main: extract routines to capa.loader module

closes #1821
mandiant · Jan 25, 2024 · d8d7f28 · d8d7f28
1 parent a9e1fd9
commit d8d7f28
Show file tree

Hide file tree

Showing 13 changed files with 53 additions and 535 deletions.
diff --git a/capa/features/freeze/__init__.py b/capa/features/freeze/__init__.py
@@ -21,6 +21,7 @@
 # https://github.com/mandiant/capa/issues/1699
 from typing_extensions import TypeAlias
 
+import capa.loader
 import capa.helpers
 import capa.version
 import capa.features.file
@@ -686,9 +687,9 @@ def main(argv=None):
     args = parser.parse_args(args=argv)
     capa.main.handle_common_args(args)
 
-    sigpaths = capa.main.get_signatures(args.signatures)
+    sigpaths = capa.loader.get_signatures(args.signatures)
 
-    extractor = capa.main.get_extractor(args.sample, args.format, args.os, args.backend, sigpaths, False)
+    extractor = capa.loader.get_extractor(args.sample, args.format, args.os, args.backend, sigpaths, False)
 
     Path(args.output).write_bytes(dump(extractor))
 

diff --git a/capa/ghidra/capa_ghidra.py b/capa/ghidra/capa_ghidra.py
@@ -78,7 +78,7 @@ def run_headless():
 
     meta.analysis.feature_counts = counts["feature_counts"]
     meta.analysis.library_functions = counts["library_functions"]
-    meta.analysis.layout = capa.main.compute_layout(rules, extractor, capabilities)
+    meta.analysis.layout = capa.loader.compute_layout(rules, extractor, capabilities)
 
     if capa.capabilities.common.has_file_limitation(rules, capabilities, is_standalone=True):
         logger.info("capa encountered warnings during analysis")
@@ -128,7 +128,7 @@ def run_ui():
 
     meta.analysis.feature_counts = counts["feature_counts"]
     meta.analysis.library_functions = counts["library_functions"]
-    meta.analysis.layout = capa.main.compute_layout(rules, extractor, capabilities)
+    meta.analysis.layout = capa.loader.compute_layout(rules, extractor, capabilities)
 
     if capa.capabilities.common.has_file_limitation(rules, capabilities, is_standalone=False):
         logger.info("capa encountered warnings during analysis")

diff --git a/capa/helpers.py b/capa/helpers.py
@@ -5,6 +5,7 @@
 # Unless required by applicable law or agreed to in writing, software distributed under the License
 #  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and limitations under the License.
+import sys
 import json
 import inspect
 import logging
@@ -201,3 +202,11 @@ def log_unsupported_runtime_error():
         " If you're seeing this message on the command line, please ensure you're running a supported Python version."
     )
     logger.error("-" * 80)
+
+
+def is_running_standalone() -> bool:
+    """
+    are we running from a PyInstaller'd executable?
+    if so, then we'll be able to access `sys._MEIPASS` for the packaged resources.
+    """
+    return hasattr(sys, "frozen") and hasattr(sys, "_MEIPASS")
diff --git a/capa/ida/plugin/form.py b/capa/ida/plugin/form.py
@@ -775,7 +775,7 @@ def slot_progress_feature_extraction(text):
 
                     meta.analysis.feature_counts = counts["feature_counts"]
                     meta.analysis.library_functions = counts["library_functions"]
-                    meta.analysis.layout = capa.main.compute_layout(ruleset, self.feature_extractor, capabilities)
+                    meta.analysis.layout = capa.loader.compute_layout(ruleset, self.feature_extractor, capabilities)
                 except UserCancelledError:
                     logger.info("User cancelled analysis.")
                     return False