mirror of
https://github.com/mandiant/capa.git
synced 2025-12-13 08:00:44 -08:00
6a222a6139
* build(deps-dev): bump black from 22.12.0 to 23.1.0 Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * reformat black 23.1.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
63 lines
2.0 KiB
Python
63 lines
2.0 KiB
Python
# Copyright (C) 2020 Mandiant, Inc. All Rights Reserved.
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at: [package root]/LICENSE.txt
|
|
# Unless required by applicable law or agreed to in writing, software distributed under the License
|
|
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and limitations under the License.
|
|
|
|
import io
|
|
from typing import Union, Iterator
|
|
|
|
import termcolor
|
|
|
|
import capa.render.result_document as rd
|
|
|
|
|
|
def bold(s: str) -> str:
|
|
"""draw attention to the given string"""
|
|
return termcolor.colored(s, "blue")
|
|
|
|
|
|
def bold2(s: str) -> str:
|
|
"""draw attention to the given string, within a `bold` section"""
|
|
return termcolor.colored(s, "green")
|
|
|
|
|
|
def warn(s: str) -> str:
|
|
return termcolor.colored(s, "yellow")
|
|
|
|
|
|
def format_parts_id(data: Union[rd.AttackSpec, rd.MBCSpec]):
|
|
"""
|
|
format canonical representation of ATT&CK/MBC parts and ID
|
|
"""
|
|
return "%s [%s]" % ("::".join(data.parts), data.id)
|
|
|
|
|
|
def capability_rules(doc: rd.ResultDocument) -> Iterator[rd.RuleMatches]:
|
|
"""enumerate the rules in (namespace, name) order that are 'capability' rules (not lib/subscope/disposition/etc)."""
|
|
for _, _, rule in sorted(map(lambda rule: (rule.meta.namespace or "", rule.meta.name, rule), doc.rules.values())):
|
|
if rule.meta.lib:
|
|
continue
|
|
if rule.meta.is_subscope_rule:
|
|
continue
|
|
if rule.meta.maec.analysis_conclusion:
|
|
continue
|
|
if rule.meta.maec.analysis_conclusion_ov:
|
|
continue
|
|
if rule.meta.maec.malware_family:
|
|
continue
|
|
if rule.meta.maec.malware_category:
|
|
continue
|
|
if rule.meta.maec.malware_category_ov:
|
|
continue
|
|
|
|
yield rule
|
|
|
|
|
|
class StringIO(io.StringIO):
|
|
def writeln(self, s):
|
|
self.write(s)
|
|
self.write("\n")
|