various fixes

capa/features/extractors/base_extractor.py

@@ -412,8 +412,6 @@ class DynamicFeatureExtractor:
         """
         Yields all the features of a process. These include:
         - file features of the process' image
-        - inter-process injection
-        - detected dynamic DLL loading
         """
         raise NotImplementedError()
 
@@ -429,8 +427,6 @@ class DynamicFeatureExtractor:
         """
         Yields all the features of a thread. These include:
         - sequenced api traces
-        - file/registry interactions
-        - network activity
         """
         raise NotImplementedError()
 

capa/features/extractors/helpers.py

@@ -55,8 +55,8 @@ def generate_symbols(dll: str, symbol: str) -> Iterator[str]:
     dll = dll.lower()
 
     # trim extensions observed in dynamic traces
-    dll = dll.replace(".dll", "")
-    dll = dll.replace(".drv", "")
+    dll = dll[0:-4] if dll.endswith(".dll") else dll
+    dll = dll[0:-4] if dll.endswith(".drv") else dll
 
     # kernel32.CreateFileA
     yield f"{dll}.{symbol}"

capa/features/freeze/__init__.py

@@ -624,11 +624,11 @@ def is_freeze(buf: bytes) -> bool:
     return buf[: len(MAGIC)] == MAGIC
 
 
-def is_static(buf: bytes) -> bool:
+def is_static_freeze(buf: bytes) -> bool:
     return buf[: len(STATIC_MAGIC)] == STATIC_MAGIC
 
 
-def is_dynamic(buf: bytes) -> bool:
+def is_dynamic_freeze(buf: bytes) -> bool:
     return buf[: len(DYNAMIC_MAGIC)] == DYNAMIC_MAGIC
 
 
@@ -636,9 +636,9 @@ def load(buf: bytes):
     """deserialize a set of features (as a NullFeatureExtractor) from a byte array."""
     if not is_freeze(buf):
         raise ValueError("missing magic header")
-    if is_static(buf):
+    if is_static_freeze(buf):
         return loads_static(zlib.decompress(buf[len(STATIC_MAGIC) :]).decode("utf-8"))
-    elif is_dynamic(buf):
+    elif is_dynamic_freeze(buf):
         return loads_dynamic(zlib.decompress(buf[len(DYNAMIC_MAGIC) :]).decode("utf-8"))
     else:
         raise ValueError("invalid magic header")