Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update rule syntax to support scope specification for dynamic analysis flavor #1539

Closed
4 tasks done
williballenthin opened this issue Jun 12, 2023 · 1 comment · Fixed by #1580 or #1837
Closed
4 tasks done

update rule syntax to support scope specification for dynamic analysis flavor #1539

williballenthin opened this issue Jun 12, 2023 · 1 comment · Fixed by #1580 or #1837
Labels
breaking-change introduces a breaking change that should be released in a major version dynamic related to dynamic analysis flavor enhancement New feature or request

Comments

@williballenthin
Copy link
Collaborator

williballenthin commented Jun 12, 2023
edited by yelhamer
Loading

as described in #1517 (comment), update the rule syntax to support the rule metadata structure like:

rule:
  meta:
    name: create file
    scope: 
      - static: function
      - dynamic: thread
  features:
    or:
      api: CreateFile
      api: fopen

this will require changes in a bunch of places, including:

  • documentation
  • yaml parser/validator
  • result document metadata structure
  • serializer/deserializer

this issue doesn't describe how capa uses the scope specifier - only that it can parse rules with this new syntax.

while this feature is in development, its ok to map rules with rule.meta.scope: XXX to rule.meta.scope.static: XXX and rule.meta.scope.dynamic: thread. we can do a cleanup of the capa-rules once this feature works well.

the PR should be accompanied by test cases that show what happen when invalid syntax is encountered, such as unknown scope names.
@williballenthin williballenthin added enhancement New feature or request breaking-change introduces a breaking change that should be released in a major version labels Jun 12, 2023
@williballenthin williballenthin mentioned this issue Jun 12, 2023
Closed
@williballenthin williballenthin added the dynamic related to dynamic analysis flavor label Jun 14, 2023
@yelhamer yelhamer moved this from todo to next up in @yelhamer GSoC 2023 Jun 21, 2023
@yelhamer yelhamer linked a pull request Aug 2, 2023 that will close this issue
add flavored scopes #1580
Merged
3 tasks
@yelhamer yelhamer linked a pull request Jan 30, 2024 that will close this issue
add documentation for dynamic capa capabilties #1837
Merged
3 tasks
@yelhamer
Copy link
Collaborator

This feature has been implemented in v7 of capa :)

@github-project-automation github-project-automation bot moved this from next up to done in @yelhamer GSoC 2023 Jan 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking-change introduces a breaking change that should be released in a major version dynamic related to dynamic analysis flavor enhancement New feature or request
Projects
@yelhamer GSoC 2023
Status: done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add flavored scopes yelhamer/capa
add documentation for dynamic capa capabilties yelhamer/capa
2 participants
@williballenthin @yelhamer