Merge pull request #69 from fireeye/capa-explorer-add-submodule-item-type

capa explorer: add subscope item type
2026-01-05 09:17:47 -08:00 · 2020-07-01 14:34:04 -06:00
parent bcd68b14b9 1cf36b5792
commit 8f6396c526
2 changed files with 12 additions and 3 deletions
--- a/capa/ida/explorer/item.py
+++ b/capa/ida/explorer/item.py
@@ -184,6 +184,14 @@ class CapaExplorerFunctionItem(CapaExplorerDataItem):
        self._data[0] = self.fmt % display


+class CapaExplorerSubscopeItem(CapaExplorerDataItem):
+
+    fmt = 'subscope(%s)'
+
+    def __init__(self, parent, scope):
+        super(CapaExplorerSubscopeItem, self).__init__(parent, [self.fmt % scope, '', ''])
+
+
 class CapaExplorerBlockItem(CapaExplorerDataItem):
    """ store data relevant to capa basic block result """

--- a/capa/ida/explorer/model.py
+++ b/capa/ida/explorer/model.py
@@ -16,7 +16,8 @@ from capa.ida.explorer.item import (
    CapaExplorerByteViewItem,
    CapaExplorerBlockItem,
    CapaExplorerRuleMatchItem,
-    CapaExplorerFeatureItem
+    CapaExplorerFeatureItem,
+    CapaExplorerSubscopeItem
 )

 import capa.ida.helpers
@@ -105,7 +106,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):

        if role == QtCore.Qt.FontRole and isinstance(item, (CapaExplorerRuleItem, CapaExplorerRuleMatchItem,
                                                            CapaExplorerBlockItem, CapaExplorerFunctionItem,
-                                                            CapaExplorerFeatureItem)) and \
+                                                            CapaExplorerFeatureItem, CapaExplorerSubscopeItem)) and \
                column == CapaExplorerDataModel.COLUMN_INDEX_RULE_INFORMATION:
            # set bold font for top-level rules
            font = QtGui.QFont()
@@ -341,7 +342,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):

            return parent2
        elif statement['type'] == 'subscope':
-            return CapaExplorerFeatureItem(parent, 'subscope(%s)' % statement['subscope'])
+            return CapaExplorerSubscopeItem(parent, statement['subscope'])
        elif statement['type'] == 'regex':
            # regex is a `Statement` not a `Feature`
            # this is because it doesn't get extracted, but applies to all strings in scope.