Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add foreground window check.yml #812

Merged
merged 4 commits into from
Aug 11, 2023
Merged

Add foreground window check.yml #812

merged 4 commits into from
Aug 11, 2023

Conversation

ejfocampo
Copy link
Contributor

No description provided.

@ejfocampo
Copy link
Contributor Author

ejfocampo commented Aug 10, 2023
edited
Loading

Initial checks failed. Local testing shows no problem with linting.

python3 ../scripts/lint.py --thorough -t "foreground window check" -v . 
INFO:lint:successfully loaded 829 rules
INFO:lint:collecting potentially referenced samples
INFO:lint:no lints failed, nice!

I might've submitted the PR too early. Probably need to merge mandiant/capa-testfiles#209 first.

@mr-tz
Copy link
Collaborator

mr-tz commented Aug 10, 2023

Yes, that should be fixed once the testfiles PR is merged.

mr-tz
mr-tz requested changes Aug 10, 2023
View reviewed changes
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic looks good, please address the naming comments

anti-analysis/anti-av/foreground-window-check.yml Outdated
@@ -0,0 +1,23 @@
rule:
meta:
name: foreground window check
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
name: foreground window check
name: expect foreground window switch

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or detect/check? this should complete the sentence: "this sample may..."

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

once you've picked a name, the rule file also needs to be renamed

Copy link
Contributor Author

@ejfocampo ejfocampo Aug 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adjusted the name based on the formatting of other rules within the same dir. thanks for the feedback

mr-tz
mr-tz reviewed Aug 10, 2023
View reviewed changes
anti-analysis/anti-av/foreground-window-check.yml Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you remove this file and then we're good to merge

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ooops. deleted. thanks for the catch Moritz.

mr-tz
mr-tz approved these changes Aug 11, 2023
View reviewed changes
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@mr-tz mr-tz merged commit 4f3b994 into mandiant:master Aug 11, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mr-tz mr-tz mr-tz approved these changes

@williballenthin williballenthin williballenthin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ejfocampo @mr-tz @williballenthin