main: don't require rules to render result document directly (#2611)

2025-12-12 07:40:38 -08:00 · 2025-02-24 17:47:00 +01:00
parent a94c68377a
commit 4c9d81072a
2 changed files with 41 additions and 35 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@

 ### Bug Fixes
 - only parse CAPE fields required for analysis @mike-hunhoff #2607
+- main: render result document without needing associated rules @williballenthin #2610

 ### capa Explorer Web

--- a/capa/main.py
+++ b/capa/main.py
@@ -995,7 +995,27 @@ def main(argv: Optional[list[str]] = None):
        handle_common_args(args)
        ensure_input_exists_from_cli(args)
        input_format = get_input_format_from_cli(args)
-        rules = get_rules_from_cli(args)
+    except ShouldExitError as e:
+        return e.status_code
+
+    if input_format == FORMAT_RESULT:
+        # render the result document immediately,
+        # no need to load the rules or do other processing.
+        result_doc = capa.render.result_document.ResultDocument.from_file(args.input_file)
+
+        if args.json:
+            print(result_doc.model_dump_json(exclude_none=True))
+        elif args.vverbose:
+            print(capa.render.vverbose.render_vverbose(result_doc))
+        elif args.verbose:
+            print(capa.render.verbose.render_verbose(result_doc))
+        else:
+            print(capa.render.default.render_default(result_doc))
+        return 0
+
+    try:
+        rules: RuleSet = get_rules_from_cli(args)
+
        found_limitation = False
        file_extractors = get_file_extractors_from_cli(args, input_format)
        if input_format in STATIC_FORMATS:
@@ -1003,45 +1023,30 @@ def main(argv: Optional[list[str]] = None):
            found_limitation = find_static_limitations_from_cli(args, rules, file_extractors)
        if input_format in DYNAMIC_FORMATS:
            found_limitation = find_dynamic_limitations_from_cli(args, rules, file_extractors)
+
+        backend = get_backend_from_cli(args, input_format)
+        sample_path = get_sample_path_from_cli(args, backend)
+        if sample_path is None:
+            os_ = "unknown"
+        else:
+            os_ = capa.loader.get_os(sample_path)
+        extractor: FeatureExtractor = get_extractor_from_cli(args, input_format, backend)
    except ShouldExitError as e:
        return e.status_code

-    meta: rdoc.Metadata
-    capabilities: Capabilities
+    capabilities: Capabilities = find_capabilities(rules, extractor, disable_progress=args.quiet)

-    if input_format == FORMAT_RESULT:
-        # result document directly parses into meta, capabilities
-        result_doc = capa.render.result_document.ResultDocument.from_file(args.input_file)
-        meta, capabilities = result_doc.to_capa()
+    meta: rdoc.Metadata = capa.loader.collect_metadata(
+        argv, args.input_file, input_format, os_, args.rules, extractor, capabilities
+    )
+    meta.analysis.layout = capa.loader.compute_layout(rules, extractor, capabilities.matches)

-    else:
-        # all other formats we must create an extractor
-        # and use that to extract meta and capabilities
-
-        try:
-            backend = get_backend_from_cli(args, input_format)
-            sample_path = get_sample_path_from_cli(args, backend)
-            if sample_path is None:
-                os_ = "unknown"
-            else:
-                os_ = capa.loader.get_os(sample_path)
-            extractor = get_extractor_from_cli(args, input_format, backend)
-        except ShouldExitError as e:
-            return e.status_code
-
-        capabilities = find_capabilities(rules, extractor, disable_progress=args.quiet)
-
-        meta = capa.loader.collect_metadata(
-            argv, args.input_file, input_format, os_, args.rules, extractor, capabilities
-        )
-        meta.analysis.layout = capa.loader.compute_layout(rules, extractor, capabilities.matches)
-
-        if found_limitation:
-            # bail if capa's static feature extractor encountered file limitation e.g. a packed binary
-            # or capa's dynamic feature extractor encountered some limitation e.g. a dotnet sample
-            # do show the output in verbose mode, though.
-            if not (args.verbose or args.vverbose or args.json):
-                return E_FILE_LIMITATION
+    if found_limitation:
+        # bail if capa's static feature extractor encountered file limitation e.g. a packed binary
+        # or capa's dynamic feature extractor encountered some limitation e.g. a dotnet sample
+        # do show the output in verbose mode, though.
+        if not (args.verbose or args.vverbose or args.json):
+            return E_FILE_LIMITATION

    if args.json:
        print(capa.render.json.render(meta, rules, capabilities.matches))