gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dynamic-extractor' into dynamic-features

Browse Source
This commit is contained in:
Yacine Elhamer
2023-06-13 14:26:14 +01:00
parent 5a10b612a1 a6ca3aaa66
commit 45c3345bbc
1 changed files with 2 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
capa/features/extractors/base_extractor.py
View File

@@ -327,7 +327,7 @@ class DynamicExtractor(FeatureExtractor):
raise NotImplementedError()
@abc.abstractmethod
def get_threads(self, ph: ProcessHandle) -> Iterator[ProcessHandle]:
def get_threads(self, ph: ProcessHandle) -> Iterator[ThreadHandle]:
"""
Yields all the threads that a process created.
@@ -341,26 +341,7 @@ class DynamicExtractor(FeatureExtractor):
"""
Yields all the features of a thread. These include:
- sequenced api traces
- files/registris interacted with
- file/registry interactions
- network activity
"""
raise NotImplementedError()
@abc.abstractclassmethod
def from_trace(cls, trace: TextIO) -> "DynamicExtractor":
"""
Most sandboxes provide reports in a serialized text format (i.e. JSON for Cuckoo and CAPE).
This routine takes a file descriptor of such report (analysis trace) and returns a corresponding DynamicExtractor object.
"""
raise NotImplementedError()
@abc.abstractclassmethod
def submit_sample(cls, sample: BinaryIO, api: Dict[str, str]) -> "DynamicExtractor":
"""
This routine takes a sample and submits it for analysis to the provided api. The trace should then ideally be passed to the from_trace() method.
Attributes:
sample: file descriptor of the sample
api: contains information such as the uri, api key, etc.
"""
raise NotImplementedError()