noqa: F821 return capa.main.E_EMPTY_REPORT - user_choice = askChoice( # type: ignore [name-defined] # noqa: F821 "Choose b/w bookmarks & comments", "preferred action:", @@ -429,9 +392,7 @@ def main(): if sys.version_info < (3, 8): from capa.exceptions import UnsupportedRuntimeError - raise UnsupportedRuntimeError( - "This version of capa can only be used with Python 3.8+" - ) + raise UnsupportedRuntimeError("This version of capa can only be used with Python 3.8+") exit_code = main() if exit_code != 0: popup("capa explorer encountered errors during analysis. Please check the console output for more information.") # type: ignore [name-defined] # noqa: F821