gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

pep8: isort

Browse Source
This commit is contained in:
William Ballenthin
2020-07-02 10:52:05 -06:00
parent 5fda3c467f
commit 1188103d1c
36 changed files with 79 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
capa/features/__init__.py
View File

@@ -1,10 +1,9 @@
import sys
import codecs import codecs
import logging import logging
import sys
import capa.engine import capa.engine
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
MAX_BYTES_FEATURE_SIZE = 0x100 MAX_BYTES_FEATURE_SIZE = 0x100

3
capa/features/extractors/ida/__init__.py
View File

@@ -3,13 +3,12 @@ import types
import idaapi import idaapi
from capa.features.extractors import FeatureExtractor
import capa.features.extractors.ida.file import capa.features.extractors.ida.file
import capa.features.extractors.ida.insn import capa.features.extractors.ida.insn
import capa.features.extractors.ida.helpers import capa.features.extractors.ida.helpers
import capa.features.extractors.ida.function import capa.features.extractors.ida.function
import capa.features.extractors.ida.basicblock import capa.features.extractors.ida.basicblock
from capa.features.extractors import FeatureExtractor
def get_va(self): def get_va(self):

11
capa/features/extractors/ida/basicblock.py
View File

@@ -1,16 +1,15 @@
import sys import sys
import struct
import string
import pprint import pprint
import string
import struct
import idautils
import idaapi
import idc import idc
import idaapi
from capa.features.extractors.ida import helpers import idautils
from capa.features import Characteristic from capa.features import Characteristic
from capa.features.basicblock import BasicBlock from capa.features.basicblock import BasicBlock
from capa.features.extractors.ida import helpers
from capa.features.extractors.helpers import MIN_STACKSTRING_LEN from capa.features.extractors.helpers import MIN_STACKSTRING_LEN

15
capa/features/extractors/ida/file.py
View File

@@ -1,18 +1,15 @@
import struct
import pprint import pprint
import struct
import idautils
import idaapi
import idc import idc
import idaapi
import idautils
from capa.features import String
from capa.features import Characteristic
from capa.features.file import Section
from capa.features.file import Export
from capa.features.file import Import
import capa.features.extractors.strings
import capa.features.extractors.helpers import capa.features.extractors.helpers
import capa.features.extractors.strings
import capa.features.extractors.ida.helpers import capa.features.extractors.ida.helpers
from capa.features import String, Characteristic
from capa.features.file import Export, Import, Section
def _ida_check_segment_for_pe(seg): def _ida_check_segment_for_pe(seg):

2
capa/features/extractors/ida/function.py
View File

@@ -1,5 +1,5 @@
import idautils
import idaapi import idaapi
import idautils
from capa.features import Characteristic from capa.features import Characteristic
from capa.features.extractors import loops from capa.features.extractors import loops

4
capa/features/extractors/ida/helpers.py
View File

@@ -1,9 +1,9 @@
import sys import sys
import string import string
import idautils
import idaapi
import idc import idc
import idaapi
import idautils
def find_byte_sequence(start, end, seq): def find_byte_sequence(start, end, seq):

14
capa/features/extractors/ida/insn.py
View File

@@ -1,19 +1,13 @@
import pprint import pprint
import idautils
import idaapi
import idc import idc
import idaapi
import idautils
from capa.features import String
from capa.features import Bytes
from capa.features import Characteristic
from capa.features import MAX_BYTES_FEATURE_SIZE
from capa.features.insn import Number
from capa.features.insn import Offset
from capa.features.insn import Mnemonic
import capa.features.extractors.helpers import capa.features.extractors.helpers
import capa.features.extractors.ida.helpers import capa.features.extractors.ida.helpers
from capa.features import MAX_BYTES_FEATURE_SIZE, Bytes, String, Characteristic
from capa.features.insn import Number, Offset, Mnemonic
_file_imports_cache = None _file_imports_cache = None

