ida plugin: show rule namespace in details column

2025-12-12 23:59:48 -08:00 · 2020-09-02 13:05:38 -06:00
parent 881c7984aa
commit a2a65b7553
2 changed files with 6 additions and 4 deletions
--- a/capa/ida/plugin/item.py
+++ b/capa/ida/plugin/item.py
@@ -147,10 +147,10 @@ class CapaExplorerRuleItem(CapaExplorerDataItem):

    fmt = "%s (%d matches)"

-    def __init__(self, parent, display, count, source):
+    def __init__(self, parent, name, namespace, count, source):
        """ """
-        display = self.fmt % (display, count) if count > 1 else display
-        super(CapaExplorerRuleItem, self).__init__(parent, [display, "", ""])
+        display = self.fmt % (name, count) if count > 1 else name
+        super(CapaExplorerRuleItem, self).__init__(parent, [display, "", namespace])
        self._source = source

    @property
--- a/capa/ida/plugin/model.py
+++ b/capa/ida/plugin/model.py
@@ -450,7 +450,9 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
        self.beginResetModel()

        for rule in rutils.capability_rules(doc):
-            parent = CapaExplorerRuleItem(self.root_node, rule["meta"]["name"], len(rule["matches"]), rule["source"])
+            rule_name = rule["meta"]["name"]
+            rule_namespace = rule["meta"].get("namespace")
+            parent = CapaExplorerRuleItem(self.root_node, rule_name, rule_namespace, len(rule["matches"]), rule["source"])

            for (location, match) in doc["rules"][rule["meta"]["name"]]["matches"].items():
                if rule["meta"]["scope"] == capa.rules.FILE_SCOPE: