gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

Make backend a required parameter in get_extractor

Browse Source 
Make the `backend` argument required in the `get_extractor` internal
routine. Specify a backend in the scripts which call this function. Add
a CLI backend option in capa/features/freeze.py as well.
This commit is contained in:
Ana Maria Martinez Gomez
2021-02-23 17:38:06 +01:00
parent a026cb84d1
commit d28ba3c628
7 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
capa/features/freeze.py
View File

@@ -264,6 +264,14 @@ def main(argv=None):
parser.add_argument(
"-f", "--format", choices=[f[0] for f in formats], default="auto", help="Select sample format, %s" % format_help
)
parser.add_argument(
"-b",
"--backend",
type=str,
help="select the backend to use in Python 3 (this option is ignored in Python 2)",
choices=(capa.main.BACKEND_VIV, capa.main.BACKEND_SMDA),
default=capa.main.BACKEND_VIV,
)
args = parser.parse_args(args=argv)
if args.quiet:
@@ -276,7 +284,7 @@ def main(argv=None):
logging.basicConfig(level=logging.INFO)
logging.getLogger().setLevel(logging.INFO)
extractor = capa.main.get_extractor(args.sample, args.format)
extractor = capa.main.get_extractor(args.sample, args.format, args.backend)
with open(args.output, "wb") as f:
f.write(dump(extractor))

2
capa/main.py
View File

@@ -335,7 +335,7 @@ def get_extractor_py3(path, format, backend, disable_progress=False):
return capa.features.extractors.viv.VivisectFeatureExtractor(vw, path)
def get_extractor(path, format, backend=BACKEND_VIV, disable_progress=False):
def get_extractor(path, format, backend, disable_progress=False):
"""
raises:
UnsupportedFormatError:

2
scripts/bulk-process.py
View File

@@ -95,7 +95,7 @@ def get_capa_results(args):
rules, format, path = args
logger.info("computing capa results for: %s", path)
try:
extractor = capa.main.get_extractor(path, format, disable_progress=True)
extractor = capa.main.get_extractor(path, format, capa.main.BACKEND_VIV, disable_progress=True)
except capa.main.UnsupportedFormatError:
# i'm 100% sure if multiprocessing will reliably raise exceptions across process boundaries.
# so instead, return an object with explicit success/failure status.

2
scripts/capa_as_library.py
View File

@@ -191,7 +191,7 @@ def render_dictionary(doc):
def capa_details(file_path, output_format="dictionary"):
# extract features and find capabilities
extractor = capa.main.get_extractor(file_path, "auto", disable_progress=True)
extractor = capa.main.get_extractor(file_path, "auto", capa.main.BACKEND_VIV, disable_progress=True)
capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True)
# collect metadata (used only to make rendering more complete)

2
scripts/lint.py
View File

@@ -201,7 +201,7 @@ class DoesntMatchExample(Lint):
continue
try:
extractor = capa.main.get_extractor(path, "auto", disable_progress=True)
extractor = capa.main.get_extractor(path, "auto", capa.main.BACKEND_VIV, disable_progress=True)
capabilities, meta = capa.main.find_capabilities(ctx["rules"], extractor, disable_progress=True)
except Exception as e:
logger.error("failed to extract capabilities: %s %s %s", rule.name, path, e)

2
scripts/show-capabilities-by-function.py
View File

@@ -199,7 +199,7 @@ def main(argv=None):
else:
format = args.format
try:
extractor = capa.main.get_extractor(args.sample, args.format)
extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV)
except capa.main.UnsupportedFormatError:
logger.error("-" * 80)
logger.error(" Input file does not appear to be a PE file.")

2
scripts/show-features.py
View File

@@ -125,7 +125,7 @@ def main(argv=None):
extractor = capa.features.freeze.load(f.read())
else:
try:
extractor = capa.main.get_extractor(args.sample, args.format)
extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV)
except capa.main.UnsupportedFormatError:
logger.error("-" * 80)
logger.error(" Input file does not appear to be a PE file.")