Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dotnet: yield FORMAT_DOTNET before FORMAT_PE when processing .NET files #2022

Closed
mike-hunhoff opened this issue Mar 6, 2024 · 3 comments · Fixed by #2024
Closed

dotnet: yield FORMAT_DOTNET before FORMAT_PE when processing .NET files #2022

mike-hunhoff opened this issue Mar 6, 2024 · 3 comments · Fixed by #2024
Labels
dotnet enhancement New feature or request good first issue Good for newcomers

Comments

@mike-hunhoff
Copy link
Collaborator

We should change the order used to yield multiple formats for .NET files so FORMAT_DOTNET is used for capa's output metadata.

capa/capa/features/extractors/dotnetfile.py

Lines 51 to 53 in 4923136

def extract_file_format(**kwargs) -> Iterator[Tuple[Format, Address]]:
yield Format(FORMAT_PE), NO_ADDRESS
yield Format(FORMAT_DOTNET), NO_ADDRESS

This order doesn't matter for matching but does matter when collecting the file's metadata because we default to the first in the list

capa/capa/loader.py

Lines 385 to 387 in 4923136

input_format = (
str(extractor_format[0]) if extractor_format else "unknown" if input_format == FORMAT_AUTO else input_format
)

@mike-hunhoff mike-hunhoff added enhancement New feature or request good first issue Good for newcomers dotnet labels Mar 6, 2024
@mr-tz
Copy link
Collaborator

mr-tz commented Mar 7, 2024

Alternatively, display all formats.

@samadpls
Copy link
Contributor

samadpls commented Mar 7, 2024

Hi @mr-tz , can i take this issue :)

@mr-tz
Copy link
Collaborator

mr-tz commented Mar 7, 2024

of course

@samadpls samadpls mentioned this issue Mar 7, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dotnet enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ENH] Refactor format in capa/features/extractors/dotnetfile.py
3 participants
@mr-tz @mike-hunhoff @samadpls