gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 23:59:48 -08:00
Code Issues Packages Projects Releases Wiki Activity
1,561 Commits 43 Branches 48 Tags
d9e173276611e6e9617024842f8278e75c6fae37
Commit Graph

1561 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
d9e1732766 build(deps): bump ruamel-yaml from 0.17.5 to 0.17.7 
Bumps [ruamel-yaml](https://sourceforge.net/p/ruamel-yaml/code/ci/default/tree) from 0.17.5 to 0.17.7.

---
updated-dependencies:
- dependency-name: ruamel-yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-07 06:02:38 +00:00
Ana Maria Martinez Gomez
6ffa5ef53e changelog: fix number of new rules 
This was caused by a bug in the GH action which updates this number
automatically:
https://github.com/fireeye/capa-rules/pull/405
 2021-06-04 19:47:57 +02:00
Ana María Martínez Gómez
e737595339 Merge pull request #604 from Ana06/lint_changelog 
ci: lint CHANGELOG
 2021-06-04 13:33:11 +02:00
Capa Bot
94cb090afe Sync capa rules submodule 2021-06-04 09:10:09 +00:00
Moritz
32e0a5dce2 Merge pull request #598 from fireeye/render/json-attck-fields 
parse att&ck for output doc
 2021-06-02 16:54:31 +02:00
Ana Maria Martinez Gomez
f304bdbd20 ci: lint CHANGELOG 
The sync GH action in capa-rules relies on a single '- *$' in the
CHANGELOG file. Check in the tests that this is the case to avoid that
it is removed.

This happened in the following PR:
https://github.com/fireeye/capa/pull/591
This caused that the new rules in the following PR were not added to the
CHANGELOG:
https://github.com/fireeye/capa-rules/pull/400
 2021-06-02 12:42:48 +02:00
Ana Maria Martinez Gomez
1a3286beda ci: fix CHANGELOG 
The `-` used by the GitHub actions which updates the rules in the
CHANGELOG was removed in:
https://github.com/fireeye/capa/pull/591
Consequently the new rules added in the last pull request were not added
to the CHANGELOG:
https://github.com/fireeye/capa-rules/pull/400
 2021-06-02 12:12:48 +02:00
Moritz Raabe
63cd70029f dedup code 2021-06-02 11:06:49 +02:00
Moritz Raabe
94089ff43f parse att&ck for output doc 2021-06-02 10:37:19 +02:00
Capa Bot
8f1ce68e96 Sync capa rules submodule 2021-06-01 17:51:43 +00:00
Willi Ballenthin
37208aabd3 Merge pull request #591 from fireeye/feature-590 
main: use rule scope internal/limitation/file for file limitations, not code
 2021-06-01 11:50:56 -06:00
Willi Ballenthin
8c3605c886 Merge branch 'master' into feature-590 2021-06-01 11:50:40 -06:00
William Ballenthin
2706a7171e linter: fix match namespace handling 
closes #601
 2021-06-01 11:38:05 -06:00
William Ballenthin
8f3d443247 rules: use existing code, dedup 2021-06-01 11:25:38 -06:00
Willi Ballenthin
9968d16f21 Merge pull request #593 from fireeye/feature-159 
json: capture all strings matching regex
 2021-06-01 11:18:08 -06:00
Willi Ballenthin
2756c05889 Merge branch 'master' into feature-159 2021-06-01 11:17:41 -06:00
William Ballenthin
8a65c565a5 pep8 2021-06-01 11:06:12 -06:00
William Ballenthin
17eeecc526 render: handle namespace matches in result document 2021-05-31 10:28:11 -06:00
William Ballenthin
3b245ea201 rules: index rules by namespace 2021-05-31 10:28:00 -06:00
William Ballenthin
3cd348e8f7 rules: implement __contains__ for RuleSet 2021-05-31 10:27:44 -06:00
William Ballenthin
6d08695b38 Merge branch 'master' of github.com:fireeye/capa into feature-590 2021-05-31 09:54:33 -06:00
William Ballenthin
66b2c07af4 main: show matching file limitation rule when showing warning 2021-05-31 09:53:19 -06:00
Capa Bot
b8a67553d0 Sync capa rules submodule 2021-05-31 08:53:38 +00:00
Moritz
82eae4324e Merge pull request #595 from fireeye/dependabot/pip/ruamel-yaml-0.17.5 
build(deps): bump ruamel-yaml from 0.17.4 to 0.17.5
 2021-05-31 10:39:33 +02:00
Moritz
ac9c132c91 Merge pull request #594 from fireeye/dependabot/pip/tqdm-4.61.0 
build(deps): bump tqdm from 4.60.0 to 4.61.0
 2021-05-31 10:39:14 +02:00
Moritz
c2953b9733 Merge pull request #576 from fireeye/render/json-mbc-attck-fields 
render `rule.meta.mbc` on output
 2021-05-31 10:38:27 +02:00
Moritz
30de93b81f Merge pull request #596 from fireeye/tests/fix-smda-fails 
fix smda test xfail
 2021-05-31 10:37:43 +02:00
Moritz Raabe
e6f45b63d6 fix test xfail 2021-05-31 10:02:31 +02:00
dependabot[bot]
c1b689a375 build(deps): bump ruamel-yaml from 0.17.4 to 0.17.5 
Bumps [ruamel-yaml](https://sourceforge.net/p/ruamel-yaml/code/ci/default/tree) from 0.17.4 to 0.17.5.

