get_format_from_report(): fix bugs and add a list of dynamic formats

capa/features/common.py

@@ -450,6 +450,7 @@ FORMAT_AUTO = "auto"
 FORMAT_SC32 = "sc32"
 FORMAT_SC64 = "sc64"
 FORMAT_CAPE = "cape"
+DYNAMIC_FORMATS = (FORMAT_CAPE,)
 FORMAT_FREEZE = "freeze"
 FORMAT_RESULT = "result"
 FORMAT_UNKNOWN = "unknown"

capa/helpers.py

@@ -59,9 +59,7 @@ def get_format_from_report(sample: str) -> str:
         report = json.load(f)
     if FORMAT_CAPE.upper() in report.keys():
         return FORMAT_CAPE
-    else:
-        # unknown report format
-        return FORMAT_UNKNOWN
+    return FORMAT_UNKNOWN
 
 
 def get_format_from_extension(sample: str) -> str:

scripts/show-features.py

@@ -81,7 +81,7 @@ import capa.render.verbose as v
 import capa.features.freeze
 import capa.features.address
 from capa.helpers import get_auto_format, log_unsupported_runtime_error
-from capa.features.common import FORMAT_AUTO, FORMAT_CAPE, FORMAT_FREEZE, is_global_feature
+from capa.features.common import FORMAT_AUTO, FORMAT_FREEZE, DYNAMIC_FORMATS, is_global_feature
 from capa.features.extractors.base_extractor import DynamicExtractor, FeatureExtractor
 
 logger = logging.getLogger("capa.show-features")
@@ -134,7 +134,7 @@ def main(argv=None):
             log_unsupported_runtime_error()
             return -1
 
-    if format_ in (FORMAT_CAPE):
+    if format_ in DYNAMIC_FORMATS:
         print_dynamic_analysis(cast(DynamicExtractor, extractor), args)
     else:
         print_static_analysis(extractor, args)