add landing page and rules website #2309
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
produced via: ``` asciinema capa.cast ./capa Practical\ Malware\ Analysis\ Lab\ 01-01.dll_ <ctrl-d> agg --no-loop --theme solarized-light capa.cast capa.gif ```
Use the Pygments syntax-highlighting library to parse and render the YAML rule content. This way we don't have to manually traverse the rule nodes and emit lists; instead, we rely on the fact that YAML is pretty easy for humans to read and let them consume it directly, with some text formatting to help hint at the types/structure.
capa (the library) has routines for deserializing the YAML content into structured objects, which means we can use tools like mypy to find bugs. So, prefer to use those routines instead of parsing YAML ourselves.
Run and fix the issues identified by the following linters: - isort - black - ruff - mypy
Add links to the following external resources: - GitHub rule source in capa-rules repo - VirusTotal search for matching samples
Update the rules landing page to accept a HTTP query parameter named "q" that specifies an initial search term to to pass to pagefind. This enables external pages link to rule searches.
Import header from root capa landing page.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Please add bug fixes, new features, breaking changes and anything else you think is worthwhile mentioning to the master (unreleased) section of CHANGELOG.md. If no CHANGELOG update is needed add the following to the PR description: [x] No CHANGELOG update needed
williballenthin
requested review from
mr-tz,
fariss,
mike-hunhoff and
DeeyaSingh
williballenthin
added
enhancement
williballenthin
commented
Aug 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the landing page that will be found at https://mandiant.github.io/capa/ and a rule browsing web application that will be found at https://mandiant.github.io/capa/rules/.
You can view a snapshot of the site here: https://williballenthin.github.io/capa/
The rules website was written by @DeeyaSingh and developed here: https://github.com/DeeyaSingh/DeeyaSingh.github.io
I imported the code in 53d270a and have since then made some tweaks, primarily around styling and integration with the larger site.
The landing page definitely needs more work - the wording isn't great and there's a few more sections needed (especially an "examples" section). But, I figured it's better to have something to work with than to wait for perfection. Therefore, please don't hesitate to open PRs extending the landing page.
Checklist