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-31 05:57:42 +00:00
dependabot[bot]
c1546cf6a8 build(deps): bump tqdm from 4.60.0 to 4.61.0 
Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.60.0 to 4.61.0.
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](https://github.com/tqdm/tqdm/compare/v4.60.0...v4.61.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-31 05:57:33 +00:00
Moritz Raabe
de96bb763b address code review 2021-05-28 16:52:17 +02:00
Moritz Raabe
9e62bd1b24 update renderers 2021-05-28 16:40:15 +02:00
Moritz Raabe
54d21a043e parse mbc for result doc 2021-05-28 16:40:15 +02:00
Moritz Raabe
f593592ff0 parse mbc fields 2021-05-28 16:40:15 +02:00
Willi Ballenthin
ed02088c82 detect (and short circuit) file limitations at file scope (#586) 
* smda: move pe carve into helpers

* smda: simplify test parametrization/xfail

* extractors: add pefile extractor for file scope features

* pep8

* main: bail early on file limitation detected at file scope

closes #583

* changelog
 2021-05-28 08:14:44 -06:00
Ana María Martínez Gómez
b3fff51002 Merge pull request #584 from Ana06/changelog-GA 
ci: Reject PRs without CHANGELOG update
 2021-05-28 12:09:06 +02:00
Ana Maria Martinez Gomez
51884fea2d doc: Fix link and add more details 
Fix broken link to `pull_request_template.md` and add some more details.

Related #457
 2021-05-28 12:07:21 +02:00
Ana Maria Martinez Gomez
84b0bc6439 changelog: Add #584 to CHANGELOG 2021-05-28 11:08:05 +02:00
Ana Maria Martinez Gomez
38d41e2f59 ci: fix get-changed-files 
Ana06/get-changed-files@v1.1 is a fork of
https://github.com/jitterbit/get-changed-files, which supports
`pull_request_target` and allow to filter files using regular
expressions.

As we need to use `pull_request_target`, Ana06/get-changed-files@v1.1
works, but jitterbit/get-changed-files@v1 doesn't.
 2021-05-28 11:08:04 +02:00
Ana Maria Martinez Gomez
23ff9e719f ci: only reject once and fix dismiss 
`Ana06/automatic-pull-request-review@v0.1.0` is a fork of
https://github.com/AndrewMusgrave/automatic-pull-request-review which
fixes `DISMISS` and provides an `allow_duplicate` option which allows to
only approve once.
 2021-05-28 11:08:04 +02:00
Ana Maria Martinez Gomez
7a0a6f9cf1 ci: check changelog 
Request changes in a PR without CHANGELOG update.
 2021-05-28 11:08:04 +02:00
Ana Maria Martinez Gomez
f6960e4deb github: Improve pull request template 
After using the PR template for a while, I think simplifying it will be
helpful:

- GitHub includes the commit message description automatically with the
aim of saving you time as it is sometimes also a good PR description.
With the current template, I need to cut this test and paste it into the
description section (which is really annoying!).

- Make a single simpler checklist. Add information as comment and have a
straightforward list which helps us remembering the changelog, tests and
documentation without needing to invest much time. The changelog
bulletpoint will also be used in GitHub Actions.
 2021-05-28 11:08:00 +02:00
Willi Ballenthin
bd63ded1dd file scope API features (#568) 
* smda: minor unrelated fixes

* file features: extract API features at file scope for library functions

closes #567

* changelog

* ida: add file-scope API feature

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>

* fix lints from pylance

* features: use "function-name" for recognized linked functions

* pep8

* pep8

* rules: remove incorrect feature scope

* tests: xfail SMDA tests relying on function id

* tests: fixtures: order tests by sample, ideally improving memory usage

* pep8

* pep8

* smda: xfail two more tests

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>
 2021-05-27 12:59:00 -06:00
William Ballenthin
3c90e909a1 pep8 2021-05-27 10:45:01 -06:00
William Ballenthin
70396ffa36 ida: try to fix regex match rendering 2021-05-27 10:38:40 -06:00
William Ballenthin
56efb2adfe changelog 2021-05-27 10:28:41 -06:00
William Ballenthin
868b5ed6a3 features: extract all strings matching regex 
closes #159
 2021-05-27 10:27:39 -06:00
William Ballenthin
0a226e8b01 main: use rule scope internal/limitation/file for file limitations, not 
code

closes #390
 2021-05-27 09:18:55 -06:00
Capa Bot
7df29b491c Sync capa-testfiles submodule 2021-05-27 07:08:00 +00:00
Capa Bot
f0fb5fb346 Sync capa rules submodule 2021-05-26 21:03:50 +00:00