gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

capa/main.py: move has_rule_with_namespace() to capa.rules.RuleSet

Browse Source
This commit is contained in:
Yacine Elhamer
2023-10-20 20:10:29 +02:00
parent aae72667a3
commit ab06c94d80
2 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
capa/main.py
View File

@@ -134,12 +134,6 @@ def set_vivisect_log_level(level):
logging.getLogger("Elf").setLevel(level)
def has_rule_with_namespace(rules: RuleSet, capabilities: MatchResults, namespace: str) -> bool:
return any(
rules.rules[rule_name].meta.get("namespace", "").startswith(namespace) for rule_name in capabilities.keys()
)
def is_supported_format(sample: Path) -> bool:
"""
Return if this is a supported file based on magic header values

7
capa/rules/__init__.py
View File

@@ -43,7 +43,7 @@ import capa.features.file
import capa.features.insn
import capa.features.common
import capa.features.basicblock
from capa.engine import Statement, FeatureSet
from capa.engine import Statement, FeatureSet, MatchResults
from capa.features.common import MAX_BYTES_FEATURE_SIZE, Feature
from capa.features.address import Address
@@ -1622,6 +1622,11 @@ class RuleSet:
break
return RuleSet(list(rules_filtered))
def has_rule_with_namespace(self, capabilities: MatchResults, namespace: str) -> bool:
return any(
self.rules[rule_name].meta.get("namespace", "").startswith(namespace) for rule_name in capabilities.keys()
)
def match(self, scope: Scope, features: FeatureSet, addr: Address) -> Tuple[FeatureSet, ceng.MatchResults]:
"""
match rules from this ruleset at the given scope against the given features.