gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #402 from fireeye/lib-rules-subscoped

Browse Source 
potential fix for #398
This commit is contained in:
Moritz
2021-01-28 08:35:28 +01:00
committed by GitHub
parent 059ec8f3f2 7b64425c24
commit 819b6f6ccf
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
capa/rules.py
View File

@@ -866,7 +866,8 @@ class RuleSet(object):
given a collection of rules, collect the rules that are needed at the given scope. given a collection of rules, collect the rules that are needed at the given scope.
these rules are ordered topologically. these rules are ordered topologically.
don't include "lib" rules, unless they are dependencies of other rules. don't include auto-generated "subscope" rules.
we want to include general "lib" rules here - even if they are not dependencies of other rules, see #398
""" """
scope_rules = set([]) scope_rules = set([])
@@ -875,7 +876,7 @@ class RuleSet(object):
# at lower scope, e.g. function scope. # at lower scope, e.g. function scope.
# so, we find all dependencies of all rules, and later will filter them down. # so, we find all dependencies of all rules, and later will filter them down.
for rule in rules: for rule in rules:
if rule.meta.get("lib", False): if rule.meta.get("capa/subscope-rule", False):
continue continue
scope_rules.update(get_rules_and_dependencies(rules, rule.name)) scope_rules.update(get_rules_and_dependencies(rules, rule.name))

3
tests/test_rules.py
View File

@@ -282,7 +282,8 @@ def test_lib_rules():
), ),
] ]
) )
assert len(rules.function_rules) == 1 # lib rules are added to the rule set
assert len(rules.function_rules) == 2
def test_subscope_rules(): def test_subscope_rules():