gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-09 11:45:20 -08:00
Code Issues Packages Projects Releases Wiki Activity

changes for upstream

Browse Source
This commit is contained in:
Michael Hunhoff
2020-07-01 07:41:02 -06:00
parent 5d83773036
commit 2e12504083
2 changed files with 7 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
capa/ida/explorer/model.py
View File

@@ -1,6 +1,8 @@
from PyQt5 import QtCore, QtGui, Qt
from collections import deque
import capa.render.utils as rutils
import idaapi
import idc
@@ -296,25 +298,6 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
return item.childCount()
def capa_capability_rules(self, doc):
""" enumerate the rules in (namespace, name) order that are 'capability'
rules (not lib/subscope/disposition/etc) """
for (_, _, rule) in sorted(
map(lambda rule: (rule['meta']['namespace'], rule['meta']['name'], rule), doc.values())):
if rule['meta'].get('lib'):
continue
if rule['meta'].get('capa/subscope'):
continue
if rule['meta'].get('maec/analysis-conclusion'):
continue
if rule['meta'].get('maec/analysis-conclusion-ov'):
continue
if rule['meta'].get('maec/malware-category'):
continue
if rule['meta'].get('maec/malware-category-ov'):
continue
yield rule
def render_capa_doc_statement_node(self, parent, statement, doc):
""" render capa statement read from doc
@@ -410,7 +393,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
"""
self.beginResetModel()
for rule in self.capa_capability_rules(doc):
for rule in rutils.capability_rules(doc):
parent = CapaExplorerRuleItem(self.root_node, rule['meta']['name'], len(rule['matches']), rule['source'])
for (location, match) in doc[rule['meta']['name']]['matches'].items():

37
capa/ida/ida_capa_explorer.py
View File

@@ -14,6 +14,7 @@ import capa.main
import capa.rules
import capa.features.extractors.ida
import capa.ida.helpers
import capa.render.utils as rutils
from capa.ida.explorer.view import CapaExplorerQtreeView
from capa.ida.explorer.model import CapaExplorerDataModel
@@ -381,41 +382,11 @@ class CapaExplorerForm(idaapi.PluginForm):
logger.info('render views completed.')
def capa_capability_rules(self, doc):
""" """
for (_, _, rule) in sorted(
map(lambda rule: (rule['meta']['namespace'], rule['meta']['name'], rule), doc.values())):
if rule['meta'].get('lib'):
continue
if rule['meta'].get('capa/subscope'):
continue
if rule['meta'].get('maec/analysis-conclusion'):
continue
if rule['meta'].get('maec/analysis-conclusion-ov'):
continue
if rule['meta'].get('maec/malware-category'):
continue
if rule['meta'].get('maec/malware-category-ov'):
continue
yield rule
def render_capa_doc_summary(self, doc):
""" """
for (row, rule) in enumerate(self.capa_capability_rules(doc)):
if rule['meta'].get('lib'):
continue
if rule['meta'].get('capa/subscope'):
continue
if rule['meta'].get('maec/analysis-conclusion'):
continue
if rule['meta'].get('maec/analysis-conclusion-ov'):
continue
if rule['meta'].get('maec/malware-category'):
continue
if rule['meta'].get('maec/malware-category-ov'):
continue
for (row, rule) in enumerate(rutils.capability_rules(doc)):
count = len(rule['matches'])
if count == 1:
capability = rule['meta']['name']
else:
@@ -432,7 +403,7 @@ class CapaExplorerForm(idaapi.PluginForm):
def render_capa_doc_mitre_summary(self, doc):
""" """
tactics = collections.defaultdict(set)
for rule in self.capa_capability_rules(doc):
for rule in rutils.capability_rules(doc):
if not rule['meta'].get('att&ck'):
continue