do not process non-pe even with --format pe

CHANGELOG.md

@@ -130,6 +130,7 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 
 - build: use Python 3.8 for PyInstaller to support consistently running across multiple operating systems including Windows 7 #505 @mr-tz
 - main: correctly match BB-scope matches at file scope #605 @williballenthin
+- main: do not process non-PE files even when --format explicitly provided #664 @mr-tz
 
 ### capa explorer IDA Pro plugin
 - explorer: IDA 7.6 support #497 @williballenthin

capa/main.py

@@ -863,7 +863,13 @@ def main(argv=None):
         # so we can fairly quickly determine if the given PE file has "pure" file-scope rules
         # that indicate a limitation (like "file is packed based on section names")
         # and avoid doing a full code analysis on difficult/impossible binaries.
-        file_extractor = capa.features.extractors.pefile.PefileFeatureExtractor(args.sample)
+        try:
+            from pefile import PEFormatError
+
+            file_extractor = capa.features.extractors.pefile.PefileFeatureExtractor(args.sample)
+        except PEFormatError as e:
+            logger.error("Input file '%s' is not a valid PE file: %s", args.sample, str(e))
+            return -1
         pure_file_capabilities, _ = find_file_capabilities(rules, file_extractor, {})
 
         # file limitations that rely on non-file scope won't be detected here.