-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add a capabilities module #1820
add a capabilities module #1820
Conversation
I like the idea of splitting out this logic into its own module, because:
I'd propose that this new module be @yelhamer please also update the scripts that use these routines:
also plugins/integrations:
|
…ity extraction there
Furthermore, does it make sense to break out any other logic from main? Here's whats left:
I think these things belong in main:
proposal 1: move to existing capa.rules:
proposal 2: move to
proposal 3: move to new module
Please brainstorm if these changes make intuitive sense to you. If so, then we can update this PR with the changes, paying particular attention to how the scripts change - we'd want these to become simpler/more readable. |
agreed I think we should use this as a start to a larger refactor significantly reducing the size of main and making capa much easier to use as a library (and within our own code), see for example #1813 as well as many code duplication in our scripts and plugins. |
…ve the corresponding tests from main to there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks great, thanks @yelhamer!
Co-authored-by: Willi Ballenthin <[email protected]>
Co-authored-by: Willi Ballenthin <[email protected]>
Co-authored-by: Willi Ballenthin <[email protected]>
…e capabilities module
…into capabilities-module
@mr-tz i'd like to have your LGTM here too before we merge |
reviewing now! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great changes, just a few minor issues I've noticed
…ations()` from capa source code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
0097822
into
mandiant:dynamic-feature-extraction
This PR moves the capability extraction logic from `main.py` to a new "capabilities" module.