From 8298347c19eca32debaeac75ee1544c9224d01fc Mon Sep 17 00:00:00 2001
From: mr-tz <moritz.raabe@mandiant.com>
Date: Tue, 26 Mar 2024 13:39:30 +0100
Subject: [PATCH] support more report formats

---
 CHANGELOG.md                            | 1 +
 capa/features/extractors/cape/models.py | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f22d0aacf..fe3ccc821 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@
 - do some imports closer to where they are used #1810 @williballenthin
 - binja: fix and simplify stack string detection code after binja 4.0 @xusheng6
 - binja: add support for forwarded export #1646 @xusheng6
+- cape: support more report formats #2035 @mr-tz
 
 
 ### capa explorer IDA Pro plugin
diff --git a/capa/features/extractors/cape/models.py b/capa/features/extractors/cape/models.py
index c90a31b5c..61e60f716 100644
--- a/capa/features/extractors/cape/models.py
+++ b/capa/features/extractors/cape/models.py
@@ -230,7 +230,7 @@ class File(FlexibleModel):
     sha1: str
     sha256: str
     sha512: str
-    sha3_384: str
+    sha3_384: Optional[str] = None
     ssdeep: str
     # unsure why this would ever be "False"
     tlsh: Optional[Union[str, bool]] = None
@@ -398,7 +398,7 @@ class CapeReport(FlexibleModel):
     behavior: Behavior
 
     # post-processed results: payloads and extracted configs
-    CAPE: Optional[Cape] = None
+    CAPE: Optional[Union[Cape, List]] = None
     dropped: Optional[List[File]] = None
     procdump: Optional[List[ProcessFile]] = None
     procmemory: ListTODO