Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vverbose don't show author in output #993

Closed
mr-tz opened this issue Apr 12, 2022 · 16 comments
Closed

vverbose don't show author in output #993

mr-tz opened this issue Apr 12, 2022 · 16 comments
Assignees
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@mr-tz
Copy link
Collaborator

mr-tz commented Apr 12, 2022

analogous to #973, remove author as not really helpful when inspecting rules

@mr-tz mr-tz added the enhancement New feature or request label Apr 12, 2022
@williballenthin williballenthin added the good first issue Good for newcomers label Apr 12, 2022
@pradkrish
Copy link

I am happy to work on this. is this still open?

@williballenthin
Copy link
Collaborator

williballenthin commented Apr 28, 2022

that would be great! please make an attempt and open a PR for review and merge

@pradkrish
Copy link

Thanks, consider me a beginner. The usage is not really clear to me. I installed the developer version in my venv and I am able to import capa inside my venv. Can you give me an example code with an input elf file that I can use for this PR? Thanks.

@mr-tz
Copy link
Collaborator Author

mr-tz commented Apr 28, 2022

you should be able to test with any PE or ELF file by running capa -vv <sample>

@pradkrish
Copy link

When I tried to run capa -vv /usr/bin/pwd

I got the following error

loading :   2%|█▏                                             | 16/665 [00:00<00:00, 2455.50 rules/s]
ERROR:capa:invalid rule: /home/pradeep/repos/capa/capa/../rules/communication/socket/tcp/send/obtain-transmitpackets-callback-function-via-wsaioctl.yml: invalid rule: unexpected statement: number/x64

I found similar error when I tried it on some elf files in capa/tests/data

@mr-tz
Copy link
Collaborator Author

mr-tz commented May 2, 2022

:( please see related issue: mandiant/capa-rules#551
to quickly fix you can checkout the respective rules tag

@mr-tz
Copy link
Collaborator Author

mr-tz commented May 12, 2022

Are you still encountering this error with current master? Anything we can help you with to get started?

@pradkrish
Copy link

Thanks, it works now. To fix the issue here, is it about removing line 202 from capa/render/vverbose.py?

@mr-tz
Copy link
Collaborator Author

mr-tz commented May 12, 2022

yeah, kinda, you can take https://github.com/mandiant/capa/pull/973/files as a good example

@pradkrish
Copy link

I have a question about the PR process. After committing the changes locally, when I run git push origin <branch-name>, it triggers linting and then tests which ends like this

Results (454.66s):
     479 passed
     129 xfailed
       3 skipped
Tests succeed!! 🎉
Stashed changes 'pre-push-1652443209' restored
SUCCEEDED 🎉🎉

The tests clearly pass but I don't see any updates on the forked repo.

@mr-tz
Copy link
Collaborator Author

mr-tz commented May 16, 2022

You should be able to create a PR on GitHub now for your branch.

@mr-tz
Copy link
Collaborator Author

mr-tz commented May 17, 2022

Do you get any output on the command line?
This page has further details on creating a PR https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request and I am happy to help here as well.

@mr-tz
Copy link
Collaborator Author

mr-tz commented May 31, 2022

@pradkrish can you submit your PR or share your changes? Would love to get this in soon.

@pradkrish
Copy link

@mr-tz That is the problem. After the push operation, I do not see it when I checked on my forked repo for the pushed branch. This is despite passing tests. Anyways, the only change I have done is to remove the line capa/render/vverbose.py:202. Sorry that I couldn't complete the PR. I have done this several hundred times and I don't know what I am missing here. 🤔

@mr-tz
Copy link
Collaborator Author

mr-tz commented May 31, 2022

Can you double-check to commit and/or push with the --no-verify option?

@williballenthin
Copy link
Collaborator

this was fixed in #981

for key in ("namespace", "description", "scope"):

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Development

No branches or pull requests

3 participants