Merge pull request #1868 from mandiant/fix/global-features

Fix global features and display

capa/features/extractors/cape/extractor.py

@@ -41,7 +41,9 @@ class CapeExtractor(DynamicFeatureExtractor):
             )
         )
         self.report: CapeReport = report
-        self.global_features = capa.features.extractors.cape.global_.extract_features(self.report)
+
+        # pre-compute these because we'll yield them at *every* scope.
+        self.global_features = list(capa.features.extractors.cape.global_.extract_features(self.report))
 
     def get_base_address(self) -> Union[AbsoluteVirtualAddress, _NoAddress, None]:
         # value according to the PE header, the actual trace may use a different imagebase

capa/main.py

@@ -1101,6 +1101,7 @@ def main(argv: Optional[List[str]] = None):
         else:
             log_unsupported_format_error()
 
+    found_file_limitation = False
     for file_extractor in file_extractors:
         if isinstance(file_extractor, DynamicFeatureExtractor):
             # Dynamic feature extractors can handle packed samples
@@ -1117,7 +1118,8 @@ def main(argv: Optional[List[str]] = None):
 
         # file limitations that rely on non-file scope won't be detected here.
         # nor on FunctionName features, because pefile doesn't support this.
-        if has_file_limitation(rules, pure_file_capabilities):
+        found_file_limitation = has_file_limitation(rules, pure_file_capabilities)
+        if found_file_limitation:
             # bail if capa encountered file limitation e.g. a packed binary
             # do show the output in verbose mode, though.
             if not (args.verbose or args.vverbose or args.json):