Feat/warn for dynamic dotnet #2568
Conversation
There was a problem hiding this comment.
I've added some comments inline. Would you review and let me know what you think @v1bh475u? If the proposals work for you, please try them out. If you disagree, let's figure out alternatives.
Signed-off-by: vibhatsu <[email protected]>
Signed-off-by: vibhatsu <[email protected]>
Signed-off-by: vibhatsu <[email protected]>
Signed-off-by: vibhatsu <[email protected]>
|
@williballenthin I have made the changes as we had discussed. Please review them whenever you are free. |
| def find_file_limitations_from_cli(args, rules: RuleSet, file_extractors: list[FeatureExtractor]) -> bool: | ||
| def find_static_limitations_from_cli(args, rules: RuleSet, file_extractors: list[FeatureExtractor]) -> bool: |
There was a problem hiding this comment.
one thing we're losing in the changes is the documentation/naming that makes clear that the static limitations are derived from file extractors (like pefile) not full disassembly-derived extractors (like vivisect). they should be lightweight. so lets find the right place to re-add this documentation.
There was a problem hiding this comment.
Can you please give some more insights?
There was a problem hiding this comment.
we use lightweight file-scoped extractors, like the pefile extractor, during the initial pass to find these static file limitations, because they run quickly and can avoid spending lots of time doing analysis that won't be useful. the new function names don't make it clear that they're working with file-level features. we should update the comments to explain this.
does that help?
There was a problem hiding this comment.
"""
args:
args: The parsed command line arguments from `install_common_args`.
Only file-scoped feature extractors like pefile are used.
Dynamic feature extractors can handle packed samples and do not need to be considered here.
raises:
ShouldExitError: if the program is invoked incorrectly and should exit.
"""how about this line addition?
There was a problem hiding this comment.
cool, sounds good
capa/main.py
Outdated
| args: | ||
| args: The parsed command line arguments from `install_common_args`. | ||
|
|
||
| Handles dynamic dotnet samples. |
There was a problem hiding this comment.
| Handles dynamic dotnet samples. | |
| For example, notifies when handling .NET samples in a sandbox, which may rely on different API patterns. |
There was a problem hiding this comment.
please put explanations before the args/returns/raises blocks.
…comments Signed-off-by: vibhatsu <[email protected]>
Signed-off-by: vibhatsu <[email protected]>
…e related functions Signed-off-by: vibhatsu <[email protected]>
|
@williballenthin I have made some changes as you had suggested. Please review whenever you are free. |
| def find_file_limitations_from_cli(args, rules: RuleSet, file_extractors: list[FeatureExtractor]) -> bool: | ||
| def find_static_limitations_from_cli(args, rules: RuleSet, file_extractors: list[FeatureExtractor]) -> bool: |
There was a problem hiding this comment.
we use lightweight file-scoped extractors, like the pefile extractor, during the initial pass to find these static file limitations, because they run quickly and can avoid spending lots of time doing analysis that won't be useful. the new function names don't make it clear that they're working with file-level features. we should update the comments to explain this.
does that help?
Signed-off-by: vibhatsu <[email protected]>
Signed-off-by: vibhatsu <[email protected]>
|
Done with changes. Please review. |
closes #1864
Checklist