From 2e125040830eb98751be3c507a70b5c1b4bb6b67 Mon Sep 17 00:00:00 2001 From: Michael Hunhoff Date: Wed, 1 Jul 2020 07:41:02 -0600 Subject: [PATCH] changes for upstream --- capa/ida/explorer/model.py | 23 +++------------------- capa/ida/ida_capa_explorer.py | 37 ++++------------------------------- 2 files changed, 7 insertions(+), 53 deletions(-) diff --git a/capa/ida/explorer/model.py b/capa/ida/explorer/model.py index c754643d..34a1a796 100644 --- a/capa/ida/explorer/model.py +++ b/capa/ida/explorer/model.py @@ -1,6 +1,8 @@ from PyQt5 import QtCore, QtGui, Qt from collections import deque +import capa.render.utils as rutils + import idaapi import idc @@ -296,25 +298,6 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel): return item.childCount() - def capa_capability_rules(self, doc): - """ enumerate the rules in (namespace, name) order that are 'capability' - rules (not lib/subscope/disposition/etc) """ - for (_, _, rule) in sorted( - map(lambda rule: (rule['meta']['namespace'], rule['meta']['name'], rule), doc.values())): - if rule['meta'].get('lib'): - continue - if rule['meta'].get('capa/subscope'): - continue - if rule['meta'].get('maec/analysis-conclusion'): - continue - if rule['meta'].get('maec/analysis-conclusion-ov'): - continue - if rule['meta'].get('maec/malware-category'): - continue - if rule['meta'].get('maec/malware-category-ov'): - continue - yield rule - def render_capa_doc_statement_node(self, parent, statement, doc): """ render capa statement read from doc @@ -410,7 +393,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel): """ self.beginResetModel() - for rule in self.capa_capability_rules(doc): + for rule in rutils.capability_rules(doc): parent = CapaExplorerRuleItem(self.root_node, rule['meta']['name'], len(rule['matches']), rule['source']) for (location, match) in doc[rule['meta']['name']]['matches'].items(): diff --git a/capa/ida/ida_capa_explorer.py b/capa/ida/ida_capa_explorer.py index 8039f456..873e0513 100644 --- a/capa/ida/ida_capa_explorer.py +++ b/capa/ida/ida_capa_explorer.py @@ -14,6 +14,7 @@ import capa.main import capa.rules import capa.features.extractors.ida import capa.ida.helpers +import capa.render.utils as rutils from capa.ida.explorer.view import CapaExplorerQtreeView from capa.ida.explorer.model import CapaExplorerDataModel @@ -381,41 +382,11 @@ class CapaExplorerForm(idaapi.PluginForm): logger.info('render views completed.') - def capa_capability_rules(self, doc): - """ """ - for (_, _, rule) in sorted( - map(lambda rule: (rule['meta']['namespace'], rule['meta']['name'], rule), doc.values())): - if rule['meta'].get('lib'): - continue - if rule['meta'].get('capa/subscope'): - continue - if rule['meta'].get('maec/analysis-conclusion'): - continue - if rule['meta'].get('maec/analysis-conclusion-ov'): - continue - if rule['meta'].get('maec/malware-category'): - continue - if rule['meta'].get('maec/malware-category-ov'): - continue - yield rule - def render_capa_doc_summary(self, doc): """ """ - for (row, rule) in enumerate(self.capa_capability_rules(doc)): - if rule['meta'].get('lib'): - continue - if rule['meta'].get('capa/subscope'): - continue - if rule['meta'].get('maec/analysis-conclusion'): - continue - if rule['meta'].get('maec/analysis-conclusion-ov'): - continue - if rule['meta'].get('maec/malware-category'): - continue - if rule['meta'].get('maec/malware-category-ov'): - continue - + for (row, rule) in enumerate(rutils.capability_rules(doc)): count = len(rule['matches']) + if count == 1: capability = rule['meta']['name'] else: @@ -432,7 +403,7 @@ class CapaExplorerForm(idaapi.PluginForm): def render_capa_doc_mitre_summary(self, doc): """ """ tactics = collections.defaultdict(set) - for rule in self.capa_capability_rules(doc): + for rule in rutils.capability_rules(doc): if not rule['meta'].get('att&ck'): continue