Skip to content

Commit

Permalink
render output with prevalence for (v) verbose
Browse files Browse the repository at this point in the history
  • Loading branch information
@Aayush-Goel-04
Aayush-Goel-04 committed Oct 20, 2023
1 parent e4bb521 commit fe4af5c
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 0 deletions.
0 assets/rules_prevalence.json.gz → ..._prevalence_data/rules_prevalence.json.gz
View file
File renamed without changes.
3 changes: 3 additions & 0 deletions capa/render/verbose.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ def render_rules(ostream, doc: rd.ResultDocument):
0x10003797
"""
had_match = False
rules_prevalence = rutils.load_rules_prevalence()
for rule in rutils.capability_rules(doc):
count = len(rule.matches)
if count == 1:
Expand All @@ -139,6 +140,8 @@ def render_rules(ostream, doc: rd.ResultDocument):

rows.append((key, v))

rows.append(("prevalence", rules_prevalence.get(rule.meta.name, "unknown")))

if rule.meta.scope != capa.rules.FILE_SCOPE:
locations = [m[0] for m in doc.rules[rule.meta.name].matches]
rows.append(("matches", "\n".join(map(format_address, locations))))
Expand Down
4 changes: 4 additions & 0 deletions capa/render/vverbose.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,8 @@ def render_rules(ostream, doc: rd.ResultDocument):

had_match = False

rules_prevalence = rutils.load_rules_prevalence()

for _, _, rule in sorted((rule.meta.namespace or "", rule.meta.name, rule) for rule in doc.rules.values()):
# default scope hides things like lib rules, malware-category rules, etc.
# but in vverbose mode, we really want to show everything.
Expand Down Expand Up @@ -325,6 +327,8 @@ def render_rules(ostream, doc: rd.ResultDocument):

rows.append(("scope", rule.meta.scope.value))

rows.append(("prevalence", rules_prevalence.get(rule.meta.name, "unknown")))

if rule.meta.attack:
rows.append(("att&ck", ", ".join([rutils.format_parts_id(v) for v in rule.meta.attack])))

Expand Down

0 comments on commit fe4af5c

Please sign in to comment.