Merge pull request #820 from mandiant/fix/linter-file-format

auto recognize shellcode based on file extension
mandiant · Nov 2, 2021 · e9a7dbc · e9a7dbc
2 parents 10dc895 + e9170a1
commit e9a7dbc
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/scripts/lint.py b/scripts/lint.py
@@ -230,9 +230,16 @@ def get_sample_capabilities(ctx: Context, path: Path) -> Set[str]:
         logger.debug("found cached results: %s: %d capabilities", nice_path, len(ctx.capabilities_by_sample[path]))
         return ctx.capabilities_by_sample[path]
 
+    if nice_path.endswith(capa.main.EXTENSIONS_SHELLCODE_32):
+        format = "sc32"
+    elif nice_path.endswith(capa.main.EXTENSIONS_SHELLCODE_64):
+        format = "sc64"
+    else:
+        format = "auto"
+
     logger.debug("analyzing sample: %s", nice_path)
     extractor = capa.main.get_extractor(
-        nice_path, "auto", capa.main.BACKEND_VIV, DEFAULT_SIGNATURES, False, disable_progress=True
+        nice_path, format, capa.main.BACKEND_VIV, DEFAULT_SIGNATURES, False, disable_progress=True
     )
 
     capabilities, _ = capa.main.find_capabilities(ctx.rules, extractor, disable_progress=True)