Skip to content

Commit

Permalink
pep8
Browse files Browse the repository at this point in the history
  • Loading branch information
@williballenthin
williballenthin committed Jan 16, 2025
1 parent 55d2049 commit bbde950
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 18 deletions.
4 changes: 2 additions & 2 deletions capa/capabilities/dynamic.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ def next(self, ch: CallHandle, call_features: FeatureSet):
continue

# Don't update in place!
#
#
# The address sets are passed into `rule.evaluate()` by reference,
# and ultimately used to populate Result instances.
# So if we update them after Results are collected, then we can't find the locations of matches.
Expand Down Expand Up @@ -156,7 +156,7 @@ def next(self, ch: CallHandle, call_features: FeatureSet):
# see: https://github.com/mandiant/capa/pull/2532#issuecomment-2548508130
for new_rule in newly_encountered_rules:
suppressed_rules -= set(self.ruleset.rules[new_rule].get_dependencies(self.ruleset.rules_by_namespace))

for rule_name, res in matches.items():
if rule_name in suppressed_rules:
continue
Expand Down
2 changes: 1 addition & 1 deletion capa/features/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ def __str__(self):
# as this object isn't user facing, this formatting is just to help with debugging

lines = []

def rec(m: "Result", indent: int):
if isinstance(m.statement, capa.engine.Statement):
line = (" " * indent) + str(m.statement.name) + " " + str(m.success)
Expand All @@ -124,7 +125,6 @@ def rec(m: "Result", indent: int):
return "\n".join(lines)



class Feature(abc.ABC): # noqa: B024
# this is an abstract class, since we don't want anyone to instantiate it directly,
# but it doesn't have any abstract methods.
Expand Down
33 changes: 20 additions & 13 deletions capa/render/result_document.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -406,15 +406,18 @@ def from_capa(
# like the way a function contains a basic block.
# So when we have a match within a sequence for another sequence, we need to look
# for all the places it might be found.
#
#
# Despite the edge cases (like API hammering), this turns out to be pretty easy:
# collect the most recent match (with the given name) prior to the wanted location.
matches_in_thread = sorted([
(a.id, m) for a, m in rule_matches.items()
if isinstance(a, DynamicCallAddress)
and a.thread == location.thread
and a.id <= location.id
])
matches_in_thread = sorted(
[
(a.id, m)
for a, m in rule_matches.items()
if isinstance(a, DynamicCallAddress)
and a.thread == location.thread
and a.id <= location.id
]
)
_, most_recent_match = matches_in_thread[-1]
children.append(Match.from_capa(rules, capabilities, most_recent_match))

Expand Down Expand Up @@ -466,12 +469,15 @@ def from_capa(
if location in rule_matches:
children.append(Match.from_capa(rules, capabilities, rule_matches[location]))
else:
matches_in_thread = sorted([
(a.id, m) for a, m in rule_matches.items()
if isinstance(a, DynamicCallAddress)
and a.thread == location.thread
and a.id <= location.id
])
matches_in_thread = sorted(
[
(a.id, m)
for a, m in rule_matches.items()
if isinstance(a, DynamicCallAddress)
and a.thread == location.thread
and a.id <= location.id
]
)
_, most_recent_match = matches_in_thread[-1]
children.append(Match.from_capa(rules, capabilities, most_recent_match))
else:
Expand Down Expand Up @@ -522,6 +528,7 @@ def __str__(self):
# as this object isn't user facing, this formatting is just to help with debugging

lines = []

def rec(m: "Match", indent: int):
if isinstance(m.node, StatementNode):
line = (" " * indent) + str(m.node.statement.type) + " " + str(m.success)
Expand Down
1 change: 1 addition & 0 deletions capa/render/verbose.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
from capa.engine import MatchResults
from capa.render.utils import Console


def format_address(address: frz.Address) -> str:
if address.type == frz.AddressType.ABSOLUTE:
assert isinstance(address.value, int)
Expand Down
4 changes: 2 additions & 2 deletions capa/render/vverbose.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ def collect_sequence_locations(
yield from collect_sequence_locations(child, child_mode)
elif isinstance(match.node.statement, rd.RangeStatement):
for location in match.locations:
if location.type not in (frz.AddressType.CALL, ):
if location.type not in (frz.AddressType.CALL,):
continue
if mode == MODE_FAILURE:
continue
Expand All @@ -340,7 +340,7 @@ def collect_sequence_locations(
yield from collect_sequence_locations(child, mode)
elif isinstance(match.node, rd.FeatureNode):
for location in match.locations:
if location.type not in (frz.AddressType.CALL, ):
if location.type not in (frz.AddressType.CALL,):
continue
if mode == MODE_FAILURE:
continue
Expand Down

0 comments on commit bbde950

Please sign in to comment.