gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2300 from s-ff/add-file-scope-rules

Browse Source
This commit is contained in:
Moritz
2024-08-17 09:09:08 +02:00
committed by GitHub
parent 6b4591de14 4501955728
commit c409b2b7ed
3 changed files with 40 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
web/explorer/src/components/FunctionCapabilities.vue
View File

@@ -26,7 +26,7 @@
:showClearButton="false"
>
<template #filter v-if="props.showColumnFilters">
<InputText v-model="filters['address'].value" placeholder="Filter by name" />
<InputText v-model="filters['address'].value" placeholder="Filter by function address" />
</template>
<template #body="{ data }">
<span class="font-monospace text-base">{{ data.address }}</span>
@@ -36,9 +36,9 @@
</template>
</Column>
<Column field="rule" sortable header="Matches" class="w-min" :showFilterMenu="false" :showClearButton="false">
<Column field="rule" header="Rule Matches" class="w-min" :showFilterMenu="false" :showClearButton="false">
<template #filter v-if="props.showColumnFilters">
<InputText v-model="filters['rule'].value" placeholder="Filter by name" />
<InputText v-model="filters['rule'].value" placeholder="Filter by rule" />
</template>
<template #body="{ data }">
{{ data.rule }}
@@ -46,9 +46,9 @@
</template>
</Column>
<Column field="namespace" sortable header="Namespace" :showFilterMenu="false" :showClearButton="false">
<Column field="namespace" header="Namespace" :showFilterMenu="false" :showClearButton="false">
<template #filter v-if="props.showColumnFilters">
<InputText v-model="filters['namespace'].value" placeholder="Filter by name" />
<InputText v-model="filters['namespace'].value" placeholder="Filter by namespace" />
</template>
</Column>
</DataTable>

18
web/explorer/src/components/columns/RuleColumn.vue
View File

@@ -31,7 +31,15 @@
<template v-else-if="node.data.type === 'feature'">
<span>
- {{ node.data.typeValue }}:
<span :class="{ 'text-green-700': node.data.typeValue !== 'regex' }" class="font-monospace">
<span
:class="{ 'text-green-700': node.data.typeValue !== 'regex' }"
class="font-monospace"
v-tooltip.top="{
value: getTooltipContent(node.data),
showDelay: 1000,
hideDelay: 300
}"
>
{{ node.data.name }}
</span>
</span>
@@ -63,4 +71,12 @@ defineProps({
required: true
}
});
const getTooltipContent = (data) => {
if (data.typeValue === "number" || data.typeValue === "offset") {
const decimalValue = parseInt(data.name, 16);
return `Decimal: ${decimalValue}`;
}
return null;
};
</script>

19
web/explorer/src/utils/rdocParser.js
View File

@@ -108,6 +108,9 @@ export function parseFunctionCapabilities(doc) {
// Map to store capabilities matched to each function
const matchesByFunction = new Map();
// Add a special entry for file-level matches
matchesByFunction.set("file", new Set());
// Iterate through all rules in the document
for (const [, rule] of Object.entries(doc.rules)) {
if (rule.meta.scopes.static === "function") {
@@ -133,12 +136,26 @@ export function parseFunctionCapabilities(doc) {
.add({ name: rule.meta.name, namespace: rule.meta.namespace, lib: rule.meta.lib });
}
}
} else if (rule.meta.scopes.static === "file") {
// Add file-level matches to the special 'file' entry
matchesByFunction.get("file").add({
name: rule.meta.name,
namespace: rule.meta.namespace,
lib: rule.meta.lib
});
}
// (else) Ignoring file scope rules
}
const result = [];
// Add file-level matches if there are any
if (matchesByFunction.get("file").size > 0) {
result.push({
address: "file",
capabilities: Array.from(matchesByFunction.get("file"))
});
}
// Iterate through all functions in the document
for (const f of doc.meta.analysis.feature_counts.functions) {
const addr = formatAddress(f.address);