search

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.
https://mandiant.github.io/capa/
Apache License 2.0
4.1k stars 512 forks source link

Binja installation path detector does not work with Python 3.11 #1430

Closed xusheng6 closed 1 year ago

xusheng6 commented 1 year ago

Just tried the fresh 5.1.0 release, and notice it does not work if the system Python version is 3.11. The problem is with the binja installation path detector. The offending line is https://github.com/mandiant/capa/blob/master/capa/features/extractors/binja/find_binja_api.py#L18-L19.

In Python 3.11, the importlib module seems to have changed, and we cannot access importlib.util in the old way:

>>> import importlib
>>> importlib.util
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: module 'importlib' has no attribute 'util'

Simply changing it to sth like this would work:

>>> import importlib.util
>>> importlib.util.find_spec('binaryninja')
xusheng6 commented 1 year ago

Except this case it works for me!

xusheng6 commented 1 year ago

I will submit a PR for this later

williballenthin commented 1 year ago

hm, how come our CI tests didn't catch this?

williballenthin commented 1 year ago

ah, because this code path is only encountered in standalone mode:

image

we should also create a test that invokes standalone capa.exe with the binja backend to show that it works in CI.