2
capa/features/extractors/loops.py
View File

@@ -1,5 +1,5 @@
from networkx.algorithms.components import strongly_connected_components
from networkx import nx from networkx import nx
from networkx.algorithms.components import strongly_connected_components
def has_loop(edges, threshold=2): def has_loop(edges, threshold=2):

1
capa/features/extractors/strings.py
View File

@@ -6,7 +6,6 @@
import re import re
from collections import namedtuple from collections import namedtuple
ASCII_BYTE = r" !\"#\$%&\'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\]\^_`abcdefghijklmnopqrstuvwxyz\{\|\}\\\~\t".encode( ASCII_BYTE = r" !\"#\$%&\'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\]\^_`abcdefghijklmnopqrstuvwxyz\{\|\}\\\~\t".encode(
"ascii" "ascii"
) )

15
capa/features/extractors/viv/__init__.py
View File

@@ -2,17 +2,16 @@ import types
import viv_utils import viv_utils
import capa.features.extractors
import capa.features.extractors.viv.file
import capa.features.extractors.viv.function
import capa.features.extractors.viv.basicblock
import capa.features.extractors.viv.insn
from capa.features.extractors import FeatureExtractor
import file import file
import insn
import function import function
import basicblock import basicblock
import insn import capa.features.extractors
import capa.features.extractors.viv.file
import capa.features.extractors.viv.insn
import capa.features.extractors.viv.function
import capa.features.extractors.viv.basicblock
from capa.features.extractors import FeatureExtractor
__all__ = ["file", "function", "basicblock", "insn"] __all__ = ["file", "function", "basicblock", "insn"]

2
capa/features/extractors/viv/basicblock.py
View File

@@ -1,5 +1,5 @@
import struct
import string import string
import struct
import envi import envi
import vivisect.const import vivisect.const

7
capa/features/extractors/viv/file.py
View File

@@ -1,11 +1,8 @@
import PE.carve as pe_carve # vivisect PE import PE.carve as pe_carve # vivisect PE
from capa.features import Characteristic
from capa.features.file import Export
from capa.features.file import Import
from capa.features.file import Section
from capa.features import String
import capa.features.extractors.strings import capa.features.extractors.strings
from capa.features import String, Characteristic
from capa.features.file import Export, Import, Section
def extract_file_embedded_pe(vw, file_path): def extract_file_embedded_pe(vw, file_path):

3
capa/features/extractors/viv/indirect_calls.py
View File

@@ -1,10 +1,9 @@
import collections import collections
import envi import envi
import vivisect.const
import envi.archs.i386.disasm import envi.archs.i386.disasm
import envi.archs.amd64.disasm import envi.archs.amd64.disasm
import vivisect.const
# pull out consts for lookup performance # pull out consts for lookup performance
i386RegOper = envi.archs.i386.disasm.i386RegOper i386RegOper = envi.archs.i386.disasm.i386RegOper

14
capa/features/extractors/viv/insn.py
View File

@@ -1,17 +1,11 @@
import envi.memory import envi.memory
import envi.archs.i386.disasm
import vivisect.const import vivisect.const
import envi.archs.i386.disasm
from capa.features import String
from capa.features import Bytes
from capa.features import Characteristic
from capa.features import MAX_BYTES_FEATURE_SIZE
from capa.features.insn import Number
from capa.features.insn import Offset
from capa.features.insn import Mnemonic
import capa.features.extractors.helpers import capa.features.extractors.helpers
from capa.features.extractors.viv.indirect_calls import NotFoundError from capa.features import MAX_BYTES_FEATURE_SIZE, Bytes, String, Characteristic
from capa.features.extractors.viv.indirect_calls import resolve_indirect_call from capa.features.insn import Number, Offset, Mnemonic
from capa.features.extractors.viv.indirect_calls import NotFoundError, resolve_indirect_call
def interface_extract_instruction_XXX(f, bb, insn): def interface_extract_instruction_XXX(f, bb, insn):

6
capa/features/freeze.py
View File

@@ -44,16 +44,14 @@ import json
import zlib import zlib
import logging import logging
import capa.features.extractors
import capa.features import capa.features
import capa.features.file import capa.features.file
import capa.features.insn
import capa.features.function import capa.features.function
import capa.features.basicblock import capa.features.basicblock
import capa.features.insn import capa.features.extractors
from capa.helpers import hex from capa.helpers import hex
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

7
capa/ida/explorer/item.py
View File

@@ -1,10 +1,9 @@
import codecs
import sys import sys
import codecs
from PyQt5 import QtCore
import idaapi
import idc import idc
import idaapi
from PyQt5 import QtCore
import capa.ida.helpers import capa.ida.helpers

34
capa/ida/explorer/model.py
View File

@@ -1,26 +1,24 @@
from PyQt5 import QtCore, QtGui, Qt
from collections import deque from collections import deque
import capa.render.utils as rutils
import idaapi
import idc import idc
import idaapi
from capa.ida.explorer.item import ( from PyQt5 import Qt, QtGui, QtCore
CapaExplorerDataItem,
CapaExplorerDefaultItem,
CapaExplorerFunctionItem,
CapaExplorerRuleItem,
CapaExplorerStringViewItem,
CapaExplorerInstructionViewItem,
CapaExplorerByteViewItem,
CapaExplorerBlockItem,
CapaExplorerRuleMatchItem,
CapaExplorerFeatureItem,
CapaExplorerSubscopeItem,
)
import capa.ida.helpers import capa.ida.helpers
import capa.render.utils as rutils
from capa.ida.explorer.item import (
CapaExplorerDataItem,
CapaExplorerRuleItem,
CapaExplorerBlockItem,
CapaExplorerDefaultItem,
CapaExplorerFeatureItem,
CapaExplorerByteViewItem,
CapaExplorerFunctionItem,
CapaExplorerSubscopeItem,
CapaExplorerRuleMatchItem,
CapaExplorerStringViewItem,
CapaExplorerInstructionViewItem,
)
# default highlight color used in IDA window # default highlight color used in IDA window
DEFAULT_HIGHLIGHT = 0xD096FF DEFAULT_HIGHLIGHT = 0xD096FF

10
capa/ida/explorer/view.py
View File

@@ -1,13 +1,9 @@
from PyQt5 import QtWidgets, QtCore, QtGui
import idaapi
import idc import idc
import idaapi
from PyQt5 import QtGui, QtCore, QtWidgets
from capa.ida.explorer.item import CapaExplorerRuleItem, CapaExplorerFunctionItem
from capa.ida.explorer.model import CapaExplorerDataModel from capa.ida.explorer.model import CapaExplorerDataModel
from capa.ida.explorer.item import (
CapaExplorerFunctionItem,
CapaExplorerRuleItem,
)
class CapaExplorerQtreeView(QtWidgets.QTreeView): class CapaExplorerQtreeView(QtWidgets.QTreeView):

2
capa/ida/helpers/__init__.py
View File

@@ -1,7 +1,7 @@
import logging import logging
import idaapi
import idc import idc
import idaapi
logger = logging.getLogger("capa") logger = logging.getLogger("capa")

6
capa/ida/ida_capa_explorer.py
View File

@@ -2,16 +2,14 @@ import os
import logging import logging
import collections import collections
from PyQt5 import QtWidgets, QtGui, QtCore
import idaapi import idaapi
from PyQt5 import QtGui, QtCore, QtWidgets
import capa.main import capa.main
import capa.rules import capa.rules
import capa.features.extractors.ida
import capa.ida.helpers import capa.ida.helpers
import capa.render.utils as rutils import capa.render.utils as rutils
import capa.features.extractors.ida
from capa.ida.explorer.view import CapaExplorerQtreeView from capa.ida.explorer.view import CapaExplorerQtreeView
from capa.ida.explorer.model import CapaExplorerDataModel from capa.ida.explorer.model import CapaExplorerDataModel
from capa.ida.explorer.proxy import CapaExplorerSortFilterProxyModel from capa.ida.explorer.proxy import CapaExplorerSortFilterProxyModel

10
capa/ida/ida_rule_generator.py
View File

@@ -5,19 +5,15 @@ import binascii
import textwrap import textwrap
from collections import Counter, defaultdict from collections import Counter, defaultdict
from PyQt5 import QtWidgets, QtCore
from PyQt5.QtWidgets import QTreeWidget, QTreeWidgetItem, QTextEdit, QHeaderView
import idc import idc
import idaapi import idaapi
from PyQt5 import QtCore, QtWidgets
from PyQt5.QtWidgets import QTextEdit, QHeaderView, QTreeWidget, QTreeWidgetItem
import capa import capa
import capa.main import capa.main
from capa.ida import plugin_helpers
import capa.features.extractors.ida.helpers import capa.features.extractors.ida.helpers
from capa.ida import plugin_helpers
logger = logging.getLogger("rulegen") logger = logging.getLogger("rulegen")

6
capa/ida/plugin_helpers.py
View File

@@ -1,12 +1,10 @@
import os import os
import logging import logging
from PyQt5.QtWidgets import QTreeWidgetItem, QTreeWidgetItemIterator
from PyQt5.QtCore import Qt
import idc import idc
import idaapi import idaapi
from PyQt5.QtCore import Qt
from PyQt5.QtWidgets import QTreeWidgetItem, QTreeWidgetItemIterator
CAPA_EXTENSION = ".capas" CAPA_EXTENSION = ".capas"

4
capa/main.py
View File

@@ -3,9 +3,9 @@
capa - detect capabilities in programs. capa - detect capabilities in programs.
""" """
import os import os
import os.path
import sys import sys
import logging import logging
import os.path
import collections import collections
import tqdm import tqdm
@@ -19,10 +19,8 @@ import capa.version
import capa.features import capa.features
import capa.features.freeze import capa.features.freeze
import capa.features.extractors import capa.features.extractors
from capa.helpers import oint from capa.helpers import oint
SUPPORTED_FILE_MAGIC = set(["MZ"]) SUPPORTED_FILE_MAGIC = set(["MZ"])

1
capa/render/__init__.py
View File

@@ -1,4 +1,5 @@
import json import json
import six import six
import capa.rules import capa.rules

5
capa/rules.py
View File

@@ -7,15 +7,14 @@ import six
import ruamel.yaml import ruamel.yaml
import capa.engine import capa.engine
from capa.engine import *
import capa.features import capa.features
import capa.features.file import capa.features.file
import capa.features.insn
import capa.features.function import capa.features.function
import capa.features.basicblock import capa.features.basicblock
import capa.features.insn from capa.engine import *
from capa.features import MAX_BYTES_FEATURE_SIZE from capa.features import MAX_BYTES_FEATURE_SIZE
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

1
scripts/capafmt.py
View File

@@ -13,7 +13,6 @@ import argparse
import capa.rules import capa.rules
logger = logging.getLogger("capafmt") logger = logging.getLogger("capafmt")

1
scripts/lint.py
View File

@@ -6,7 +6,6 @@ Usage:
$ python scripts/lint.py rules/ $ python scripts/lint.py rules/
""" """
import os import os
import os.path
import sys import sys
import string import string
import hashlib import hashlib

5
scripts/migrate-rules.py
View File

@@ -7,17 +7,16 @@ example:
$ python scripts/migrate-rules.py migration.csv ./rules ./new-rules $ python scripts/migrate-rules.py migration.csv ./rules ./new-rules
""" """
import os import os
import os.path
import sys
import csv import csv
import sys
import logging import logging
import os.path
import collections import collections
import argparse import argparse
import capa.rules import capa.rules
logger = logging.getLogger("migrate-rules") logger = logging.getLogger("migrate-rules")

1
scripts/testbed/freeze_features.py
View File

@@ -16,7 +16,6 @@ import argparse
from scripts.testbed import FREEZE_EXTENSION from scripts.testbed import FREEZE_EXTENSION
from capa.features.freeze import main as freeze_features from capa.features.freeze import main as freeze_features
# only process files with these extensions # only process files with these extensions
TARGET_EXTENSIONS = [".mal_", ".exe_", ".dll_", ".sys_"] TARGET_EXTENSIONS = [".mal_", ".exe_", ".dll_", ".sys_"]

3
scripts/testbed/run_rule_on_testbed.py
View File

@@ -11,7 +11,6 @@ import sys
import json import json
import time import time
import logging import logging
from collections import defaultdict from collections import defaultdict
import argparse import argparse
@@ -19,11 +18,9 @@ import argparse
import capa.main import capa.main
import capa.rules import capa.rules
import capa.features.freeze import capa.features.freeze
from scripts.testbed import FNAMES_EXTENSION, FREEZE_EXTENSION from scripts.testbed import FNAMES_EXTENSION, FREEZE_EXTENSION
from start_ida_export_fimages import export_fimages from start_ida_export_fimages import export_fimages
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# sorry globals... # sorry globals...

1
setup.py
View File

@@ -3,7 +3,6 @@ import sys
import setuptools import setuptools
requirements = ["six", "tqdm", "pyyaml", "tabulate", "colorama", "termcolor", "ruamel.yaml"] requirements = ["six", "tqdm", "pyyaml", "tabulate", "colorama", "termcolor", "ruamel.yaml"]
if sys.version_info >= (3, 0): if sys.version_info >= (3, 0):

1
tests/fixtures.py
View File

@@ -5,7 +5,6 @@ import collections
import pytest import pytest
import viv_utils import viv_utils
CD = os.path.dirname(__file__) CD = os.path.dirname(__file__)

4
tests/test_freeze.py
View File

@@ -4,12 +4,10 @@ import capa.main
import capa.helpers import capa.helpers
import capa.features import capa.features
import capa.features.insn import capa.features.insn
import capa.features.extractors
import capa.features.freeze import capa.features.freeze
import capa.features.extractors
from fixtures import * from fixtures import *
EXTRACTOR = capa.features.extractors.NullFeatureExtractor( EXTRACTOR = capa.features.extractors.NullFeatureExtractor(
{ {
"file features": [(0x402345, capa.features.Characteristic("embedded pe")),], "file features": [(0x402345, capa.features.Characteristic("embedded pe")),],

3
tests/test_main.py
View File

@@ -3,11 +3,10 @@ import textwrap
import capa.main import capa.main
import capa.rules import capa.rules
import capa.engine import capa.engine
from capa.engine import *
import capa.features import capa.features
import capa.features.extractors.viv import capa.features.extractors.viv
from fixtures import * from fixtures import *
from capa.engine import *
def test_main(sample_9324d1a8ae37a36ae560c37448c9705a): def test_main(sample_9324d1a8ae37a36ae560c37448c9705a):

2
tests/test_rules.py
View File

@@ -3,8 +3,8 @@ import textwrap
import pytest import pytest
import capa.rules import capa.rules
from capa.features.insn import Number, Offset
from capa.features import String from capa.features import String
from capa.features.insn import Number, Offset
def test_rule_ctor(): def test_rule_ctor():

5
tests/test_viv_features.py
View File

@@ -2,14 +2,13 @@ import viv_utils
import capa.features import capa.features
import capa.features.file import capa.features.file
import capa.features.insn
import capa.features.function import capa.features.function
import capa.features.basicblock import capa.features.basicblock
import capa.features.insn
import capa.features.extractors.viv.file import capa.features.extractors.viv.file
import capa.features.extractors.viv.insn
import capa.features.extractors.viv.function import capa.features.extractors.viv.function
import capa.features.extractors.viv.basicblock import capa.features.extractors.viv.basicblock
import capa.features.extractors.viv.insn
from fixtures import * from fixtures import *