Merge pull request #147 from fireeye/improve-handling-of-features-without-value

improve rendering of features with no value
2026-01-08 03:11:05 -08:00 · 2020-07-14 23:18:24 -06:00
parent 532ee68bde d0f3a90aef
commit bc85cd1297
4 changed files with 28 additions and 14 deletions
--- a/capa/features/init.py
+++ b/capa/features/init.py
@@ -39,10 +39,13 @@ class Feature(object):
        return self.value

    def __str__(self):
-        if self.description:
-            return "%s(%s = %s)" % (self.name, self.get_value_str(), self.description)
+        if self.value:
+            if self.description:
+                return "%s(%s = %s)" % (self.name, self.get_value_str(), self.description)
+            else:
+                return "%s(%s)" % (self.name, self.get_value_str())
        else:
-            return "%s(%s)" % (self.name, self.get_value_str())
+            return "%s" % self.name

    def __repr__(self):
        return str(self)
--- a/capa/features/basicblock.py
+++ b/capa/features/basicblock.py
@@ -8,6 +8,9 @@ class BasicBlock(Feature):
    def __str__(self):
        return "basic block"

+    def get_value_str(self):
+        return ""
+
    def freeze_serialize(self):
        return (self.__class__.__name__, [])

--- a/capa/ida/explorer/model.py
+++ b/capa/ida/explorer/model.py
@@ -467,10 +467,13 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):

                bytes(01 14 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 = CLSID_ShellLink)
        """
-        if feature.get("description", ""):
-            return "%s(%s = %s)" % (feature["type"], feature[feature["type"]], feature["description"])
+        if feature[feature["type"]]:
+            if feature.get("description", ""):
+                return "%s(%s = %s)" % (feature["type"], feature[feature["type"]], feature["description"])
+            else:
+                return "%s(%s)" % (feature["type"], feature[feature["type"]])
        else:
-            return "%s(%s)" % (feature["type"], feature[feature["type"]])
+            return "%s" % feature["type"]

    def render_capa_doc_feature_node(self, parent, feature, locations, doc):
        """ process capa doc feature node
--- a/capa/render/vverbose.py
+++ b/capa/render/vverbose.py
@@ -44,12 +44,15 @@ def render_statement(ostream, match, statement, indent=0):
        # so, we have to inline some of the feature rendering here.

        child = statement["child"]
-        value = rutils.bold2(child[child["type"]])

-        if child.get("description"):
-            ostream.write("count(%s(%s = %s)): " % (child["type"], value, child["description"]))
+        if child[child["type"]]:
+            value = rutils.bold2(child[child["type"]])
+            if child.get("description"):
+                ostream.write("count(%s(%s = %s)): " % (child["type"], value, child["description"]))
+            else:
+                ostream.write("count(%s(%s)): " % (child["type"], value))
        else:
-            ostream.write("count(%s(%s)): " % (child["type"], value))
+            ostream.write("count(%s): " % child["type"])

        if statement["max"] == statement["min"]:
            ostream.write("%d" % (statement["min"]))
@@ -79,11 +82,13 @@ def render_feature(ostream, match, feature, indent=0):

    ostream.write(feature["type"])
    ostream.write(": ")
-    ostream.write(rutils.bold2(feature[feature["type"]]))

-    if "description" in feature:
-        ostream.write(capa.rules.DESCRIPTION_SEPARATOR)
-        ostream.write(feature["description"])
+    if feature[feature["type"]]:
+        ostream.write(rutils.bold2(feature[feature["type"]]))
+
+        if "description" in feature:
+            ostream.write(capa.rules.DESCRIPTION_SEPARATOR)
+            ostream.write(feature["description"])

    render_locations(ostream, match)
    ostream.write("\n")