-
Notifications
You must be signed in to change notification settings - Fork 166
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add dotnet limitation rule for dynamic samples (#983)
* add dotnet limitation rule for dynamic samples * restructure limitations rules Signed-off-by: vibhatsu <[email protected]> * refactor limitation rules to use 'static' namespace Signed-off-by: vibhatsu <[email protected]> * update internal .NET file limitation description and name Signed-off-by: vibhatsu <[email protected]> --------- Signed-off-by: vibhatsu <[email protected]>
- Loading branch information
Showing
8 changed files
with
29 additions
and
6 deletions.
There are no files selected for viewing
23 changes: 23 additions & 0 deletions
23
internal/limitation/dynamic/internal-dotnet-file-limitation.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| rule: | ||
| meta: | ||
| name: (internal) .NET file limitation | ||
| namespace: internal/limitation/dynamic | ||
| authors: | ||
| - "@v1bh475u" | ||
| description: | | ||
| This dynamic analysis trace describes a .NET file. | ||
| capa rules are not yet tuned for the .NET runtime, | ||
| so its analysis may be incomplete or misleading. | ||
| scopes: | ||
| static: unsupported | ||
| dynamic: file | ||
| examples: | ||
| - 2f8a79b12a7a989ac7e5f6ec65050036588a92e65aeb6841e08dc228ff0e21b4_min_archive.zip | ||
| features: | ||
| - or: | ||
| - format: dotnet | ||
| - import: mscoree._CorExeMain | ||
| - import: mscoree._corexemain | ||
| - import: mscoree._CorDllMain | ||
| - import: mscoree._cordllmain |
File renamed without changes.
2 changes: 1 addition & 1 deletion
2
...e/internal-autohotkey-file-limitation.yml → ...c/internal-autohotkey-file-limitation.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,7 +4,7 @@ rule: | |
| # capa will detect dozens of capabilities for AutoIt samples, | ||
| # but these are due to the AutoIt runtime, not the payload script. | ||
| # so, don't confuse the user with FP matches - bail instead | ||
| namespace: internal/limitation/file | ||
| namespace: internal/limitation/static | ||
| authors: | ||
| - [email protected] | ||
| description: | | ||
|
|
||
2 changes: 1 addition & 1 deletion
2
...net-single-file-deployment-limitation.yml → ...net-single-file-deployment-limitation.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| rule: | ||
| meta: | ||
| name: (internal) .NET single file deployment limitation | ||
| namespace: internal/limitation/file | ||
| namespace: internal/limitation/static | ||
| authors: | ||
| - [email protected] | ||
| description: | | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,7 +3,7 @@ rule: | |
| name: (internal) installer file limitation | ||
| # capa will likely detect installer specific functionality. | ||
| # this is probably not what the user wants. | ||
| namespace: internal/limitation/file | ||
| namespace: internal/limitation/static | ||
| authors: | ||
| - [email protected] | ||
| description: | | ||
|
|
||
2 changes: 1 addition & 1 deletion
2
.../file/internal-packer-file-limitation.yml → ...tatic/internal-packer-file-limitation.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| rule: | ||
| meta: | ||
| name: (internal) packer file limitation | ||
| namespace: internal/limitation/file | ||
| namespace: internal/limitation/static | ||
| authors: | ||
| - [email protected] | ||
| description: | | ||
|
|
||
2 changes: 1 addition & 1 deletion
2
...internal-visual-basic-file-limitation.yml → ...internal-visual-basic-file-limitation.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters