Lost capabilities in v4.0 #628
-
|
When I run capa v4.0 in our automated tests, it loses a couple capabilities in the report compared to v3.2.1 due to differences in the rule .yml files. If I edit the .yml files to match, it finds the capabilities. The .yml files I was looking at specifically are hash-data-using-murmur3.yml, check-http-status-code.yml, and calculate-modulo-256-via-x86-assembly.yml. I see that the original commit that changed this behavior was "remove /x32 and /x64 flavors and use instruction scope" (bc28847). That commit was later reverted, and then reverted again (restoring the original). Could you elaborate on the reason for this change, since it seems to have removed results? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
If our git commit whiplash caused some matches to now be missed - that's a bug. Thanks for calling this out and lets get these fixed. All the reverts had to do with us introducing breaking changes to the rule format and updating some rules before the v4 release, but people would pull from master on v3, and then their rules wouldn't work. So, in v4 we clarified what the behavior should be and hopefully fixed that problem. But, in the interim, we made a bunch of commits and reverted and then reverted again. I thought it went through cleanly but seems like not! Thanks again for raising this. Do you want to propose the PRs to capa-rules to fix up the files? Then you can be on the contributor list ;-) Otherwise, I'm happy to do so. |
Beta Was this translation helpful? Give feedback.
-
|
moving this to issue #629 since its a bug and a single-threaded discussion works better there. |
Beta Was this translation helpful? Give feedback.
moving this to issue #629 since its a bug and a single-threaded discussion works better there.