scripts: add cli arguments to specify signatures

2025-12-12 23:59:48 -08:00 · 2021-03-04 15:04:33 -07:00
parent c0f4fe6867
commit c2a4629c62
6 changed files with 30 additions and 6 deletions
--- a/capa/features/freeze.py
+++ b/capa/features/freeze.py
@@ -273,6 +273,14 @@ def main(argv=None):
            choices=(capa.main.BACKEND_VIV, capa.main.BACKEND_SMDA),
            default=capa.main.BACKEND_VIV,
        )
+    parser.add_argument(
+        "--signature",
+        action="append",
+        dest="signatures",
+        type=str,
+        default=[],
+        help="use the given signatures to identify library functions, file system paths to .sig/.pat files.",
+    )
    args = parser.parse_args(args=argv)

    if args.quiet:
@@ -286,7 +294,7 @@ def main(argv=None):
        logging.getLogger().setLevel(logging.INFO)

    backend = args.backend if sys.version_info > (3, 0) else capa.main.BACKEND_VIV
-    extractor = capa.main.get_extractor(args.sample, args.format, backend)
+    extractor = capa.main.get_extractor(args.sample, args.format, backend, sigpaths=args.signatures)
    with open(args.output, "wb") as f:
        f.write(dump(extractor))

--- a/scripts/bulk-process.py
+++ b/scripts/bulk-process.py
@@ -95,7 +95,7 @@ def get_capa_results(args):
    rules, format, path = args
    logger.info("computing capa results for: %s", path)
    try:
-        extractor = capa.main.get_extractor(path, format, capa.main.BACKEND_VIV, disable_progress=True)
+        extractor = capa.main.get_extractor(path, format, capa.main.BACKEND_VIV, args.signatures, disable_progress=True)
    except capa.main.UnsupportedFormatError:
        # i'm 100% sure if multiprocessing will reliably raise exceptions across process boundaries.
        # so instead, return an object with explicit success/failure status.
@@ -147,6 +147,14 @@ def main(argv=None):
            default="(embedded rules)",
            help="Path to rule file or directory, use embedded rules by default",
        )
+        parser.add_argument(
+            "--signature",
+            action="append",
+            dest="signatures",
+            type=str,
+            default=[],
+            help="use the given signatures to identify library functions, file system paths to .sig/.pat files.",
+        )
        parser.add_argument("-d", "--debug", action="store_true", help="Enable debugging output on STDERR")
        parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output but errors")
        parser.add_argument(
--- a/scripts/capa_as_library.py
+++ b/scripts/capa_as_library.py
@@ -191,7 +191,7 @@ def render_dictionary(doc):
 def capa_details(file_path, output_format="dictionary"):

    # extract features and find capabilities
-    extractor = capa.main.get_extractor(file_path, "auto", capa.main.BACKEND_VIV, disable_progress=True)
+    extractor = capa.main.get_extractor(file_path, "auto", capa.main.BACKEND_VIV, sigpaths=[], disable_progress=True)
    capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True)

    # collect metadata (used only to make rendering more complete)
--- a/scripts/lint.py
+++ b/scripts/lint.py
@@ -201,7 +201,7 @@ class DoesntMatchExample(Lint):
                continue

            try:
-                extractor = capa.main.get_extractor(path, "auto", capa.main.BACKEND_VIV, disable_progress=True)
+                extractor = capa.main.get_extractor(path, "auto", capa.main.BACKEND_VIV, sigpaths=[], disable_progress=True)
                capabilities, meta = capa.main.find_capabilities(ctx["rules"], extractor, disable_progress=True)
            except Exception as e:
                logger.error("failed to extract capabilities: %s %s %s", rule.name, path, e)
--- a/scripts/show-capabilities-by-function.py
+++ b/scripts/show-capabilities-by-function.py
@@ -138,6 +138,14 @@ def main(argv=None):
            default="auto",
            help="Select sample format, %s" % format_help,
        )
+        parser.add_argument(
+            "--signature",
+            action="append",
+            dest="signatures",
+            type=str,
+            default=[],
+            help="use the given signatures to identify library functions, file system paths to .sig/.pat files.",
+        )
        args = parser.parse_args(args=argv)

        if args.quiet:
@@ -199,7 +207,7 @@ def main(argv=None):
        else:
            format = args.format
            try:
-                extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV)
+                extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV, args.signatures)
            except capa.main.UnsupportedFormatError:
                logger.error("-" * 80)
                logger.error(" Input file does not appear to be a PE file.")
--- a/scripts/show-features.py
+++ b/scripts/show-features.py
@@ -125,7 +125,7 @@ def main(argv=None):
            extractor = capa.features.freeze.load(f.read())
    else:
        try:
-            extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV)
+            extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV, sigpaths=[])
        except capa.main.UnsupportedFormatError:
            logger.error("-" * 80)
            logger.error(" Input file does not appear to be a PE file.")