use default emptry list for ElfFileSection

mandiant · Dec 13, 2024 · 51d606b · 51d606b
1 parent 1f34795
commit 51d606b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/capa/features/extractors/vmray/__init__.py b/capa/features/extractors/vmray/__init__.py
@@ -151,9 +151,8 @@ def _compute_sections(self):
             for pefile_section in self.sample_file_static_data.pe.sections:
                 self.sections[pefile_section.virtual_address] = pefile_section.name
         elif self.sample_file_static_data.elf:
-            if self.sample_file_static_data.elf.sections:
-                for elffile_section in self.sample_file_static_data.elf.sections:
-                    self.sections[elffile_section.header.sh_addr] = elffile_section.header.sh_name
+            for elffile_section in self.sample_file_static_data.elf.sections:
+                self.sections[elffile_section.header.sh_addr] = elffile_section.header.sh_name
 
     def _compute_monitor_processes(self):
         for process in self.sv2.processes.values():
@@ -193,13 +192,14 @@ def _compute_monitor_processes(self):
                 # for the other fields we've observed cases with slight deviations, e.g.,
                 # the ppid for a process in flog.xml is not set correctly, all other data is equal
                 sv2p = self.monitor_processes[monitor_process.process_id]
+                if self.monitor_processes[monitor_process.process_id] != vmray_monitor_process:
+                    logger.debug("processes differ: %s (sv2) vs. %s (flog)", sv2p, vmray_monitor_process)
+
                 assert (sv2p.pid, sv2p.monitor_id, sv2p.origin_monitor_id) == (
                     vmray_monitor_process.pid,
                     vmray_monitor_process.monitor_id,
                     vmray_monitor_process.origin_monitor_id,
                 )
-                if self.monitor_processes[monitor_process.process_id] != vmray_monitor_process:
-                    logger.debug("processes differ: %s (sv2) vs. %s (flog)", sv2p, vmray_monitor_process)
 
     def _compute_monitor_threads(self):
         for monitor_thread in self.flog.analysis.monitor_threads:

diff --git a/capa/features/extractors/vmray/models.py b/capa/features/extractors/vmray/models.py
@@ -276,7 +276,7 @@ class ElfFileHeader(BaseModel):
 
 class ElfFile(BaseModel):
     # file_header: ElfFileHeader
-    sections: Optional[list[ElfFileSection]] = None
+    sections: list[ElfFileSection] = []
 
 
 class StaticData(BaseModel):

diff --git a/tests/test_vmray_model.py b/tests/test_vmray_model.py
@@ -103,8 +103,8 @@ def test_vmray_model_elffile():
         """
     )
 
-    assert elffile.sections and elffile.sections[0].header.sh_name == "abcd1234"
-    assert elffile.sections and elffile.sections[0].header.sh_addr == 2863311530
+    assert elffile.sections[0].header.sh_name == "abcd1234"
+    assert elffile.sections[0].header.sh_addr == 2863311530
 
 
 def test_vmray_model_pefile():