gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 07:40:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix black

Browse Source
This commit is contained in:
mr-tz
2024-06-12 09:24:16 +00:00
parent 893352756f
commit 97a3fba2c9
2 changed files with 12 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
scripts/capa2sarif.py
View File

@@ -72,9 +72,7 @@ def _parse_args() -> argparse.Namespace:
help="Compatibility for Radare r2sarif plugin v2.0", help="Compatibility for Radare r2sarif plugin v2.0",
) )
parser.add_argument("-t", "--tag", help="Filter on rule meta field values (ruleid)") parser.add_argument("-t", "--tag", help="Filter on rule meta field values (ruleid)")
parser.add_argument( parser.add_argument("--version", action="version", version=f"%(prog)s {__version__}")
"--version", action="version", version=f"%(prog)s {__version__}"
)
return parser.parse_args() return parser.parse_args()
@@ -89,22 +87,16 @@ def main() -> int:
with Path(args.capa_output).open() as capa_output: with Path(args.capa_output).open() as capa_output:
json_data = json.load(capa_output) json_data = json.load(capa_output)
except ValueError: except ValueError:
logger.error( logger.error("Input data was not valid JSON, input should be a capa json output file.")
"Input data was not valid JSON, input should be a capa json output file."
)
return -1 return -1
except json.JSONDecodeError: except json.JSONDecodeError:
# An exception has occured # An exception has occured
logger.error( logger.error("Input data was not valid JSON, input should be a capa json output file.")
"Input data was not valid JSON, input should be a capa json output file."
)
return -2 return -2
# Marshall json into Sarif # Marshall json into Sarif
# Create baseline sarif structure to be populated from json data # Create baseline sarif structure to be populated from json data
sarif_structure: Optional[dict] = _sarif_boilerplate( sarif_structure: Optional[dict] = _sarif_boilerplate(json_data["meta"], json_data["rules"])
json_data["meta"], json_data["rules"]
)
if sarif_structure is None: if sarif_structure is None:
logger.errort("An Error has occured creating default sarif structure.") logger.errort("An Error has occured creating default sarif structure.")
return -3 return -3
@@ -120,9 +112,7 @@ def main() -> int:
# artifacts must include a description as well with a text field. # artifacts must include a description as well with a text field.
if "artifacts" in sarif_structure["runs"][0]: if "artifacts" in sarif_structure["runs"][0]:
sarif_structure["runs"][0]["artifacts"][0]["description"] = { sarif_structure["runs"][0]["artifacts"][0]["description"] = {"text": "placeholder"}
"text": "placeholder"
}
# For better compliance with Ghidra table. Iteraction through properties['additionalProperties'] # For better compliance with Ghidra table. Iteraction through properties['additionalProperties']
""" """
@@ -170,13 +160,9 @@ def _sarif_boilerplate(data_meta: dict, data_rules: dict) -> Optional[dict]:
"id": id, "id": id,
"name": data_rules[key]["meta"]["name"], "name": data_rules[key]["meta"]["name"],
"shortDescription": {"text": data_rules[key]["meta"]["name"]}, "shortDescription": {"text": data_rules[key]["meta"]["name"]},
"messageStrings": { "messageStrings": {"default": {"text": data_rules[key]["meta"]["name"]}},
"default": {"text": data_rules[key]["meta"]["name"]}
},
"properties": { "properties": {
"namespace": data_rules[key]["meta"]["namespace"] "namespace": data_rules[key]["meta"]["namespace"] if "namespace" in data_rules[key]["meta"] else [],
if "namespace" in data_rules[key]["meta"]
else [],
"scopes": data_rules[key]["meta"]["scopes"], "scopes": data_rules[key]["meta"]["scopes"],
"references": data_rules[key]["meta"]["references"], "references": data_rules[key]["meta"]["references"],
"lib": data_rules[key]["meta"]["lib"], "lib": data_rules[key]["meta"]["lib"],
@@ -285,9 +271,7 @@ def _enumerate_evidence(node: dict, related_count: int) -> List[dict]:
) )
return [] return []
else: else:
logger.error( logger.error("Not implemented %s", node.get("node").get("type"), file=sys.stderr)
"Not implemented %s", node.get("node").get("type"), file=sys.stderr
)
return [] return []
for loc in node.get("locations"): for loc in node.get("locations"):

5
tests/test_scripts.py
View File

@@ -40,7 +40,10 @@ def get_rule_path():
[ [
pytest.param("capa2yara.py", [get_rules_path()]), pytest.param("capa2yara.py", [get_rules_path()]),
pytest.param("capafmt.py", [get_rule_path()]), pytest.param("capafmt.py", [get_rule_path()]),
pytest.param("capa2sarif.py", [Path(__file__).resolve().parent / "data" / "rd" / "Practical Malware Analysis Lab 01-01.dll_.json"]), pytest.param(
"capa2sarif.py",
[Path(__file__).resolve().parent / "data" / "rd" / "Practical Malware Analysis Lab 01-01.dll_.json"],
),
# testing some variations of linter script # testing some variations of linter script
pytest.param("lint.py", ["-t", "create directory", get_rules_path()]), pytest.param("lint.py", ["-t", "create directory", get_rules_path()]),
# `create directory` rule has native and .NET example PEs # `create directory` rule has native and .NET example PEs