You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
during the traige of #703, i've found that we don't correctly extract matched namespaces across scopes. that is, given a function-scope rule that matches, its namespaces are not extracted for matching at the file-scope.
this is relevant for the file limitation rules, e.g. "packer file limitation" (file-scope) that looks for namespace "anti-analysis/packer". this can match "packed with UPX" (file-scope) because the namespaces are extracted correctly within the same scope; however, "packed with generic packer" (function-scope) is not matched because the namespaces are not extracted from function scope into file scope.
this results in false negatives in which we'd expect some rules to match but they don't.
The text was updated successfully, but these errors were encountered:
during the traige of #703, i've found that we don't correctly extract matched namespaces across scopes. that is, given a function-scope rule that matches, its namespaces are not extracted for matching at the file-scope.
this is relevant for the file limitation rules, e.g. "packer file limitation" (file-scope) that looks for namespace "anti-analysis/packer". this can match "packed with UPX" (file-scope) because the namespaces are extracted correctly within the same scope; however, "packed with generic packer" (function-scope) is not matched because the namespaces are not extracted from function scope into file scope.
this results in false negatives in which we'd expect some rules to match but they don't.
The text was updated successfully, but these errors were encountered: