gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

pep8: isort

Browse Source
This commit is contained in:
William Ballenthin
2020-07-02 10:52:05 -06:00
parent 5fda3c467f
commit 1188103d1c
36 changed files with 79 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
capa/features/__init__.py
View File

@@ -1,10 +1,9 @@
import sys
import codecs
import logging
import sys
import capa.engine
logger = logging.getLogger(__name__)
MAX_BYTES_FEATURE_SIZE = 0x100

3
capa/features/extractors/ida/__init__.py
View File

@@ -3,13 +3,12 @@ import types
import idaapi
from capa.features.extractors import FeatureExtractor
import capa.features.extractors.ida.file
import capa.features.extractors.ida.insn
import capa.features.extractors.ida.helpers
import capa.features.extractors.ida.function
import capa.features.extractors.ida.basicblock
from capa.features.extractors import FeatureExtractor
def get_va(self):

11
capa/features/extractors/ida/basicblock.py
View File

@@ -1,16 +1,15 @@
import sys
import struct
import string
import pprint
import string
import struct
import idautils
import idaapi
import idc
from capa.features.extractors.ida import helpers
import idaapi
import idautils
from capa.features import Characteristic
from capa.features.basicblock import BasicBlock
from capa.features.extractors.ida import helpers
from capa.features.extractors.helpers import MIN_STACKSTRING_LEN

15
capa/features/extractors/ida/file.py
View File

@@ -1,18 +1,15 @@
import struct
import pprint
import struct
import idautils
import idaapi
import idc
import idaapi
import idautils
from capa.features import String
from capa.features import Characteristic
from capa.features.file import Section
from capa.features.file import Export
from capa.features.file import Import
import capa.features.extractors.strings
import capa.features.extractors.helpers
import capa.features.extractors.strings
import capa.features.extractors.ida.helpers
from capa.features import String, Characteristic
from capa.features.file import Export, Import, Section
def _ida_check_segment_for_pe(seg):

2
capa/features/extractors/ida/function.py
View File

@@ -1,5 +1,5 @@
import idautils
import idaapi
import idautils
from capa.features import Characteristic
from capa.features.extractors import loops

4
capa/features/extractors/ida/helpers.py
View File

@@ -1,9 +1,9 @@
import sys
import string
import idautils
import idaapi
import idc
import idaapi
import idautils
def find_byte_sequence(start, end, seq):

14
capa/features/extractors/ida/insn.py
View File

@@ -1,19 +1,13 @@
import pprint
import idautils
import idaapi
import idc
import idaapi
import idautils
from capa.features import String
from capa.features import Bytes
from capa.features import Characteristic
from capa.features import MAX_BYTES_FEATURE_SIZE
from capa.features.insn import Number
from capa.features.insn import Offset
from capa.features.insn import Mnemonic
import capa.features.extractors.helpers
import capa.features.extractors.ida.helpers
from capa.features import MAX_BYTES_FEATURE_SIZE, Bytes, String, Characteristic
from capa.features.insn import Number, Offset, Mnemonic
_file_imports_cache = None

2
capa/features/extractors/loops.py
View File

@@ -1,5 +1,5 @@
from networkx.algorithms.components import strongly_connected_components
from networkx import nx
from networkx.algorithms.components import strongly_connected_components
def has_loop(edges, threshold=2):

1
capa/features/extractors/strings.py
View File

@@ -6,7 +6,6 @@
import re
from collections import namedtuple
ASCII_BYTE = r" !\"#\$%&\'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\]\^_`abcdefghijklmnopqrstuvwxyz\{\|\}\\\~\t".encode(
"ascii"
)

15
capa/features/extractors/viv/__init__.py
View File

@@ -2,17 +2,16 @@ import types
import viv_utils
import capa.features.extractors
import capa.features.extractors.viv.file
import capa.features.extractors.viv.function
import capa.features.extractors.viv.basicblock
import capa.features.extractors.viv.insn
from capa.features.extractors import FeatureExtractor
import file
import insn
import function
import basicblock
import insn
import capa.features.extractors
import capa.features.extractors.viv.file
import capa.features.extractors.viv.insn
import capa.features.extractors.viv.function
import capa.features.extractors.viv.basicblock
from capa.features.extractors import FeatureExtractor
__all__ = ["file", "function", "basicblock", "insn"]

2
capa/features/extractors/viv/basicblock.py
View File

@@ -1,5 +1,5 @@
import struct
import string
import struct
import envi
import vivisect.const

7
capa/features/extractors/viv/file.py
View File

@@ -1,11 +1,8 @@
import PE.carve as pe_carve # vivisect PE
from capa.features import Characteristic
from capa.features.file import Export
from capa.features.file import Import
from capa.features.file import Section
from capa.features import String
import capa.features.extractors.strings
from capa.features import String, Characteristic
from capa.features.file import Export, Import, Section
def extract_file_embedded_pe(vw, file_path):

3
capa/features/extractors/viv/indirect_calls.py
View File

@@ -1,10 +1,9 @@
import collections
import envi
import vivisect.const
import envi.archs.i386.disasm
import envi.archs.amd64.disasm
import vivisect.const
# pull out consts for lookup performance
i386RegOper = envi.archs.i386.disasm.i386RegOper

14
capa/features/extractors/viv/insn.py
View File

@@ -1,17 +1,11 @@
import envi.memory
import envi.archs.i386.disasm
import vivisect.const
import envi.archs.i386.disasm
from capa.features import String
from capa.features import Bytes
from capa.features import Characteristic
from capa.features import MAX_BYTES_FEATURE_SIZE
from capa.features.insn import Number
from capa.features.insn import Offset
from capa.features.insn import Mnemonic
import capa.features.extractors.helpers
from capa.features.extractors.viv.indirect_calls import NotFoundError
from capa.features.extractors.viv.indirect_calls import resolve_indirect_call
from capa.features import MAX_BYTES_FEATURE_SIZE, Bytes, String, Characteristic
from capa.features.insn import Number, Offset, Mnemonic
from capa.features.extractors.viv.indirect_calls import NotFoundError, resolve_indirect_call
def interface_extract_instruction_XXX(f, bb, insn):

6
capa/features/freeze.py
View File

@@ -44,16 +44,14 @@ import json
import zlib
import logging
import capa.features.extractors
import capa.features
import capa.features.file
import capa.features.insn
import capa.features.function
import capa.features.basicblock
import capa.features.insn
import capa.features.extractors
from capa.helpers import hex
logger = logging.getLogger(__name__)

7
capa/ida/explorer/item.py
View File

@@ -1,10 +1,9 @@
import codecs
import sys
import codecs
from PyQt5 import QtCore
import idaapi
import idc
import idaapi
from PyQt5 import QtCore
import capa.ida.helpers

34
capa/ida/explorer/model.py
View File

@@ -1,26 +1,24 @@
from PyQt5 import QtCore, QtGui, Qt
from collections import deque
import capa.render.utils as rutils
import idaapi
import idc
from capa.ida.explorer.item import (
CapaExplorerDataItem,
CapaExplorerDefaultItem,
CapaExplorerFunctionItem,
CapaExplorerRuleItem,
CapaExplorerStringViewItem,
CapaExplorerInstructionViewItem,
CapaExplorerByteViewItem,
CapaExplorerBlockItem,
CapaExplorerRuleMatchItem,
CapaExplorerFeatureItem,
CapaExplorerSubscopeItem,
)
import idaapi
from PyQt5 import Qt, QtGui, QtCore
import capa.ida.helpers
import capa.render.utils as rutils
from capa.ida.explorer.item import (
CapaExplorerDataItem,
CapaExplorerRuleItem,
CapaExplorerBlockItem,
CapaExplorerDefaultItem,
CapaExplorerFeatureItem,
CapaExplorerByteViewItem,
CapaExplorerFunctionItem,
CapaExplorerSubscopeItem,
CapaExplorerRuleMatchItem,
CapaExplorerStringViewItem,
CapaExplorerInstructionViewItem,
)
# default highlight color used in IDA window
DEFAULT_HIGHLIGHT = 0xD096FF

10
capa/ida/explorer/view.py
View File

@@ -1,13 +1,9 @@
from PyQt5 import QtWidgets, QtCore, QtGui
import idaapi
import idc
import idaapi
from PyQt5 import QtGui, QtCore, QtWidgets
from capa.ida.explorer.item import CapaExplorerRuleItem, CapaExplorerFunctionItem
from capa.ida.explorer.model import CapaExplorerDataModel
from capa.ida.explorer.item import (
CapaExplorerFunctionItem,
CapaExplorerRuleItem,
)
class CapaExplorerQtreeView(QtWidgets.QTreeView):

2
capa/ida/helpers/__init__.py
View File

@@ -1,7 +1,7 @@
import logging
import idaapi
import idc
import idaapi
logger = logging.getLogger("capa")

6
capa/ida/ida_capa_explorer.py
View File

@@ -2,16 +2,14 @@ import os
import logging
import collections
from PyQt5 import QtWidgets, QtGui, QtCore
import idaapi
from PyQt5 import QtGui, QtCore, QtWidgets
import capa.main
import capa.rules
import capa.features.extractors.ida
import capa.ida.helpers
import capa.render.utils as rutils
import capa.features.extractors.ida
from capa.ida.explorer.view import CapaExplorerQtreeView
from capa.ida.explorer.model import CapaExplorerDataModel
from capa.ida.explorer.proxy import CapaExplorerSortFilterProxyModel

10
capa/ida/ida_rule_generator.py
View File

@@ -5,19 +5,15 @@ import binascii
import textwrap
from collections import Counter, defaultdict
from PyQt5 import QtWidgets, QtCore
from PyQt5.QtWidgets import QTreeWidget, QTreeWidgetItem, QTextEdit, QHeaderView
import idc
import idaapi
from PyQt5 import QtCore, QtWidgets
from PyQt5.QtWidgets import QTextEdit, QHeaderView, QTreeWidget, QTreeWidgetItem
import capa
import capa.main
from capa.ida import plugin_helpers
import capa.features.extractors.ida.helpers
from capa.ida import plugin_helpers
logger = logging.getLogger("rulegen")

