gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

engine: better type doc

Browse Source
This commit is contained in:
William Ballenthin
2021-06-14 10:56:44 -06:00
parent 48756a7621
commit 7372aa91c6
2 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
capa/engine.py
View File

@@ -10,14 +10,17 @@ import copy
import collections
from typing import TYPE_CHECKING, Set, Dict, List, Tuple, Union, Mapping
if TYPE_CHECKING:
from capa.rules import Rule
import capa.rules
import capa.features.common
from capa.features.common import Feature
# a collection of features and the locations at which they are found.
# used throughout matching as the context in which features are searched.
#
# used throughout matching as the context in which features are searched:
# to check if a feature exists, do: `Number(0x10) in features`.
# to collect the locations of a feature, do: `features[Number(0x10)]`
#
# aliased here so that the type can be documented and xref'd.
FeatureSet = Dict[Feature, Set[int]]
@@ -209,10 +212,22 @@ class Subscope(Statement):
# mapping from rule name to list of: (location of match, result object)
#
# used throughout matching and rendering to collection the results
# of statement evaluation and their locations.
#
# to check if a rule matched, do: `"TCP client" in matches`.
# to find where a rule matched, do: `map(first, matches["TCP client"])`
# to see how a rule matched, do:
#
# for address, match_details in matches["TCP client"]:
# inspect(match_details)
#
# aliased here so that the type can be documented and xref'd.
MatchResults = Mapping[str, List[Tuple[int, Result]]]
def match(rules: List["Rule"], features: FeatureSet, va: int) -> Tuple[FeatureSet, MatchResults]:
def match(rules: List["capa.rules.Rule"], features: FeatureSet, va: int) -> Tuple[FeatureSet, MatchResults]:
"""
Args:
rules (List[capa.rules.Rule]): these must already be ordered topologically by dependency.

9
capa/features/common.py
View File

@@ -10,13 +10,10 @@ import re
import codecs
import logging
import collections
from typing import TYPE_CHECKING, Set, Dict, Union
from typing import Set, Dict, Union
import capa.engine
import capa.features.common
if TYPE_CHECKING:
from capa.engine import Result
import capa.features
logger = logging.getLogger(__name__)
MAX_BYTES_FEATURE_SIZE = 0x100
@@ -104,7 +101,7 @@ class Feature:
def __repr__(self):
return str(self)
def evaluate(self, ctx: Dict["Feature", Set[int]]) -> "Result":
def evaluate(self, ctx: Dict["Feature", Set[int]]) -> "capa.engine.Result":
return capa.engine.Result(self in ctx, self, [], locations=ctx.get(self, []))
def freeze_serialize(self):