Skip to content
This repository has been archived by the owner on Aug 25, 2024. It is now read-only.

shouldi: binary: Use capa to figure out what a built binary is capable of doing #789

Open
pdxjohnny opened this issue Jul 18, 2020 · 0 comments
Open

shouldi: binary: Use capa to figure out what a built binary is capable of doing #789

pdxjohnny opened this issue Jul 18, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@pdxjohnny
Copy link
Contributor

pdxjohnny commented Jul 18, 2020
edited
Loading

dffml/operations/binsec/dffml_operations_binsec/operations.py

Lines 95 to 139 in d663149

@op(inputs={"download": URLBytes}, outputs={"rpm": RPMObject})
async def urlbytes_to_rpmfile(download: URLBytesObject):
fileobj = io.BytesIO(download.body)
try:
rpm = RPMFile(name=download.URL, fileobj=fileobj)
return {"rpm": rpm.__enter__()}
except AssertionError as error:
LOGGER.debug(
"urlbytes_to_rpmfile: Failed to instantiate " "RPMFile(%s): %s",
download.URL,
error,
)
except RPMError as error:
LOGGER.debug(
"urlbytes_to_rpmfile: Failed to instantiate " "RPMFile(%s): %s",
download.URL,
error,
)
@op(
inputs={"rpm": RPMObject},
outputs={"files": rpm_filename},
expand=["files"],
)
async def files_in_rpm(rpm: RPMFile):
return {"files": list(map(lambda rpminfo: rpminfo.name, rpm.getmembers()))}
@op(
inputs={"rpm": RPMObject, "filename": rpm_filename},
outputs={"is_pie": binary_is_PIE},
)
async def is_binary_pie(rpm: RPMFile, filename: str) -> Dict[str, Any]:
with rpm.extractfile(filename) as handle:
sig = handle.read(4)
if len(sig) != 4 or sig != b"\x7fELF":
return
handle.seek(0)
return {
"is_pie": bool(
describe_e_type(ELFFile(handle).header.e_type).split()[0]
== "DYN"
)
}

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pdxjohnny