6
capa/ida/plugin_helpers.py
View File

@@ -1,12 +1,10 @@
import os
import logging
from PyQt5.QtWidgets import QTreeWidgetItem, QTreeWidgetItemIterator
from PyQt5.QtCore import Qt
import idc
import idaapi
from PyQt5.QtCore import Qt
from PyQt5.QtWidgets import QTreeWidgetItem, QTreeWidgetItemIterator
CAPA_EXTENSION = ".capas"

4
capa/main.py
View File

@@ -3,9 +3,9 @@
capa - detect capabilities in programs.
"""
import os
import os.path
import sys
import logging
import os.path
import collections
import tqdm
@@ -19,10 +19,8 @@ import capa.version
import capa.features
import capa.features.freeze
import capa.features.extractors
from capa.helpers import oint
SUPPORTED_FILE_MAGIC = set(["MZ"])

1
capa/render/__init__.py
View File

@@ -1,4 +1,5 @@
import json
import six
import capa.rules

5
capa/rules.py
View File

@@ -7,15 +7,14 @@ import six
import ruamel.yaml
import capa.engine
from capa.engine import *
import capa.features
import capa.features.file
import capa.features.insn
import capa.features.function
import capa.features.basicblock
import capa.features.insn
from capa.engine import *
from capa.features import MAX_BYTES_FEATURE_SIZE
logger = logging.getLogger(__name__)

1
scripts/capafmt.py
View File

@@ -13,7 +13,6 @@ import argparse
import capa.rules
logger = logging.getLogger("capafmt")

1
scripts/lint.py
View File

@@ -6,7 +6,6 @@ Usage:
$ python scripts/lint.py rules/
"""
import os
import os.path
import sys
import string
import hashlib

5
scripts/migrate-rules.py
View File

@@ -7,17 +7,16 @@ example:
$ python scripts/migrate-rules.py migration.csv ./rules ./new-rules
"""
import os
import os.path
import sys
import csv
import sys
import logging
import os.path
import collections
import argparse
import capa.rules
logger = logging.getLogger("migrate-rules")

1
scripts/testbed/freeze_features.py
View File

@@ -16,7 +16,6 @@ import argparse
from scripts.testbed import FREEZE_EXTENSION
from capa.features.freeze import main as freeze_features
# only process files with these extensions
TARGET_EXTENSIONS = [".mal_", ".exe_", ".dll_", ".sys_"]

3
scripts/testbed/run_rule_on_testbed.py
View File

@@ -11,7 +11,6 @@ import sys
import json
import time
import logging
from collections import defaultdict
import argparse
@@ -19,11 +18,9 @@ import argparse
import capa.main
import capa.rules
import capa.features.freeze
from scripts.testbed import FNAMES_EXTENSION, FREEZE_EXTENSION
from start_ida_export_fimages import export_fimages
logger = logging.getLogger(__name__)
# sorry globals...

1
setup.py
View File

@@ -3,7 +3,6 @@ import sys
import setuptools
requirements = ["six", "tqdm", "pyyaml", "tabulate", "colorama", "termcolor", "ruamel.yaml"]
if sys.version_info >= (3, 0):

1
tests/fixtures.py
View File

@@ -5,7 +5,6 @@ import collections
import pytest
import viv_utils
CD = os.path.dirname(__file__)

4
tests/test_freeze.py
View File

@@ -4,12 +4,10 @@ import capa.main
import capa.helpers
import capa.features
import capa.features.insn
import capa.features.extractors
import capa.features.freeze
import capa.features.extractors
from fixtures import *
EXTRACTOR = capa.features.extractors.NullFeatureExtractor(
{
"file features": [(0x402345, capa.features.Characteristic("embedded pe")),],

3
tests/test_main.py
View File

@@ -3,11 +3,10 @@ import textwrap
import capa.main
import capa.rules
import capa.engine
from capa.engine import *
import capa.features
import capa.features.extractors.viv
from fixtures import *
from capa.engine import *
def test_main(sample_9324d1a8ae37a36ae560c37448c9705a):

2
tests/test_rules.py
View File

@@ -3,8 +3,8 @@ import textwrap
import pytest
import capa.rules
from capa.features.insn import Number, Offset
from capa.features import String
from capa.features.insn import Number, Offset
def test_rule_ctor():

5
tests/test_viv_features.py
View File

@@ -2,14 +2,13 @@ import viv_utils
import capa.features
import capa.features.file
import capa.features.insn
import capa.features.function
import capa.features.basicblock
import capa.features.insn
import capa.features.extractors.viv.file
import capa.features.extractors.viv.insn
import capa.features.extractors.viv.function
import capa.features.extractors.viv.basicblock
import capa.features.extractors.viv.insn
from fixtures import *