From c695b37b0e6732e9db27117e86ea293b5346e81c Mon Sep 17 00:00:00 2001 From: Acelynn Zhang Date: Tue, 2 Apr 2024 01:14:12 -0500 Subject: [PATCH] Restrict signature debug logging to vivisect backend Closes #1875 --- capa/main.py | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/capa/main.py b/capa/main.py index c10a8256b..40e697cdf 100644 --- a/capa/main.py +++ b/capa/main.py @@ -338,8 +338,9 @@ def handle_common_args(args): - rules: file system path to rule files. - signatures: file system path to signature files. - the following field may be added: + the following fields may be added: - is_default_rules: if the default rules were used. + - is_default_signatures: if the default signatures were used. args: args: The parsed command line arguments from `install_common_args`. @@ -432,25 +433,11 @@ def handle_common_args(args): if hasattr(args, "signatures"): if args.signatures == SIGNATURES_PATH_DEFAULT_STRING: - logger.debug("-" * 80) - logger.debug(" Using default embedded signatures.") - logger.debug( - " To provide your own signatures, use the form `capa.exe --signature ./path/to/signatures/ /path/to/mal.exe`." - ) - logger.debug("-" * 80) - sigs_path = get_default_root() / "sigs" - - if not sigs_path.exists(): - logger.error( - "Using default signature path, but it doesn't exist. " # noqa: G003 [logging statement uses +] - + "Please install the signatures first: " - + "https://github.com/mandiant/capa/blob/master/doc/installation.md#method-2-using-capa-as-a-python-library." - ) - raise IOError(f"signatures path {sigs_path} does not exist or cannot be accessed") + args.is_default_signatures = True else: sigs_path = Path(args.signatures) - logger.debug("using signatures path: %s", sigs_path) + args.is_default_signatures = False args.signatures = sigs_path @@ -701,6 +688,24 @@ def get_signatures_from_cli(args, input_format: str, backend: str) -> List[Path] logger.debug("skipping library code matching: signatures only supports PE files") return [] + if args.is_default_signatures: + logger.debug("-" * 80) + logger.debug(" Using default embedded signatures.") + logger.debug( + " To provide your own signatures, use the form `capa.exe --signature ./path/to/signatures/ /path/to/mal.exe`." + ) + logger.debug("-" * 80) + + if not args.signatures.exists(): + logger.error( + "Using default signature path, but it doesn't exist. " # noqa: G003 [logging statement uses +] + + "Please install the signatures first: " + + "https://github.com/mandiant/capa/blob/master/doc/installation.md#method-2-using-capa-as-a-python-library." + ) + raise IOError(f"signatures path {args.signatures} does not exist or cannot be accessed") + else: + logger.debug("using signatures path: %s", args.signatures) + try: return capa.loader.get_signatures(args.signatures) except IOError as e: