add error message for invalid report files

2025-12-12 15:49:46 -08:00 · 2023-08-18 14:28:02 +02:00
parent d741544514
commit 9144d12e51
2 changed files with 24 additions and 1 deletions
--- a/capa/helpers.py
+++ b/capa/helpers.py
@@ -141,6 +141,17 @@ def log_unsupported_format_error():
    logger.error("-" * 80)


+def log_unsupported_cape_report_error():
+    logger.error("-" * 80)
+    logger.error(" Input file is not a valid CAPE report.")
+    logger.error(" ")
+    logger.error(" capa currently only supports analyzing standard CAPE json reports.")
+    logger.error(
+        " Please make sure your report file is in the standard format and contains both the static and dynamic sections."
+    )
+    logger.error("-" * 80)
+
+
 def log_unsupported_os_error():
    logger.error("-" * 80)
    logger.error(" Input file does not appear to target a supported OS.")
--- a/capa/main.py
+++ b/capa/main.py
@@ -63,6 +63,7 @@ from capa.helpers import (
    redirecting_print_to_tqdm,
    log_unsupported_arch_error,
    log_unsupported_format_error,
+    log_unsupported_cape_report_error,
 )
 from capa.exceptions import UnsupportedOSError, UnsupportedArchError, UnsupportedFormatError, UnsupportedRuntimeError
 from capa.features.common import (
@@ -111,6 +112,8 @@ E_INVALID_FILE_TYPE = 16
 E_INVALID_FILE_ARCH = 17
 E_INVALID_FILE_OS = 18
 E_UNSUPPORTED_IDA_VERSION = 19
+E_MISSING_CAPE_STATIC_ANALYSIS = 20
+E_MISSING_CAPE_DYNAMIC_ANALYSIS = 21

 logger = logging.getLogger("capa")

@@ -1491,6 +1494,12 @@ def main(argv: Optional[List[str]] = None):
    except (ELFError, OverflowError) as e:
        logger.error("Input file '%s' is not a valid ELF file: %s", args.sample, str(e))
        return E_CORRUPT_FILE
+    except UnsupportedFormatError:
+        if format_ == FORMAT_CAPE:
+            log_unsupported_cape_report_error()
+        else:
+            log_unsupported_format_error()
+        return E_INVALID_FILE_TYPE

    for file_extractor in file_extractors:
        try:
@@ -1555,7 +1564,10 @@ def main(argv: Optional[List[str]] = None):
                    disable_progress=args.quiet or args.debug,
                )
            except UnsupportedFormatError:
-                log_unsupported_format_error()
+                if format_ == FORMAT_CAPE:
+                    log_unsupported_cape_report_error()
+                else:
+                    log_unsupported_format_error()
                return E_INVALID_FILE_TYPE
            except UnsupportedArchError:
                log_unsupported_arch_error()