use default emptry list for ElfFileSection

2025-12-12 15:49:46 -08:00 · 2024-12-13 11:51:47 +00:00
parent 1f34795fce
commit 51d606bc0d
3 changed files with 8 additions and 8 deletions
--- a/capa/features/extractors/vmray/init.py
+++ b/capa/features/extractors/vmray/init.py
@@ -151,9 +151,8 @@ class VMRayAnalysis:
            for pefile_section in self.sample_file_static_data.pe.sections:
                self.sections[pefile_section.virtual_address] = pefile_section.name
        elif self.sample_file_static_data.elf:
-            if self.sample_file_static_data.elf.sections:
-                for elffile_section in self.sample_file_static_data.elf.sections:
-                    self.sections[elffile_section.header.sh_addr] = elffile_section.header.sh_name
+            for elffile_section in self.sample_file_static_data.elf.sections:
+                self.sections[elffile_section.header.sh_addr] = elffile_section.header.sh_name

    def _compute_monitor_processes(self):
        for process in self.sv2.processes.values():
@@ -193,13 +192,14 @@ class VMRayAnalysis:
                # for the other fields we've observed cases with slight deviations, e.g.,
                # the ppid for a process in flog.xml is not set correctly, all other data is equal
                sv2p = self.monitor_processes[monitor_process.process_id]
+                if self.monitor_processes[monitor_process.process_id] != vmray_monitor_process:
+                    logger.debug("processes differ: %s (sv2) vs. %s (flog)", sv2p, vmray_monitor_process)
+
                assert (sv2p.pid, sv2p.monitor_id, sv2p.origin_monitor_id) == (
                    vmray_monitor_process.pid,
                    vmray_monitor_process.monitor_id,
                    vmray_monitor_process.origin_monitor_id,
                )
-                if self.monitor_processes[monitor_process.process_id] != vmray_monitor_process:
-                    logger.debug("processes differ: %s (sv2) vs. %s (flog)", sv2p, vmray_monitor_process)

    def _compute_monitor_threads(self):
        for monitor_thread in self.flog.analysis.monitor_threads:
--- a/capa/features/extractors/vmray/models.py
+++ b/capa/features/extractors/vmray/models.py
@@ -276,7 +276,7 @@ class ElfFileHeader(BaseModel):

 class ElfFile(BaseModel):
    # file_header: ElfFileHeader
-    sections: Optional[list[ElfFileSection]] = None
+    sections: list[ElfFileSection] = []


 class StaticData(BaseModel):
--- a/tests/test_vmray_model.py
+++ b/tests/test_vmray_model.py
@@ -103,8 +103,8 @@ def test_vmray_model_elffile():
        """
    )

-    assert elffile.sections and elffile.sections[0].header.sh_name == "abcd1234"
-    assert elffile.sections and elffile.sections[0].header.sh_addr == 2863311530
+    assert elffile.sections[0].header.sh_name == "abcd1234"
+    assert elffile.sections[0].header.sh_addr == 2863311530


 def test_vmray_model_pefile():