Merge branch 'master' into Aayush-Goel-04/Issue#331

2025-12-12 15:49:46 -08:00 · 2023-08-07 21:02:42 +05:30
parent 0fdc1dd3f5 eb7aa63be6
commit b3a9763a32
17 changed files with 79 additions and 91 deletions
--- a/scripts/bulk-process.py
+++ b/scripts/bulk-process.py
@@ -144,8 +144,7 @@ def get_capa_results(args):
    meta.analysis.layout = capa.main.compute_layout(rules, extractor, capabilities)

    doc = rd.ResultDocument.from_capa(meta, rules, capabilities)
-
-    return {"path": path, "status": "ok", "ok": doc.dict(exclude_none=True)}
+    return {"path": path, "status": "ok", "ok": doc.model_dump()}


 def main(argv=None):
@@ -214,7 +213,9 @@ def main(argv=None):
            if result["status"] == "error":
                logger.warning(result["error"])
            elif result["status"] == "ok":
-                results[result["path"].as_posix()] = rd.ResultDocument.parse_obj(result["ok"]).json(exclude_none=True)
+                results[result["path"].as_posix()] = rd.ResultDocument.model_validate(result["ok"]).model_dump_json(
+                    exclude_none=True
+                )
            else:
                raise ValueError(f"unexpected status: {result['status']}")

--- a/scripts/lint.py
+++ b/scripts/lint.py
@@ -309,7 +309,7 @@ def get_sample_capabilities(ctx: Context, path: Path) -> Set[str]:

    logger.debug("analyzing sample: %s", nice_path)
    extractor = capa.main.get_extractor(
-        nice_path, format_, OS_AUTO, "", DEFAULT_SIGNATURES, False, disable_progress=True
+        nice_path, format_, OS_AUTO, capa.main.BACKEND_VIV, DEFAULT_SIGNATURES, False, disable_progress=True
    )

    capabilities, _ = capa.main.find_capabilities(ctx.rules, extractor, disable_progress=True)
@@ -569,6 +569,10 @@ class FeatureNtdllNtoskrnlApi(Lint):
                    "ZwCreateProcess",
                    "ZwCreateUserProcess",
                    "RtlCreateUserProcess",
+                    "NtProtectVirtualMemory",
+                    "NtEnumerateSystemEnvironmentValuesEx",
+                    "NtQuerySystemEnvironmentValueEx",
+                    "NtQuerySystemEnvironmentValue",
                ):
                    # ntoskrnl.exe does not export these routines
                    continue
@@ -579,6 +583,7 @@ class FeatureNtdllNtoskrnlApi(Lint):
                    "KeStackAttachProcess",
                    "ObfDereferenceObject",
                    "KeUnstackDetachProcess",
+                    "ExGetFirmwareEnvironmentVariable",
                ):
                    # ntdll.dll does not export these routines
                    continue
--- a/scripts/proto-to-results.py
+++ b/scripts/proto-to-results.py
@@ -78,7 +78,7 @@ def main(argv=None):
    rdpb.ParseFromString(pb)

    rd = capa.render.proto.doc_from_pb2(rdpb)
-    print(rd.json(exclude_none=True, indent=2, sort_keys=True))
+    print(rd.model_dump_json(exclude_none=True, indent=2))


 if __name__ == "__main__":