adding support for capa doc meta

2026-01-01 23:40:08 -08:00 · 2020-07-02 17:46:13 -06:00
parent 60f072f025
commit 8a6a41583a
3 changed files with 9 additions and 4 deletions
--- a/capa/ida/explorer/model.py
+++ b/capa/ida/explorer/model.py
@@ -433,7 +433,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
        for rule in rutils.capability_rules(doc):
            parent = CapaExplorerRuleItem(self.root_node, rule["meta"]["name"], len(rule["matches"]), rule["source"])

-            for (location, match) in doc[rule["meta"]["name"]]["matches"].items():
+            for (location, match) in doc["rules"][rule["meta"]["name"]]["matches"].items():
                if rule["meta"]["scope"] == capa.rules.FILE_SCOPE:
                    parent2 = parent
                elif rule["meta"]["scope"] == capa.rules.FUNCTION_SCOPE:
@@ -527,7 +527,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):

        if feature["type"] == "match":
            return CapaExplorerRuleMatchItem(
-                parent, display, source=doc.get(feature[feature["type"]], {}).get("source", "")
+                parent, display, source=doc["rules"].get(feature[feature["type"]], {}).get("source", "")
            )

        if feature["type"] in instruction_view:
--- a/capa/ida/helpers/init.py
+++ b/capa/ida/helpers/init.py
@@ -5,6 +5,8 @@ import idc
 import idaapi
 import idautils

+import capa
+
 logger = logging.getLogger("capa")

 # file type names as returned by idaapi.get_file_type_name()
@@ -57,10 +59,11 @@ def collect_metadata():
        "timestamp": datetime.datetime.now().isoformat(),
        # "argv" is not relevant here
        "sample": {
-            "md5": idautils.GetInputFileMD5(),
+            "md5": capa.features.bytes_to_str(idautils.GetInputFileMD5()),
            # "sha1" not easily accessible
-            "sha256": idaapi.retrieve_input_file_sha256(),
+            "sha256": capa.features.bytes_to_str(idaapi.retrieve_input_file_sha256()),
            "path": idaapi.get_input_file_path(),
        },
        "analysis": {"format": idaapi.get_file_type_name(), "extractor": "ida",},
+        "version": capa.version.__version__,
    }
--- a/capa/ida/ida_capa_explorer.py
+++ b/capa/ida/ida_capa_explorer.py
@@ -209,6 +209,7 @@ class CapaExplorerForm(idaapi.PluginForm):
    def load_view_parent(self):
        """ load view parent """
        layout = QtWidgets.QVBoxLayout()
+
        layout.addWidget(self.view_tabs)
        layout.setMenuBar(self.view_menu_bar)

@@ -399,6 +400,7 @@ class CapaExplorerForm(idaapi.PluginForm):
    def render_capa_doc_mitre_summary(self, doc):
        """ """
        tactics = collections.defaultdict(set)
+
        for rule in rutils.capability_rules(doc):
            if not rule["meta"].get("att&ck"):
                continue