Closed yelhamer closed 1 year ago
google-cla[bot]
commented
1 year ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
mr-tz
commented
1 year ago I've started to merge some open PRs and we should take another look there. We then may want to open a new PR for the final upgrade process.
yelhamer
commented
1 year ago I see. I'll open a final PR once all the mistakes from this grt addressed
yelhamer
commented
1 year ago I've done a manual pass over the rules via a diffing tool to fix up any missing things.
There's still the issue of the dynamic scopes not being restrictive enough (thread instead of call, etc.). and I am not sure yet how to automate that (especially since the number of features supported by dynamic scopes might increase in the near future).
It might be a good idea to merge this to the dynamic-syntax branch and reactivate the capa ruleset and main tests for now.
williballenthin
commented
1 year ago It might be a good idea to merge this to the dynamic-syntax branch and reactivate the capa ruleset and main tests for now.
I agree that we should do this so we can get our test cases running again. I'll do this shortly.
williballenthin
commented
1 year ago There's still the issue of the dynamic scopes not being restrictive enough (thread instead of call, etc.). and I am not sure yet how to automate that (especially since the number of features supported by dynamic scopes might increase in the near future).
I'm starting to think we should take a phased approach: we should make our high confidence changes first, review and merge, then turn our attention to the next batch of rules to migrates, and so forth. by the end, hopefully there's only a few dozen things to do by hand.
if we have a way to update the syntax of the rules but also mark some rules as "not yet migrated" then we don't have to migrate all the rules in a single atomic operation (which had been our goal, because it avoids the potential for merge conflicts).
im a little worried about rushing some of these changes in without fully being confident in them. so, incremental migration can help with this, i think.
williballenthin
commented
1 year ago im going to merge this now into the dynamic-syntax branch so that we can re-enable our tests in capa core
This is a draft PR for adding the mixed-scope rules to capa.
The rules were generated using this script: https://github.com/mandiant/capa/pull/1696
Once we've handled the main parts of merging the capa dynamic branch, I'll go back to this PR and add the missing comments (either manually or by updating the migration script)