From 6de23a97487bf9789300a9d193b869bfe31a9981 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 08:56:06 +0000 Subject: [PATCH 1/8] tests: main: demonstrate CAPE analysis (and bug #1702) --- tests/fixtures.py | 10 ++++++++ tests/test_main.py | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/tests/fixtures.py b/tests/fixtures.py index 6d35485ee..2bf81e67d 100644 --- a/tests/fixtures.py +++ b/tests/fixtures.py @@ -363,8 +363,18 @@ def get_data_path_by_name(name) -> Path: / "data" / "dynamic" / "cape" + / "v2.2" / "0000a65749f5902c4d82ffa701198038f0b4870b00a27cfca109f8f933476d82.json.gz" ) + elif name.startswith("d46900"): + return ( + CD + / "data" + / "dynamic" + / "cape" + / "v2.2" + / "d46900384c78863420fb3e297d0a2f743cd2b6b3f7f82bf64059a168e07aceb7.json.gz" + ) elif name.startswith("ea2876"): return CD / "data" / "ea2876e9175410b6f6719f80ee44b9553960758c7d0f7bed73c0fe9a78d8e669.dll_" else: diff --git a/tests/test_main.py b/tests/test_main.py index da592dc45..d09f33975 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -6,8 +6,10 @@ # Unless required by applicable law or agreed to in writing, software distributed under the License # is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and limitations under the License. +import gzip import json import textwrap +from pathlib import Path import pytest import fixtures @@ -582,3 +584,59 @@ def test_main_rd(): assert capa.main.main([path, "-j"]) == 0 assert capa.main.main([path, "-q"]) == 0 assert capa.main.main([path]) == 0 + + +def extract_cape_report(tmp_path: Path, gz: Path) -> Path: + report = tmp_path / "report.json" + report.write_bytes(gzip.decompress(gz.read_bytes())) + return report + + +def test_main_cape1(tmp_path): + path = extract_cape_report(tmp_path, fixtures.get_data_path_by_name("0000a657")) + + # TODO(williballenthin): use default rules set + # https://github.com/mandiant/capa/pull/1696 + rules = tmp_path / "rules" + rules.mkdir() + (rules / "create-or-open-registry-key.yml").write_text( + textwrap.dedent( + """ + rule: + meta: + name: create or open registry key + authors: + - testing + scopes: + static: instruction + dynamic: call + features: + - or: + - api: advapi32.RegOpenKey + - api: advapi32.RegOpenKeyEx + - api: advapi32.RegCreateKey + - api: advapi32.RegCreateKeyEx + - api: advapi32.RegOpenCurrentUser + - api: advapi32.RegOpenKeyTransacted + - api: advapi32.RegOpenUserClassesRoot + - api: advapi32.RegCreateKeyTransacted + - api: ZwOpenKey + - api: ZwOpenKeyEx + - api: ZwCreateKey + - api: ZwOpenKeyTransacted + - api: ZwOpenKeyTransactedEx + - api: ZwCreateKeyTransacted + - api: NtOpenKey + - api: NtCreateKey + - api: SHRegOpenUSKey + - api: SHRegCreateUSKey + - api: RtlCreateRegistryKey + """ + ) + ) + + assert capa.main.main([str(path), "-r", str(rules)]) == 0 + assert capa.main.main([str(path), "-q", "-r", str(rules)]) == 0 + assert capa.main.main([str(path), "-j", "-r", str(rules)]) == 0 + assert capa.main.main([str(path), "-v", "-r", str(rules)]) == 0 + assert capa.main.main([str(path), "-vv", "-r", str(rules)]) == 0 From dafbefb325dc6f106a7c9381df1a40bc0d9df2d4 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 09:02:29 +0000 Subject: [PATCH 2/8] render: verbose: render call address closes #1702 --- capa/render/verbose.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capa/render/verbose.py b/capa/render/verbose.py index a5787f920..87f9cd2ac 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -71,6 +71,10 @@ def format_address(address: frz.Address) -> str: tid = address.value assert isinstance(tid, int) return f"thread id: {tid}" + elif address.type == frz.AddressType.CALL: + assert isinstance(address.value, tuple) + ppid, pid, tid, id_ = address.value + return f"process ppid: {ppid}, process pid: {pid}, thread id: {tid}, call: {id_}" elif address.type == frz.AddressType.NO_ADDRESS: return "global" else: From f48e4a8ad8b28355e95ca9dc2a799dd1fc95282d Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 09:07:11 +0000 Subject: [PATCH 3/8] render: verbose: render dynamic call return address --- capa/render/verbose.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/capa/render/verbose.py b/capa/render/verbose.py index 87f9cd2ac..77392cf92 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -56,10 +56,8 @@ def format_address(address: frz.Address) -> str: return f"token({capa.helpers.hex(token)})+{capa.helpers.hex(offset)}" elif address.type == frz.AddressType.DYNAMIC: assert isinstance(address.value, tuple) - id_, return_address = address.value - assert isinstance(id_, int) - assert isinstance(return_address, int) - return f"event: {id_}, retaddr: 0x{return_address:x}" + ppid, pid, tid, id_, return_address = address.value + return f"process ppid: {ppid}, process pid: {pid}, thread id: {tid}, call: {id_}, return address: {capa.helpers.hex(return_address)}" elif address.type == frz.AddressType.PROCESS: assert isinstance(address.value, tuple) ppid, pid = address.value From c91dc71e75fbfa316129e7c45d6733c264d76da4 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 09:33:30 +0000 Subject: [PATCH 4/8] result document: wire analysis flavor through metadata ref #1711 --- capa/ida/helpers.py | 1 + capa/main.py | 12 +- capa/render/proto/__init__.py | 9 +- capa/render/proto/capa.proto | 1 + capa/render/proto/capa_pb2.py | 3808 ++++++++++++++++++++++++++++++-- capa/render/proto/capa_pb2.pyi | 5 +- capa/render/result_document.py | 1 + 7 files changed, 3710 insertions(+), 127 deletions(-) diff --git a/capa/ida/helpers.py b/capa/ida/helpers.py index f03ba444b..b85e96189 100644 --- a/capa/ida/helpers.py +++ b/capa/ida/helpers.py @@ -153,6 +153,7 @@ def collect_metadata(rules: List[Path]): sha256=sha256, path=idaapi.get_input_file_path(), ), + flavor="static", analysis=rdoc.StaticAnalysis( format=idaapi.get_file_type_name(), arch=arch, diff --git a/capa/main.py b/capa/main.py index c77476f8b..a9361b1c5 100644 --- a/capa/main.py +++ b/capa/main.py @@ -21,7 +21,7 @@ import contextlib import collections from enum import Enum -from typing import Any, Dict, List, Tuple, Callable, Optional +from typing import Any, Dict, List, Tuple, Literal, Callable, Optional from pathlib import Path import halo @@ -29,6 +29,7 @@ import colorama import tqdm.contrib.logging from pefile import PEFormatError +from typing_extensions import assert_never from elftools.common.exceptions import ELFError import capa.perf @@ -1022,6 +1023,14 @@ def collect_metadata( arch = get_arch(sample_path) os_ = get_os(sample_path) if os_ == OS_AUTO else os_ + flavor: Literal["static", "dynamic"] + if isinstance(extractor, StaticFeatureExtractor): + flavor = "static" + elif isinstance(extractor, DynamicFeatureExtractor): + flavor = "dynamic" + else: + assert_never(extractor) + return rdoc.Metadata( timestamp=datetime.datetime.now(), version=capa.version.__version__, @@ -1032,6 +1041,7 @@ def collect_metadata( sha256=sha256, path=str(Path(sample_path).resolve()), ), + flavor=flavor, analysis=get_sample_analysis( format_, arch, diff --git a/capa/render/proto/__init__.py b/capa/render/proto/__init__.py index 40ee52aa9..aea569c02 100644 --- a/capa/render/proto/__init__.py +++ b/capa/render/proto/__init__.py @@ -25,7 +25,7 @@ Alternatively, --pyi_out=. can be used to generate a Python Interface file that supports development """ import datetime -from typing import Any, Dict, Union +from typing import Any, Dict, Union, Literal import google.protobuf.json_format @@ -128,6 +128,7 @@ def metadata_to_pb2(meta: rd.Metadata) -> capa_pb2.Metadata: version=meta.version, argv=meta.argv, sample=google.protobuf.json_format.ParseDict(meta.sample.model_dump(), capa_pb2.Sample()), + flavor=meta.flavor, analysis=capa_pb2.Analysis( format=meta.analysis.format, arch=meta.analysis.arch, @@ -480,6 +481,11 @@ def scope_from_pb2(scope: capa_pb2.Scope.ValueType) -> capa.rules.Scope: assert_never(scope) +def flavor_from_pb2(flavor: str) -> Literal["static", "dynamic"]: + assert flavor in ("static", "dynamic") + return flavor # type: ignore + + def metadata_from_pb2(meta: capa_pb2.Metadata) -> rd.Metadata: return rd.Metadata( timestamp=datetime.datetime.fromisoformat(meta.timestamp), @@ -491,6 +497,7 @@ def metadata_from_pb2(meta: capa_pb2.Metadata) -> rd.Metadata: sha256=meta.sample.sha256, path=meta.sample.path, ), + flavor=flavor_from_pb2(meta.flavor), analysis=rd.StaticAnalysis( format=meta.analysis.format, arch=meta.analysis.arch, diff --git a/capa/render/proto/capa.proto b/capa/render/proto/capa.proto index 39700c5bc..7f0abe84f 100644 --- a/capa/render/proto/capa.proto +++ b/capa/render/proto/capa.proto @@ -198,6 +198,7 @@ message Metadata { repeated string argv = 3; Sample sample = 4; Analysis analysis = 5; + string flavor = 6; } message MnemonicFeature { diff --git a/capa/render/proto/capa_pb2.py b/capa/render/proto/capa_pb2.py index d4ca17d0c..ba826a15f 100644 --- a/capa/render/proto/capa_pb2.py +++ b/capa/render/proto/capa_pb2.py @@ -1,10 +1,11 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: capa/render/proto/capa.proto -"""Generated protocol buffer code.""" -from google.protobuf.internal import builder as _builder + +from google.protobuf.internal import enum_type_wrapper from google.protobuf import descriptor as _descriptor -from google.protobuf import descriptor_pool as _descriptor_pool +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection from google.protobuf import symbol_database as _symbol_database # @@protoc_insertion_point(imports) @@ -13,125 +14,3684 @@ -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1c\x63\x61pa/render/proto/capa.proto\"Q\n\nAPIFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03\x61pi\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"l\n\x07\x41\x64\x64ress\x12\x1a\n\x04type\x18\x01 \x01(\x0e\x32\x0c.AddressType\x12\x15\n\x01v\x18\x02 \x01(\x0b\x32\x08.IntegerH\x00\x12%\n\x0ctoken_offset\x18\x03 \x01(\x0b\x32\r.Token_OffsetH\x00\x42\x07\n\x05value\"\xe4\x01\n\x08\x41nalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x0c\x62\x61se_address\x18\x06 \x01(\x0b\x32\x08.Address\x12\x17\n\x06layout\x18\x07 \x01(\x0b\x32\x07.Layout\x12&\n\x0e\x66\x65\x61ture_counts\x18\x08 \x01(\x0b\x32\x0e.FeatureCounts\x12+\n\x11library_functions\x18\t \x03(\x0b\x32\x10.LibraryFunction\"S\n\x0b\x41rchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\nAttackSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x0e\n\x06tactic\x18\x02 \x01(\t\x12\x11\n\ttechnique\x18\x03 \x01(\t\x12\x14\n\x0csubtechnique\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"K\n\x11\x42\x61sicBlockFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"-\n\x10\x42\x61sicBlockLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\"U\n\x0c\x42ytesFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x62ytes\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"g\n\x15\x43haracteristicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x16\n\x0e\x63haracteristic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\x0c\x43lassFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x63lass_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"K\n\x11\x43ompoundStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"W\n\rExportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x65xport\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"G\n\rFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12(\n\tfunctions\x18\x02 \x03(\x0b\x32\x15.FunctionFeatureCount\"\xf7\x06\n\x0b\x46\x65\x61tureNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x02os\x18\x02 \x01(\x0b\x32\n.OSFeatureH\x00\x12\x1c\n\x04\x61rch\x18\x03 \x01(\x0b\x32\x0c.ArchFeatureH\x00\x12 \n\x06\x66ormat\x18\x04 \x01(\x0b\x32\x0e.FormatFeatureH\x00\x12\x1e\n\x05match\x18\x05 \x01(\x0b\x32\r.MatchFeatureH\x00\x12\x30\n\x0e\x63haracteristic\x18\x06 \x01(\x0b\x32\x16.CharacteristicFeatureH\x00\x12 \n\x06\x65xport\x18\x07 \x01(\x0b\x32\x0e.ExportFeatureH\x00\x12!\n\x07import_\x18\x08 \x01(\x0b\x32\x0e.ImportFeatureH\x00\x12\"\n\x07section\x18\t \x01(\x0b\x32\x0f.SectionFeatureH\x00\x12-\n\rfunction_name\x18\n \x01(\x0b\x32\x14.FunctionNameFeatureH\x00\x12&\n\tsubstring\x18\x0b \x01(\x0b\x32\x11.SubstringFeatureH\x00\x12\x1e\n\x05regex\x18\x0c \x01(\x0b\x32\r.RegexFeatureH\x00\x12 \n\x06string\x18\r \x01(\x0b\x32\x0e.StringFeatureH\x00\x12\x1f\n\x06\x63lass_\x18\x0e \x01(\x0b\x32\r.ClassFeatureH\x00\x12&\n\tnamespace\x18\x0f \x01(\x0b\x32\x11.NamespaceFeatureH\x00\x12\x1a\n\x03\x61pi\x18\x10 \x01(\x0b\x32\x0b.APIFeatureH\x00\x12%\n\tproperty_\x18\x11 \x01(\x0b\x32\x10.PropertyFeatureH\x00\x12 \n\x06number\x18\x12 \x01(\x0b\x32\x0e.NumberFeatureH\x00\x12\x1e\n\x05\x62ytes\x18\x13 \x01(\x0b\x32\r.BytesFeatureH\x00\x12 \n\x06offset\x18\x14 \x01(\x0b\x32\x0e.OffsetFeatureH\x00\x12$\n\x08mnemonic\x18\x15 \x01(\x0b\x32\x10.MnemonicFeatureH\x00\x12/\n\x0eoperand_number\x18\x16 \x01(\x0b\x32\x15.OperandNumberFeatureH\x00\x12/\n\x0eoperand_offset\x18\x17 \x01(\x0b\x32\x15.OperandOffsetFeatureH\x00\x12)\n\x0b\x62\x61sic_block\x18\x18 \x01(\x0b\x32\x12.BasicBlockFeatureH\x00\x42\t\n\x07\x66\x65\x61ture\"W\n\rFormatFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x66ormat\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"@\n\x14\x46unctionFeatureCount\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"\\\n\x0e\x46unctionLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12/\n\x14matched_basic_blocks\x18\x02 \x03(\x0b\x32\x11.BasicBlockLayout\"d\n\x13\x46unctionNameFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\rfunction_name\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"X\n\rImportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07import_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\",\n\x06Layout\x12\"\n\tfunctions\x18\x01 \x03(\x0b\x32\x0f.FunctionLayout\":\n\x0fLibraryFunction\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x0c\n\x04name\x18\x02 \x01(\t\"Y\n\x07MBCSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x11\n\tobjective\x18\x02 \x01(\t\x12\x10\n\x08\x62\x65havior\x18\x03 \x01(\t\x12\x0e\n\x06method\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"\x9a\x01\n\x0cMaecMetadata\x12\x1b\n\x13\x61nalysis_conclusion\x18\x01 \x01(\t\x12\x1e\n\x16\x61nalysis_conclusion_ov\x18\x02 \x01(\t\x12\x16\n\x0emalware_family\x18\x03 \x01(\t\x12\x18\n\x10malware_category\x18\x04 \x01(\t\x12\x1b\n\x13malware_category_ov\x18\x05 \x01(\t\"\x82\x02\n\x05Match\x12\x0f\n\x07success\x18\x01 \x01(\x08\x12#\n\tstatement\x18\x02 \x01(\x0b\x32\x0e.StatementNodeH\x00\x12\x1f\n\x07\x66\x65\x61ture\x18\x03 \x01(\x0b\x32\x0c.FeatureNodeH\x00\x12\x18\n\x08\x63hildren\x18\x05 \x03(\x0b\x32\x06.Match\x12\x1b\n\tlocations\x18\x06 \x03(\x0b\x32\x08.Address\x12&\n\x08\x63\x61ptures\x18\x07 \x03(\x0b\x32\x14.Match.CapturesEntry\x1a;\n\rCapturesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x19\n\x05value\x18\x02 \x01(\x0b\x32\n.Addresses:\x02\x38\x01\x42\x06\n\x04node\"U\n\x0cMatchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05match\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"r\n\x08Metadata\x12\x11\n\ttimestamp\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04\x61rgv\x18\x03 \x03(\t\x12\x17\n\x06sample\x18\x04 \x01(\x0b\x32\x07.Sample\x12\x1b\n\x08\x61nalysis\x18\x05 \x01(\x0b\x32\t.Analysis\"[\n\x0fMnemonicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x10\n\x08mnemonic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10NamespaceFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\rNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x17\n\x06number\x18\x02 \x01(\x0b\x32\x07.Number\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"O\n\tOSFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\n\n\x02os\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"a\n\rOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x06offset\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_number\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_offset\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"|\n\x0fPropertyFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tproperty_\x18\x02 \x01(\t\x12\x13\n\x06\x61\x63\x63\x65ss\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x42\t\n\x07_accessB\x0e\n\x0c_description\"\x7f\n\x0eRangeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03min\x18\x02 \x01(\x04\x12\x0b\n\x03max\x18\x03 \x01(\x04\x12\x1b\n\x05\x63hild\x18\x04 \x01(\x0b\x32\x0c.FeatureNode\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"U\n\x0cRegexFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05regex\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x90\x01\n\x0eResultDocument\x12\x17\n\x04meta\x18\x01 \x01(\x0b\x32\t.Metadata\x12)\n\x05rules\x18\x02 \x03(\x0b\x32\x1a.ResultDocument.RulesEntry\x1a:\n\nRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x1b\n\x05value\x18\x02 \x01(\x0b\x32\x0c.RuleMatches:\x02\x38\x01\"`\n\x0bRuleMatches\x12\x1b\n\x04meta\x18\x01 \x01(\x0b\x32\r.RuleMetadata\x12\x0e\n\x06source\x18\x02 \x01(\t\x12$\n\x07matches\x18\x03 \x03(\x0b\x32\x13.Pair_Address_Match\"\x8a\x02\n\x0cRuleMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x0f\n\x07\x61uthors\x18\x03 \x03(\t\x12\x15\n\x05scope\x18\x04 \x01(\x0e\x32\x06.Scope\x12\x1b\n\x06\x61ttack\x18\x05 \x03(\x0b\x32\x0b.AttackSpec\x12\x15\n\x03mbc\x18\x06 \x03(\x0b\x32\x08.MBCSpec\x12\x12\n\nreferences\x18\x07 \x03(\t\x12\x10\n\x08\x65xamples\x18\x08 \x03(\t\x12\x13\n\x0b\x64\x65scription\x18\t \x01(\t\x12\x0b\n\x03lib\x18\n \x01(\x08\x12\x1b\n\x04maec\x18\x0b \x01(\x0b\x32\r.MaecMetadata\x12\x18\n\x10is_subscope_rule\x18\x0c \x01(\x08\"A\n\x06Sample\x12\x0b\n\x03md5\x18\x01 \x01(\t\x12\x0c\n\x04sha1\x18\x02 \x01(\t\x12\x0e\n\x06sha256\x18\x03 \x01(\t\x12\x0c\n\x04path\x18\x04 \x01(\t\"Y\n\x0eSectionFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07section\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\rSomeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\r\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xbc\x01\n\rStatementNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12 \n\x05range\x18\x02 \x01(\x0b\x32\x0f.RangeStatementH\x00\x12\x1e\n\x04some\x18\x03 \x01(\x0b\x32\x0e.SomeStatementH\x00\x12&\n\x08subscope\x18\x04 \x01(\x0b\x32\x12.SubscopeStatementH\x00\x12&\n\x08\x63ompound\x18\x05 \x01(\x0b\x32\x12.CompoundStatementH\x00\x42\x0b\n\tstatement\"W\n\rStringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06string\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"b\n\x11SubscopeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\x05scope\x18\x02 \x01(\x0e\x32\x06.Scope\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10SubstringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tsubstring\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"&\n\tAddresses\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x03(\x0b\x32\x08.Address\"F\n\x12Pair_Address_Match\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x15\n\x05match\x18\x02 \x01(\x0b\x32\x06.Match\"7\n\x0cToken_Offset\x12\x17\n\x05token\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x0e\n\x06offset\x18\x02 \x01(\x04\",\n\x07Integer\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x42\x07\n\x05value\"8\n\x06Number\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x12\x0b\n\x01\x66\x18\x03 \x01(\x01H\x00\x42\x07\n\x05value*\xcb\x01\n\x0b\x41\x64\x64ressType\x12\x1b\n\x17\x41\x44\x44RESSTYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14\x41\x44\x44RESSTYPE_ABSOLUTE\x10\x01\x12\x18\n\x14\x41\x44\x44RESSTYPE_RELATIVE\x10\x02\x12\x14\n\x10\x41\x44\x44RESSTYPE_FILE\x10\x03\x12\x18\n\x14\x41\x44\x44RESSTYPE_DN_TOKEN\x10\x04\x12\x1f\n\x1b\x41\x44\x44RESSTYPE_DN_TOKEN_OFFSET\x10\x05\x12\x1a\n\x16\x41\x44\x44RESSTYPE_NO_ADDRESS\x10\x06*p\n\x05Scope\x12\x15\n\x11SCOPE_UNSPECIFIED\x10\x00\x12\x0e\n\nSCOPE_FILE\x10\x01\x12\x12\n\x0eSCOPE_FUNCTION\x10\x02\x12\x15\n\x11SCOPE_BASIC_BLOCK\x10\x03\x12\x15\n\x11SCOPE_INSTRUCTION\x10\x04\x62\x06proto3') - -_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals()) -_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'capa.render.proto.capa_pb2', globals()) -if _descriptor._USE_C_DESCRIPTORS == False: - - DESCRIPTOR._options = None - _MATCH_CAPTURESENTRY._options = None - _MATCH_CAPTURESENTRY._serialized_options = b'8\001' - _RESULTDOCUMENT_RULESENTRY._options = None - _RESULTDOCUMENT_RULESENTRY._serialized_options = b'8\001' - _ADDRESSTYPE._serialized_start=6006 - _ADDRESSTYPE._serialized_end=6209 - _SCOPE._serialized_start=6211 - _SCOPE._serialized_end=6323 - _APIFEATURE._serialized_start=32 - _APIFEATURE._serialized_end=113 - _ADDRESS._serialized_start=115 - _ADDRESS._serialized_end=223 - _ANALYSIS._serialized_start=226 - _ANALYSIS._serialized_end=454 - _ARCHFEATURE._serialized_start=456 - _ARCHFEATURE._serialized_end=539 - _ATTACKSPEC._serialized_start=541 - _ATTACKSPEC._serialized_end=637 - _BASICBLOCKFEATURE._serialized_start=639 - _BASICBLOCKFEATURE._serialized_end=714 - _BASICBLOCKLAYOUT._serialized_start=716 - _BASICBLOCKLAYOUT._serialized_end=761 - _BYTESFEATURE._serialized_start=763 - _BYTESFEATURE._serialized_end=848 - _CHARACTERISTICFEATURE._serialized_start=850 - _CHARACTERISTICFEATURE._serialized_end=953 - _CLASSFEATURE._serialized_start=955 - _CLASSFEATURE._serialized_end=1041 - _COMPOUNDSTATEMENT._serialized_start=1043 - _COMPOUNDSTATEMENT._serialized_end=1118 - _EXPORTFEATURE._serialized_start=1120 - _EXPORTFEATURE._serialized_end=1207 - _FEATURECOUNTS._serialized_start=1209 - _FEATURECOUNTS._serialized_end=1280 - _FEATURENODE._serialized_start=1283 - _FEATURENODE._serialized_end=2170 - _FORMATFEATURE._serialized_start=2172 - _FORMATFEATURE._serialized_end=2259 - _FUNCTIONFEATURECOUNT._serialized_start=2261 - _FUNCTIONFEATURECOUNT._serialized_end=2325 - _FUNCTIONLAYOUT._serialized_start=2327 - _FUNCTIONLAYOUT._serialized_end=2419 - _FUNCTIONNAMEFEATURE._serialized_start=2421 - _FUNCTIONNAMEFEATURE._serialized_end=2521 - _IMPORTFEATURE._serialized_start=2523 - _IMPORTFEATURE._serialized_end=2611 - _LAYOUT._serialized_start=2613 - _LAYOUT._serialized_end=2657 - _LIBRARYFUNCTION._serialized_start=2659 - _LIBRARYFUNCTION._serialized_end=2717 - _MBCSPEC._serialized_start=2719 - _MBCSPEC._serialized_end=2808 - _MAECMETADATA._serialized_start=2811 - _MAECMETADATA._serialized_end=2965 - _MATCH._serialized_start=2968 - _MATCH._serialized_end=3226 - _MATCH_CAPTURESENTRY._serialized_start=3159 - _MATCH_CAPTURESENTRY._serialized_end=3218 - _MATCHFEATURE._serialized_start=3228 - _MATCHFEATURE._serialized_end=3313 - _METADATA._serialized_start=3315 - _METADATA._serialized_end=3429 - _MNEMONICFEATURE._serialized_start=3431 - _MNEMONICFEATURE._serialized_end=3522 - _NAMESPACEFEATURE._serialized_start=3524 - _NAMESPACEFEATURE._serialized_end=3617 - _NUMBERFEATURE._serialized_start=3619 - _NUMBERFEATURE._serialized_end=3715 - _OSFEATURE._serialized_start=3717 - _OSFEATURE._serialized_end=3796 - _OFFSETFEATURE._serialized_start=3798 - _OFFSETFEATURE._serialized_end=3895 - _OPERANDNUMBERFEATURE._serialized_start=3897 - _OPERANDNUMBERFEATURE._serialized_end=4024 - _OPERANDOFFSETFEATURE._serialized_start=4026 - _OPERANDOFFSETFEATURE._serialized_end=4153 - _PROPERTYFEATURE._serialized_start=4155 - _PROPERTYFEATURE._serialized_end=4279 - _RANGESTATEMENT._serialized_start=4281 - _RANGESTATEMENT._serialized_end=4408 - _REGEXFEATURE._serialized_start=4410 - _REGEXFEATURE._serialized_end=4495 - _RESULTDOCUMENT._serialized_start=4498 - _RESULTDOCUMENT._serialized_end=4642 - _RESULTDOCUMENT_RULESENTRY._serialized_start=4584 - _RESULTDOCUMENT_RULESENTRY._serialized_end=4642 - _RULEMATCHES._serialized_start=4644 - _RULEMATCHES._serialized_end=4740 - _RULEMETADATA._serialized_start=4743 - _RULEMETADATA._serialized_end=5009 - _SAMPLE._serialized_start=5011 - _SAMPLE._serialized_end=5076 - _SECTIONFEATURE._serialized_start=5078 - _SECTIONFEATURE._serialized_end=5167 - _SOMESTATEMENT._serialized_start=5169 - _SOMESTATEMENT._serialized_end=5255 - _STATEMENTNODE._serialized_start=5258 - _STATEMENTNODE._serialized_end=5446 - _STRINGFEATURE._serialized_start=5448 - _STRINGFEATURE._serialized_end=5535 - _SUBSCOPESTATEMENT._serialized_start=5537 - _SUBSCOPESTATEMENT._serialized_end=5635 - _SUBSTRINGFEATURE._serialized_start=5637 - _SUBSTRINGFEATURE._serialized_end=5730 - _ADDRESSES._serialized_start=5732 - _ADDRESSES._serialized_end=5770 - _PAIR_ADDRESS_MATCH._serialized_start=5772 - _PAIR_ADDRESS_MATCH._serialized_end=5842 - _TOKEN_OFFSET._serialized_start=5844 - _TOKEN_OFFSET._serialized_end=5899 - _INTEGER._serialized_start=5901 - _INTEGER._serialized_end=5945 - _NUMBER._serialized_start=5947 - _NUMBER._serialized_end=6003 +DESCRIPTOR = _descriptor.FileDescriptor( + name='capa/render/proto/capa.proto', + package='', + syntax='proto3', + serialized_options=None, + create_key=_descriptor._internal_create_key, + serialized_pb=b'\n\x1c\x63\x61pa/render/proto/capa.proto\"Q\n\nAPIFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03\x61pi\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"l\n\x07\x41\x64\x64ress\x12\x1a\n\x04type\x18\x01 \x01(\x0e\x32\x0c.AddressType\x12\x15\n\x01v\x18\x02 \x01(\x0b\x32\x08.IntegerH\x00\x12%\n\x0ctoken_offset\x18\x03 \x01(\x0b\x32\r.Token_OffsetH\x00\x42\x07\n\x05value\"\xe4\x01\n\x08\x41nalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x0c\x62\x61se_address\x18\x06 \x01(\x0b\x32\x08.Address\x12\x17\n\x06layout\x18\x07 \x01(\x0b\x32\x07.Layout\x12&\n\x0e\x66\x65\x61ture_counts\x18\x08 \x01(\x0b\x32\x0e.FeatureCounts\x12+\n\x11library_functions\x18\t \x03(\x0b\x32\x10.LibraryFunction\"S\n\x0b\x41rchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\nAttackSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x0e\n\x06tactic\x18\x02 \x01(\t\x12\x11\n\ttechnique\x18\x03 \x01(\t\x12\x14\n\x0csubtechnique\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"K\n\x11\x42\x61sicBlockFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"-\n\x10\x42\x61sicBlockLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\"U\n\x0c\x42ytesFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x62ytes\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"g\n\x15\x43haracteristicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x16\n\x0e\x63haracteristic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\x0c\x43lassFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x63lass_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"K\n\x11\x43ompoundStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"W\n\rExportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x65xport\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"G\n\rFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12(\n\tfunctions\x18\x02 \x03(\x0b\x32\x15.FunctionFeatureCount\"\xf7\x06\n\x0b\x46\x65\x61tureNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x02os\x18\x02 \x01(\x0b\x32\n.OSFeatureH\x00\x12\x1c\n\x04\x61rch\x18\x03 \x01(\x0b\x32\x0c.ArchFeatureH\x00\x12 \n\x06\x66ormat\x18\x04 \x01(\x0b\x32\x0e.FormatFeatureH\x00\x12\x1e\n\x05match\x18\x05 \x01(\x0b\x32\r.MatchFeatureH\x00\x12\x30\n\x0e\x63haracteristic\x18\x06 \x01(\x0b\x32\x16.CharacteristicFeatureH\x00\x12 \n\x06\x65xport\x18\x07 \x01(\x0b\x32\x0e.ExportFeatureH\x00\x12!\n\x07import_\x18\x08 \x01(\x0b\x32\x0e.ImportFeatureH\x00\x12\"\n\x07section\x18\t \x01(\x0b\x32\x0f.SectionFeatureH\x00\x12-\n\rfunction_name\x18\n \x01(\x0b\x32\x14.FunctionNameFeatureH\x00\x12&\n\tsubstring\x18\x0b \x01(\x0b\x32\x11.SubstringFeatureH\x00\x12\x1e\n\x05regex\x18\x0c \x01(\x0b\x32\r.RegexFeatureH\x00\x12 \n\x06string\x18\r \x01(\x0b\x32\x0e.StringFeatureH\x00\x12\x1f\n\x06\x63lass_\x18\x0e \x01(\x0b\x32\r.ClassFeatureH\x00\x12&\n\tnamespace\x18\x0f \x01(\x0b\x32\x11.NamespaceFeatureH\x00\x12\x1a\n\x03\x61pi\x18\x10 \x01(\x0b\x32\x0b.APIFeatureH\x00\x12%\n\tproperty_\x18\x11 \x01(\x0b\x32\x10.PropertyFeatureH\x00\x12 \n\x06number\x18\x12 \x01(\x0b\x32\x0e.NumberFeatureH\x00\x12\x1e\n\x05\x62ytes\x18\x13 \x01(\x0b\x32\r.BytesFeatureH\x00\x12 \n\x06offset\x18\x14 \x01(\x0b\x32\x0e.OffsetFeatureH\x00\x12$\n\x08mnemonic\x18\x15 \x01(\x0b\x32\x10.MnemonicFeatureH\x00\x12/\n\x0eoperand_number\x18\x16 \x01(\x0b\x32\x15.OperandNumberFeatureH\x00\x12/\n\x0eoperand_offset\x18\x17 \x01(\x0b\x32\x15.OperandOffsetFeatureH\x00\x12)\n\x0b\x62\x61sic_block\x18\x18 \x01(\x0b\x32\x12.BasicBlockFeatureH\x00\x42\t\n\x07\x66\x65\x61ture\"W\n\rFormatFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x66ormat\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"@\n\x14\x46unctionFeatureCount\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"\\\n\x0e\x46unctionLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12/\n\x14matched_basic_blocks\x18\x02 \x03(\x0b\x32\x11.BasicBlockLayout\"d\n\x13\x46unctionNameFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\rfunction_name\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"X\n\rImportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07import_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\",\n\x06Layout\x12\"\n\tfunctions\x18\x01 \x03(\x0b\x32\x0f.FunctionLayout\":\n\x0fLibraryFunction\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x0c\n\x04name\x18\x02 \x01(\t\"Y\n\x07MBCSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x11\n\tobjective\x18\x02 \x01(\t\x12\x10\n\x08\x62\x65havior\x18\x03 \x01(\t\x12\x0e\n\x06method\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"\x9a\x01\n\x0cMaecMetadata\x12\x1b\n\x13\x61nalysis_conclusion\x18\x01 \x01(\t\x12\x1e\n\x16\x61nalysis_conclusion_ov\x18\x02 \x01(\t\x12\x16\n\x0emalware_family\x18\x03 \x01(\t\x12\x18\n\x10malware_category\x18\x04 \x01(\t\x12\x1b\n\x13malware_category_ov\x18\x05 \x01(\t\"\x82\x02\n\x05Match\x12\x0f\n\x07success\x18\x01 \x01(\x08\x12#\n\tstatement\x18\x02 \x01(\x0b\x32\x0e.StatementNodeH\x00\x12\x1f\n\x07\x66\x65\x61ture\x18\x03 \x01(\x0b\x32\x0c.FeatureNodeH\x00\x12\x18\n\x08\x63hildren\x18\x05 \x03(\x0b\x32\x06.Match\x12\x1b\n\tlocations\x18\x06 \x03(\x0b\x32\x08.Address\x12&\n\x08\x63\x61ptures\x18\x07 \x03(\x0b\x32\x14.Match.CapturesEntry\x1a;\n\rCapturesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x19\n\x05value\x18\x02 \x01(\x0b\x32\n.Addresses:\x02\x38\x01\x42\x06\n\x04node\"U\n\x0cMatchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05match\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x82\x01\n\x08Metadata\x12\x11\n\ttimestamp\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04\x61rgv\x18\x03 \x03(\t\x12\x17\n\x06sample\x18\x04 \x01(\x0b\x32\x07.Sample\x12\x1b\n\x08\x61nalysis\x18\x05 \x01(\x0b\x32\t.Analysis\x12\x0e\n\x06\x66lavor\x18\x06 \x01(\t\"[\n\x0fMnemonicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x10\n\x08mnemonic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10NamespaceFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\rNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x17\n\x06number\x18\x02 \x01(\x0b\x32\x07.Number\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"O\n\tOSFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\n\n\x02os\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"a\n\rOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x06offset\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_number\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_offset\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"|\n\x0fPropertyFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tproperty_\x18\x02 \x01(\t\x12\x13\n\x06\x61\x63\x63\x65ss\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x42\t\n\x07_accessB\x0e\n\x0c_description\"\x7f\n\x0eRangeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03min\x18\x02 \x01(\x04\x12\x0b\n\x03max\x18\x03 \x01(\x04\x12\x1b\n\x05\x63hild\x18\x04 \x01(\x0b\x32\x0c.FeatureNode\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"U\n\x0cRegexFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05regex\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x90\x01\n\x0eResultDocument\x12\x17\n\x04meta\x18\x01 \x01(\x0b\x32\t.Metadata\x12)\n\x05rules\x18\x02 \x03(\x0b\x32\x1a.ResultDocument.RulesEntry\x1a:\n\nRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x1b\n\x05value\x18\x02 \x01(\x0b\x32\x0c.RuleMatches:\x02\x38\x01\"`\n\x0bRuleMatches\x12\x1b\n\x04meta\x18\x01 \x01(\x0b\x32\r.RuleMetadata\x12\x0e\n\x06source\x18\x02 \x01(\t\x12$\n\x07matches\x18\x03 \x03(\x0b\x32\x13.Pair_Address_Match\"\x8a\x02\n\x0cRuleMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x0f\n\x07\x61uthors\x18\x03 \x03(\t\x12\x15\n\x05scope\x18\x04 \x01(\x0e\x32\x06.Scope\x12\x1b\n\x06\x61ttack\x18\x05 \x03(\x0b\x32\x0b.AttackSpec\x12\x15\n\x03mbc\x18\x06 \x03(\x0b\x32\x08.MBCSpec\x12\x12\n\nreferences\x18\x07 \x03(\t\x12\x10\n\x08\x65xamples\x18\x08 \x03(\t\x12\x13\n\x0b\x64\x65scription\x18\t \x01(\t\x12\x0b\n\x03lib\x18\n \x01(\x08\x12\x1b\n\x04maec\x18\x0b \x01(\x0b\x32\r.MaecMetadata\x12\x18\n\x10is_subscope_rule\x18\x0c \x01(\x08\"A\n\x06Sample\x12\x0b\n\x03md5\x18\x01 \x01(\t\x12\x0c\n\x04sha1\x18\x02 \x01(\t\x12\x0e\n\x06sha256\x18\x03 \x01(\t\x12\x0c\n\x04path\x18\x04 \x01(\t\"Y\n\x0eSectionFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07section\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\rSomeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\r\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xbc\x01\n\rStatementNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12 \n\x05range\x18\x02 \x01(\x0b\x32\x0f.RangeStatementH\x00\x12\x1e\n\x04some\x18\x03 \x01(\x0b\x32\x0e.SomeStatementH\x00\x12&\n\x08subscope\x18\x04 \x01(\x0b\x32\x12.SubscopeStatementH\x00\x12&\n\x08\x63ompound\x18\x05 \x01(\x0b\x32\x12.CompoundStatementH\x00\x42\x0b\n\tstatement\"W\n\rStringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06string\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"b\n\x11SubscopeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\x05scope\x18\x02 \x01(\x0e\x32\x06.Scope\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10SubstringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tsubstring\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"&\n\tAddresses\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x03(\x0b\x32\x08.Address\"F\n\x12Pair_Address_Match\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x15\n\x05match\x18\x02 \x01(\x0b\x32\x06.Match\"7\n\x0cToken_Offset\x12\x17\n\x05token\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x0e\n\x06offset\x18\x02 \x01(\x04\",\n\x07Integer\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x42\x07\n\x05value\"8\n\x06Number\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x12\x0b\n\x01\x66\x18\x03 \x01(\x01H\x00\x42\x07\n\x05value*\xcb\x01\n\x0b\x41\x64\x64ressType\x12\x1b\n\x17\x41\x44\x44RESSTYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14\x41\x44\x44RESSTYPE_ABSOLUTE\x10\x01\x12\x18\n\x14\x41\x44\x44RESSTYPE_RELATIVE\x10\x02\x12\x14\n\x10\x41\x44\x44RESSTYPE_FILE\x10\x03\x12\x18\n\x14\x41\x44\x44RESSTYPE_DN_TOKEN\x10\x04\x12\x1f\n\x1b\x41\x44\x44RESSTYPE_DN_TOKEN_OFFSET\x10\x05\x12\x1a\n\x16\x41\x44\x44RESSTYPE_NO_ADDRESS\x10\x06*p\n\x05Scope\x12\x15\n\x11SCOPE_UNSPECIFIED\x10\x00\x12\x0e\n\nSCOPE_FILE\x10\x01\x12\x12\n\x0eSCOPE_FUNCTION\x10\x02\x12\x15\n\x11SCOPE_BASIC_BLOCK\x10\x03\x12\x15\n\x11SCOPE_INSTRUCTION\x10\x04\x62\x06proto3' +) + +_ADDRESSTYPE = _descriptor.EnumDescriptor( + name='AddressType', + full_name='AddressType', + filename=None, + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + values=[ + _descriptor.EnumValueDescriptor( + name='ADDRESSTYPE_UNSPECIFIED', index=0, number=0, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='ADDRESSTYPE_ABSOLUTE', index=1, number=1, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='ADDRESSTYPE_RELATIVE', index=2, number=2, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='ADDRESSTYPE_FILE', index=3, number=3, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='ADDRESSTYPE_DN_TOKEN', index=4, number=4, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='ADDRESSTYPE_DN_TOKEN_OFFSET', index=5, number=5, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='ADDRESSTYPE_NO_ADDRESS', index=6, number=6, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + ], + containing_type=None, + serialized_options=None, + serialized_start=6023, + serialized_end=6226, +) +_sym_db.RegisterEnumDescriptor(_ADDRESSTYPE) + +AddressType = enum_type_wrapper.EnumTypeWrapper(_ADDRESSTYPE) +_SCOPE = _descriptor.EnumDescriptor( + name='Scope', + full_name='Scope', + filename=None, + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + values=[ + _descriptor.EnumValueDescriptor( + name='SCOPE_UNSPECIFIED', index=0, number=0, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='SCOPE_FILE', index=1, number=1, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='SCOPE_FUNCTION', index=2, number=2, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='SCOPE_BASIC_BLOCK', index=3, number=3, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='SCOPE_INSTRUCTION', index=4, number=4, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + ], + containing_type=None, + serialized_options=None, + serialized_start=6228, + serialized_end=6340, +) +_sym_db.RegisterEnumDescriptor(_SCOPE) + +Scope = enum_type_wrapper.EnumTypeWrapper(_SCOPE) +ADDRESSTYPE_UNSPECIFIED = 0 +ADDRESSTYPE_ABSOLUTE = 1 +ADDRESSTYPE_RELATIVE = 2 +ADDRESSTYPE_FILE = 3 +ADDRESSTYPE_DN_TOKEN = 4 +ADDRESSTYPE_DN_TOKEN_OFFSET = 5 +ADDRESSTYPE_NO_ADDRESS = 6 +SCOPE_UNSPECIFIED = 0 +SCOPE_FILE = 1 +SCOPE_FUNCTION = 2 +SCOPE_BASIC_BLOCK = 3 +SCOPE_INSTRUCTION = 4 + + + +_APIFEATURE = _descriptor.Descriptor( + name='APIFeature', + full_name='APIFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='APIFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='api', full_name='APIFeature.api', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='APIFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='APIFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=32, + serialized_end=113, +) + + +_ADDRESS = _descriptor.Descriptor( + name='Address', + full_name='Address', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='Address.type', index=0, + number=1, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='v', full_name='Address.v', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='token_offset', full_name='Address.token_offset', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='value', full_name='Address.value', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=115, + serialized_end=223, +) + + +_ANALYSIS = _descriptor.Descriptor( + name='Analysis', + full_name='Analysis', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='format', full_name='Analysis.format', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='arch', full_name='Analysis.arch', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='os', full_name='Analysis.os', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='extractor', full_name='Analysis.extractor', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='rules', full_name='Analysis.rules', index=4, + number=5, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='base_address', full_name='Analysis.base_address', index=5, + number=6, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='layout', full_name='Analysis.layout', index=6, + number=7, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='feature_counts', full_name='Analysis.feature_counts', index=7, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='library_functions', full_name='Analysis.library_functions', index=8, + number=9, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=226, + serialized_end=454, +) + + +_ARCHFEATURE = _descriptor.Descriptor( + name='ArchFeature', + full_name='ArchFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='ArchFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='arch', full_name='ArchFeature.arch', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='ArchFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='ArchFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=456, + serialized_end=539, +) + + +_ATTACKSPEC = _descriptor.Descriptor( + name='AttackSpec', + full_name='AttackSpec', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='parts', full_name='AttackSpec.parts', index=0, + number=1, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='tactic', full_name='AttackSpec.tactic', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='technique', full_name='AttackSpec.technique', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='subtechnique', full_name='AttackSpec.subtechnique', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='id', full_name='AttackSpec.id', index=4, + number=5, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=541, + serialized_end=637, +) + + +_BASICBLOCKFEATURE = _descriptor.Descriptor( + name='BasicBlockFeature', + full_name='BasicBlockFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='BasicBlockFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='BasicBlockFeature.description', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='BasicBlockFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=639, + serialized_end=714, +) + + +_BASICBLOCKLAYOUT = _descriptor.Descriptor( + name='BasicBlockLayout', + full_name='BasicBlockLayout', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='address', full_name='BasicBlockLayout.address', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=716, + serialized_end=761, +) + + +_BYTESFEATURE = _descriptor.Descriptor( + name='BytesFeature', + full_name='BytesFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='BytesFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='bytes', full_name='BytesFeature.bytes', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='BytesFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='BytesFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=763, + serialized_end=848, +) + + +_CHARACTERISTICFEATURE = _descriptor.Descriptor( + name='CharacteristicFeature', + full_name='CharacteristicFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='CharacteristicFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='characteristic', full_name='CharacteristicFeature.characteristic', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='CharacteristicFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='CharacteristicFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=850, + serialized_end=953, +) + + +_CLASSFEATURE = _descriptor.Descriptor( + name='ClassFeature', + full_name='ClassFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='ClassFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='class_', full_name='ClassFeature.class_', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='ClassFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='ClassFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=955, + serialized_end=1041, +) + + +_COMPOUNDSTATEMENT = _descriptor.Descriptor( + name='CompoundStatement', + full_name='CompoundStatement', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='CompoundStatement.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='CompoundStatement.description', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='CompoundStatement._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=1043, + serialized_end=1118, +) + + +_EXPORTFEATURE = _descriptor.Descriptor( + name='ExportFeature', + full_name='ExportFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='ExportFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='export', full_name='ExportFeature.export', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='ExportFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='ExportFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=1120, + serialized_end=1207, +) + + +_FEATURECOUNTS = _descriptor.Descriptor( + name='FeatureCounts', + full_name='FeatureCounts', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='file', full_name='FeatureCounts.file', index=0, + number=1, type=4, cpp_type=4, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='functions', full_name='FeatureCounts.functions', index=1, + number=2, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1209, + serialized_end=1280, +) + + +_FEATURENODE = _descriptor.Descriptor( + name='FeatureNode', + full_name='FeatureNode', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='FeatureNode.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='os', full_name='FeatureNode.os', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='arch', full_name='FeatureNode.arch', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='format', full_name='FeatureNode.format', index=3, + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='match', full_name='FeatureNode.match', index=4, + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='characteristic', full_name='FeatureNode.characteristic', index=5, + number=6, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='export', full_name='FeatureNode.export', index=6, + number=7, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='import_', full_name='FeatureNode.import_', index=7, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='section', full_name='FeatureNode.section', index=8, + number=9, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='function_name', full_name='FeatureNode.function_name', index=9, + number=10, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='substring', full_name='FeatureNode.substring', index=10, + number=11, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='regex', full_name='FeatureNode.regex', index=11, + number=12, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='string', full_name='FeatureNode.string', index=12, + number=13, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='class_', full_name='FeatureNode.class_', index=13, + number=14, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='namespace', full_name='FeatureNode.namespace', index=14, + number=15, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='api', full_name='FeatureNode.api', index=15, + number=16, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='property_', full_name='FeatureNode.property_', index=16, + number=17, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='number', full_name='FeatureNode.number', index=17, + number=18, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='bytes', full_name='FeatureNode.bytes', index=18, + number=19, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='offset', full_name='FeatureNode.offset', index=19, + number=20, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='mnemonic', full_name='FeatureNode.mnemonic', index=20, + number=21, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='operand_number', full_name='FeatureNode.operand_number', index=21, + number=22, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='operand_offset', full_name='FeatureNode.operand_offset', index=22, + number=23, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='basic_block', full_name='FeatureNode.basic_block', index=23, + number=24, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='feature', full_name='FeatureNode.feature', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=1283, + serialized_end=2170, +) + + +_FORMATFEATURE = _descriptor.Descriptor( + name='FormatFeature', + full_name='FormatFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='FormatFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='format', full_name='FormatFeature.format', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='FormatFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='FormatFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=2172, + serialized_end=2259, +) + + +_FUNCTIONFEATURECOUNT = _descriptor.Descriptor( + name='FunctionFeatureCount', + full_name='FunctionFeatureCount', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='address', full_name='FunctionFeatureCount.address', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='count', full_name='FunctionFeatureCount.count', index=1, + number=2, type=4, cpp_type=4, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=2261, + serialized_end=2325, +) + + +_FUNCTIONLAYOUT = _descriptor.Descriptor( + name='FunctionLayout', + full_name='FunctionLayout', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='address', full_name='FunctionLayout.address', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='matched_basic_blocks', full_name='FunctionLayout.matched_basic_blocks', index=1, + number=2, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=2327, + serialized_end=2419, +) + + +_FUNCTIONNAMEFEATURE = _descriptor.Descriptor( + name='FunctionNameFeature', + full_name='FunctionNameFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='FunctionNameFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='function_name', full_name='FunctionNameFeature.function_name', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='FunctionNameFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='FunctionNameFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=2421, + serialized_end=2521, +) + + +_IMPORTFEATURE = _descriptor.Descriptor( + name='ImportFeature', + full_name='ImportFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='ImportFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='import_', full_name='ImportFeature.import_', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='ImportFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='ImportFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=2523, + serialized_end=2611, +) + + +_LAYOUT = _descriptor.Descriptor( + name='Layout', + full_name='Layout', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='functions', full_name='Layout.functions', index=0, + number=1, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=2613, + serialized_end=2657, +) + + +_LIBRARYFUNCTION = _descriptor.Descriptor( + name='LibraryFunction', + full_name='LibraryFunction', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='address', full_name='LibraryFunction.address', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='name', full_name='LibraryFunction.name', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=2659, + serialized_end=2717, +) + + +_MBCSPEC = _descriptor.Descriptor( + name='MBCSpec', + full_name='MBCSpec', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='parts', full_name='MBCSpec.parts', index=0, + number=1, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='objective', full_name='MBCSpec.objective', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='behavior', full_name='MBCSpec.behavior', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='method', full_name='MBCSpec.method', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='id', full_name='MBCSpec.id', index=4, + number=5, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=2719, + serialized_end=2808, +) + + +_MAECMETADATA = _descriptor.Descriptor( + name='MaecMetadata', + full_name='MaecMetadata', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='analysis_conclusion', full_name='MaecMetadata.analysis_conclusion', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='analysis_conclusion_ov', full_name='MaecMetadata.analysis_conclusion_ov', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='malware_family', full_name='MaecMetadata.malware_family', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='malware_category', full_name='MaecMetadata.malware_category', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='malware_category_ov', full_name='MaecMetadata.malware_category_ov', index=4, + number=5, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=2811, + serialized_end=2965, +) + + +_MATCH_CAPTURESENTRY = _descriptor.Descriptor( + name='CapturesEntry', + full_name='Match.CapturesEntry', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='key', full_name='Match.CapturesEntry.key', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='value', full_name='Match.CapturesEntry.value', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=b'8\001', + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=3159, + serialized_end=3218, +) + +_MATCH = _descriptor.Descriptor( + name='Match', + full_name='Match', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='success', full_name='Match.success', index=0, + number=1, type=8, cpp_type=7, label=1, + has_default_value=False, default_value=False, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='statement', full_name='Match.statement', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='feature', full_name='Match.feature', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='children', full_name='Match.children', index=3, + number=5, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='locations', full_name='Match.locations', index=4, + number=6, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='captures', full_name='Match.captures', index=5, + number=7, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[_MATCH_CAPTURESENTRY, ], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='node', full_name='Match.node', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=2968, + serialized_end=3226, +) + + +_MATCHFEATURE = _descriptor.Descriptor( + name='MatchFeature', + full_name='MatchFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='MatchFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='match', full_name='MatchFeature.match', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='MatchFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='MatchFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=3228, + serialized_end=3313, +) + + +_METADATA = _descriptor.Descriptor( + name='Metadata', + full_name='Metadata', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='timestamp', full_name='Metadata.timestamp', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='version', full_name='Metadata.version', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='argv', full_name='Metadata.argv', index=2, + number=3, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='sample', full_name='Metadata.sample', index=3, + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='analysis', full_name='Metadata.analysis', index=4, + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='flavor', full_name='Metadata.flavor', index=5, + number=6, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=3316, + serialized_end=3446, +) + + +_MNEMONICFEATURE = _descriptor.Descriptor( + name='MnemonicFeature', + full_name='MnemonicFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='MnemonicFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='mnemonic', full_name='MnemonicFeature.mnemonic', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='MnemonicFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='MnemonicFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=3448, + serialized_end=3539, +) + + +_NAMESPACEFEATURE = _descriptor.Descriptor( + name='NamespaceFeature', + full_name='NamespaceFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='NamespaceFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='namespace', full_name='NamespaceFeature.namespace', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='NamespaceFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='NamespaceFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=3541, + serialized_end=3634, +) + + +_NUMBERFEATURE = _descriptor.Descriptor( + name='NumberFeature', + full_name='NumberFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='NumberFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='number', full_name='NumberFeature.number', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='NumberFeature.description', index=2, + number=5, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='NumberFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=3636, + serialized_end=3732, +) + + +_OSFEATURE = _descriptor.Descriptor( + name='OSFeature', + full_name='OSFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='OSFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='os', full_name='OSFeature.os', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='OSFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='OSFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=3734, + serialized_end=3813, +) + + +_OFFSETFEATURE = _descriptor.Descriptor( + name='OffsetFeature', + full_name='OffsetFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='OffsetFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='offset', full_name='OffsetFeature.offset', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='OffsetFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='OffsetFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=3815, + serialized_end=3912, +) + + +_OPERANDNUMBERFEATURE = _descriptor.Descriptor( + name='OperandNumberFeature', + full_name='OperandNumberFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='OperandNumberFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='index', full_name='OperandNumberFeature.index', index=1, + number=2, type=13, cpp_type=3, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='operand_number', full_name='OperandNumberFeature.operand_number', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='OperandNumberFeature.description', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='OperandNumberFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=3914, + serialized_end=4041, +) + + +_OPERANDOFFSETFEATURE = _descriptor.Descriptor( + name='OperandOffsetFeature', + full_name='OperandOffsetFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='OperandOffsetFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='index', full_name='OperandOffsetFeature.index', index=1, + number=2, type=13, cpp_type=3, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='operand_offset', full_name='OperandOffsetFeature.operand_offset', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='OperandOffsetFeature.description', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='OperandOffsetFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=4043, + serialized_end=4170, +) + + +_PROPERTYFEATURE = _descriptor.Descriptor( + name='PropertyFeature', + full_name='PropertyFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='PropertyFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='property_', full_name='PropertyFeature.property_', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='access', full_name='PropertyFeature.access', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='PropertyFeature.description', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_access', full_name='PropertyFeature._access', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + _descriptor.OneofDescriptor( + name='_description', full_name='PropertyFeature._description', + index=1, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=4172, + serialized_end=4296, +) + + +_RANGESTATEMENT = _descriptor.Descriptor( + name='RangeStatement', + full_name='RangeStatement', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='RangeStatement.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='min', full_name='RangeStatement.min', index=1, + number=2, type=4, cpp_type=4, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='max', full_name='RangeStatement.max', index=2, + number=3, type=4, cpp_type=4, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='child', full_name='RangeStatement.child', index=3, + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='RangeStatement.description', index=4, + number=5, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='RangeStatement._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=4298, + serialized_end=4425, +) + + +_REGEXFEATURE = _descriptor.Descriptor( + name='RegexFeature', + full_name='RegexFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='RegexFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='regex', full_name='RegexFeature.regex', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='RegexFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='RegexFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=4427, + serialized_end=4512, +) + + +_RESULTDOCUMENT_RULESENTRY = _descriptor.Descriptor( + name='RulesEntry', + full_name='ResultDocument.RulesEntry', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='key', full_name='ResultDocument.RulesEntry.key', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='value', full_name='ResultDocument.RulesEntry.value', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=b'8\001', + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=4601, + serialized_end=4659, +) + +_RESULTDOCUMENT = _descriptor.Descriptor( + name='ResultDocument', + full_name='ResultDocument', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='meta', full_name='ResultDocument.meta', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='rules', full_name='ResultDocument.rules', index=1, + number=2, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[_RESULTDOCUMENT_RULESENTRY, ], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=4515, + serialized_end=4659, +) + + +_RULEMATCHES = _descriptor.Descriptor( + name='RuleMatches', + full_name='RuleMatches', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='meta', full_name='RuleMatches.meta', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='source', full_name='RuleMatches.source', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='matches', full_name='RuleMatches.matches', index=2, + number=3, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=4661, + serialized_end=4757, +) + + +_RULEMETADATA = _descriptor.Descriptor( + name='RuleMetadata', + full_name='RuleMetadata', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='RuleMetadata.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='namespace', full_name='RuleMetadata.namespace', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='authors', full_name='RuleMetadata.authors', index=2, + number=3, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='scope', full_name='RuleMetadata.scope', index=3, + number=4, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='attack', full_name='RuleMetadata.attack', index=4, + number=5, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='mbc', full_name='RuleMetadata.mbc', index=5, + number=6, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='references', full_name='RuleMetadata.references', index=6, + number=7, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='examples', full_name='RuleMetadata.examples', index=7, + number=8, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='RuleMetadata.description', index=8, + number=9, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='lib', full_name='RuleMetadata.lib', index=9, + number=10, type=8, cpp_type=7, label=1, + has_default_value=False, default_value=False, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='maec', full_name='RuleMetadata.maec', index=10, + number=11, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='is_subscope_rule', full_name='RuleMetadata.is_subscope_rule', index=11, + number=12, type=8, cpp_type=7, label=1, + has_default_value=False, default_value=False, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=4760, + serialized_end=5026, +) + + +_SAMPLE = _descriptor.Descriptor( + name='Sample', + full_name='Sample', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='md5', full_name='Sample.md5', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='sha1', full_name='Sample.sha1', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='sha256', full_name='Sample.sha256', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='path', full_name='Sample.path', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=5028, + serialized_end=5093, +) + + +_SECTIONFEATURE = _descriptor.Descriptor( + name='SectionFeature', + full_name='SectionFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='SectionFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='section', full_name='SectionFeature.section', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='SectionFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='SectionFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5095, + serialized_end=5184, +) + + +_SOMESTATEMENT = _descriptor.Descriptor( + name='SomeStatement', + full_name='SomeStatement', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='SomeStatement.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='count', full_name='SomeStatement.count', index=1, + number=2, type=13, cpp_type=3, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='SomeStatement.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='SomeStatement._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5186, + serialized_end=5272, +) + + +_STATEMENTNODE = _descriptor.Descriptor( + name='StatementNode', + full_name='StatementNode', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='StatementNode.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='range', full_name='StatementNode.range', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='some', full_name='StatementNode.some', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='subscope', full_name='StatementNode.subscope', index=3, + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='compound', full_name='StatementNode.compound', index=4, + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='statement', full_name='StatementNode.statement', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5275, + serialized_end=5463, +) + + +_STRINGFEATURE = _descriptor.Descriptor( + name='StringFeature', + full_name='StringFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='StringFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='string', full_name='StringFeature.string', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='StringFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='StringFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5465, + serialized_end=5552, +) + + +_SUBSCOPESTATEMENT = _descriptor.Descriptor( + name='SubscopeStatement', + full_name='SubscopeStatement', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='SubscopeStatement.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='scope', full_name='SubscopeStatement.scope', index=1, + number=2, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='SubscopeStatement.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='SubscopeStatement._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5554, + serialized_end=5652, +) + + +_SUBSTRINGFEATURE = _descriptor.Descriptor( + name='SubstringFeature', + full_name='SubstringFeature', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='type', full_name='SubstringFeature.type', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='substring', full_name='SubstringFeature.substring', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='description', full_name='SubstringFeature.description', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=b"".decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='_description', full_name='SubstringFeature._description', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5654, + serialized_end=5747, +) + + +_ADDRESSES = _descriptor.Descriptor( + name='Addresses', + full_name='Addresses', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='address', full_name='Addresses.address', index=0, + number=1, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=5749, + serialized_end=5787, +) + + +_PAIR_ADDRESS_MATCH = _descriptor.Descriptor( + name='Pair_Address_Match', + full_name='Pair_Address_Match', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='address', full_name='Pair_Address_Match.address', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='match', full_name='Pair_Address_Match.match', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=5789, + serialized_end=5859, +) + + +_TOKEN_OFFSET = _descriptor.Descriptor( + name='Token_Offset', + full_name='Token_Offset', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='token', full_name='Token_Offset.token', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='offset', full_name='Token_Offset.offset', index=1, + number=2, type=4, cpp_type=4, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=5861, + serialized_end=5916, +) + + +_INTEGER = _descriptor.Descriptor( + name='Integer', + full_name='Integer', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='u', full_name='Integer.u', index=0, + number=1, type=4, cpp_type=4, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='i', full_name='Integer.i', index=1, + number=2, type=18, cpp_type=2, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='value', full_name='Integer.value', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5918, + serialized_end=5962, +) + + +_NUMBER = _descriptor.Descriptor( + name='Number', + full_name='Number', + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name='u', full_name='Number.u', index=0, + number=1, type=4, cpp_type=4, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='i', full_name='Number.i', index=1, + number=2, type=18, cpp_type=2, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + _descriptor.FieldDescriptor( + name='f', full_name='Number.f', index=2, + number=3, type=1, cpp_type=5, label=1, + has_default_value=False, default_value=float(0), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='value', full_name='Number.value', + index=0, containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[]), + ], + serialized_start=5964, + serialized_end=6020, +) + +_APIFEATURE.oneofs_by_name['_description'].fields.append( + _APIFEATURE.fields_by_name['description']) +_APIFEATURE.fields_by_name['description'].containing_oneof = _APIFEATURE.oneofs_by_name['_description'] +_ADDRESS.fields_by_name['type'].enum_type = _ADDRESSTYPE +_ADDRESS.fields_by_name['v'].message_type = _INTEGER +_ADDRESS.fields_by_name['token_offset'].message_type = _TOKEN_OFFSET +_ADDRESS.oneofs_by_name['value'].fields.append( + _ADDRESS.fields_by_name['v']) +_ADDRESS.fields_by_name['v'].containing_oneof = _ADDRESS.oneofs_by_name['value'] +_ADDRESS.oneofs_by_name['value'].fields.append( + _ADDRESS.fields_by_name['token_offset']) +_ADDRESS.fields_by_name['token_offset'].containing_oneof = _ADDRESS.oneofs_by_name['value'] +_ANALYSIS.fields_by_name['base_address'].message_type = _ADDRESS +_ANALYSIS.fields_by_name['layout'].message_type = _LAYOUT +_ANALYSIS.fields_by_name['feature_counts'].message_type = _FEATURECOUNTS +_ANALYSIS.fields_by_name['library_functions'].message_type = _LIBRARYFUNCTION +_ARCHFEATURE.oneofs_by_name['_description'].fields.append( + _ARCHFEATURE.fields_by_name['description']) +_ARCHFEATURE.fields_by_name['description'].containing_oneof = _ARCHFEATURE.oneofs_by_name['_description'] +_BASICBLOCKFEATURE.oneofs_by_name['_description'].fields.append( + _BASICBLOCKFEATURE.fields_by_name['description']) +_BASICBLOCKFEATURE.fields_by_name['description'].containing_oneof = _BASICBLOCKFEATURE.oneofs_by_name['_description'] +_BASICBLOCKLAYOUT.fields_by_name['address'].message_type = _ADDRESS +_BYTESFEATURE.oneofs_by_name['_description'].fields.append( + _BYTESFEATURE.fields_by_name['description']) +_BYTESFEATURE.fields_by_name['description'].containing_oneof = _BYTESFEATURE.oneofs_by_name['_description'] +_CHARACTERISTICFEATURE.oneofs_by_name['_description'].fields.append( + _CHARACTERISTICFEATURE.fields_by_name['description']) +_CHARACTERISTICFEATURE.fields_by_name['description'].containing_oneof = _CHARACTERISTICFEATURE.oneofs_by_name['_description'] +_CLASSFEATURE.oneofs_by_name['_description'].fields.append( + _CLASSFEATURE.fields_by_name['description']) +_CLASSFEATURE.fields_by_name['description'].containing_oneof = _CLASSFEATURE.oneofs_by_name['_description'] +_COMPOUNDSTATEMENT.oneofs_by_name['_description'].fields.append( + _COMPOUNDSTATEMENT.fields_by_name['description']) +_COMPOUNDSTATEMENT.fields_by_name['description'].containing_oneof = _COMPOUNDSTATEMENT.oneofs_by_name['_description'] +_EXPORTFEATURE.oneofs_by_name['_description'].fields.append( + _EXPORTFEATURE.fields_by_name['description']) +_EXPORTFEATURE.fields_by_name['description'].containing_oneof = _EXPORTFEATURE.oneofs_by_name['_description'] +_FEATURECOUNTS.fields_by_name['functions'].message_type = _FUNCTIONFEATURECOUNT +_FEATURENODE.fields_by_name['os'].message_type = _OSFEATURE +_FEATURENODE.fields_by_name['arch'].message_type = _ARCHFEATURE +_FEATURENODE.fields_by_name['format'].message_type = _FORMATFEATURE +_FEATURENODE.fields_by_name['match'].message_type = _MATCHFEATURE +_FEATURENODE.fields_by_name['characteristic'].message_type = _CHARACTERISTICFEATURE +_FEATURENODE.fields_by_name['export'].message_type = _EXPORTFEATURE +_FEATURENODE.fields_by_name['import_'].message_type = _IMPORTFEATURE +_FEATURENODE.fields_by_name['section'].message_type = _SECTIONFEATURE +_FEATURENODE.fields_by_name['function_name'].message_type = _FUNCTIONNAMEFEATURE +_FEATURENODE.fields_by_name['substring'].message_type = _SUBSTRINGFEATURE +_FEATURENODE.fields_by_name['regex'].message_type = _REGEXFEATURE +_FEATURENODE.fields_by_name['string'].message_type = _STRINGFEATURE +_FEATURENODE.fields_by_name['class_'].message_type = _CLASSFEATURE +_FEATURENODE.fields_by_name['namespace'].message_type = _NAMESPACEFEATURE +_FEATURENODE.fields_by_name['api'].message_type = _APIFEATURE +_FEATURENODE.fields_by_name['property_'].message_type = _PROPERTYFEATURE +_FEATURENODE.fields_by_name['number'].message_type = _NUMBERFEATURE +_FEATURENODE.fields_by_name['bytes'].message_type = _BYTESFEATURE +_FEATURENODE.fields_by_name['offset'].message_type = _OFFSETFEATURE +_FEATURENODE.fields_by_name['mnemonic'].message_type = _MNEMONICFEATURE +_FEATURENODE.fields_by_name['operand_number'].message_type = _OPERANDNUMBERFEATURE +_FEATURENODE.fields_by_name['operand_offset'].message_type = _OPERANDOFFSETFEATURE +_FEATURENODE.fields_by_name['basic_block'].message_type = _BASICBLOCKFEATURE +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['os']) +_FEATURENODE.fields_by_name['os'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['arch']) +_FEATURENODE.fields_by_name['arch'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['format']) +_FEATURENODE.fields_by_name['format'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['match']) +_FEATURENODE.fields_by_name['match'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['characteristic']) +_FEATURENODE.fields_by_name['characteristic'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['export']) +_FEATURENODE.fields_by_name['export'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['import_']) +_FEATURENODE.fields_by_name['import_'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['section']) +_FEATURENODE.fields_by_name['section'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['function_name']) +_FEATURENODE.fields_by_name['function_name'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['substring']) +_FEATURENODE.fields_by_name['substring'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['regex']) +_FEATURENODE.fields_by_name['regex'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['string']) +_FEATURENODE.fields_by_name['string'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['class_']) +_FEATURENODE.fields_by_name['class_'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['namespace']) +_FEATURENODE.fields_by_name['namespace'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['api']) +_FEATURENODE.fields_by_name['api'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['property_']) +_FEATURENODE.fields_by_name['property_'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['number']) +_FEATURENODE.fields_by_name['number'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['bytes']) +_FEATURENODE.fields_by_name['bytes'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['offset']) +_FEATURENODE.fields_by_name['offset'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['mnemonic']) +_FEATURENODE.fields_by_name['mnemonic'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['operand_number']) +_FEATURENODE.fields_by_name['operand_number'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['operand_offset']) +_FEATURENODE.fields_by_name['operand_offset'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FEATURENODE.oneofs_by_name['feature'].fields.append( + _FEATURENODE.fields_by_name['basic_block']) +_FEATURENODE.fields_by_name['basic_block'].containing_oneof = _FEATURENODE.oneofs_by_name['feature'] +_FORMATFEATURE.oneofs_by_name['_description'].fields.append( + _FORMATFEATURE.fields_by_name['description']) +_FORMATFEATURE.fields_by_name['description'].containing_oneof = _FORMATFEATURE.oneofs_by_name['_description'] +_FUNCTIONFEATURECOUNT.fields_by_name['address'].message_type = _ADDRESS +_FUNCTIONLAYOUT.fields_by_name['address'].message_type = _ADDRESS +_FUNCTIONLAYOUT.fields_by_name['matched_basic_blocks'].message_type = _BASICBLOCKLAYOUT +_FUNCTIONNAMEFEATURE.oneofs_by_name['_description'].fields.append( + _FUNCTIONNAMEFEATURE.fields_by_name['description']) +_FUNCTIONNAMEFEATURE.fields_by_name['description'].containing_oneof = _FUNCTIONNAMEFEATURE.oneofs_by_name['_description'] +_IMPORTFEATURE.oneofs_by_name['_description'].fields.append( + _IMPORTFEATURE.fields_by_name['description']) +_IMPORTFEATURE.fields_by_name['description'].containing_oneof = _IMPORTFEATURE.oneofs_by_name['_description'] +_LAYOUT.fields_by_name['functions'].message_type = _FUNCTIONLAYOUT +_LIBRARYFUNCTION.fields_by_name['address'].message_type = _ADDRESS +_MATCH_CAPTURESENTRY.fields_by_name['value'].message_type = _ADDRESSES +_MATCH_CAPTURESENTRY.containing_type = _MATCH +_MATCH.fields_by_name['statement'].message_type = _STATEMENTNODE +_MATCH.fields_by_name['feature'].message_type = _FEATURENODE +_MATCH.fields_by_name['children'].message_type = _MATCH +_MATCH.fields_by_name['locations'].message_type = _ADDRESS +_MATCH.fields_by_name['captures'].message_type = _MATCH_CAPTURESENTRY +_MATCH.oneofs_by_name['node'].fields.append( + _MATCH.fields_by_name['statement']) +_MATCH.fields_by_name['statement'].containing_oneof = _MATCH.oneofs_by_name['node'] +_MATCH.oneofs_by_name['node'].fields.append( + _MATCH.fields_by_name['feature']) +_MATCH.fields_by_name['feature'].containing_oneof = _MATCH.oneofs_by_name['node'] +_MATCHFEATURE.oneofs_by_name['_description'].fields.append( + _MATCHFEATURE.fields_by_name['description']) +_MATCHFEATURE.fields_by_name['description'].containing_oneof = _MATCHFEATURE.oneofs_by_name['_description'] +_METADATA.fields_by_name['sample'].message_type = _SAMPLE +_METADATA.fields_by_name['analysis'].message_type = _ANALYSIS +_MNEMONICFEATURE.oneofs_by_name['_description'].fields.append( + _MNEMONICFEATURE.fields_by_name['description']) +_MNEMONICFEATURE.fields_by_name['description'].containing_oneof = _MNEMONICFEATURE.oneofs_by_name['_description'] +_NAMESPACEFEATURE.oneofs_by_name['_description'].fields.append( + _NAMESPACEFEATURE.fields_by_name['description']) +_NAMESPACEFEATURE.fields_by_name['description'].containing_oneof = _NAMESPACEFEATURE.oneofs_by_name['_description'] +_NUMBERFEATURE.fields_by_name['number'].message_type = _NUMBER +_NUMBERFEATURE.oneofs_by_name['_description'].fields.append( + _NUMBERFEATURE.fields_by_name['description']) +_NUMBERFEATURE.fields_by_name['description'].containing_oneof = _NUMBERFEATURE.oneofs_by_name['_description'] +_OSFEATURE.oneofs_by_name['_description'].fields.append( + _OSFEATURE.fields_by_name['description']) +_OSFEATURE.fields_by_name['description'].containing_oneof = _OSFEATURE.oneofs_by_name['_description'] +_OFFSETFEATURE.fields_by_name['offset'].message_type = _INTEGER +_OFFSETFEATURE.oneofs_by_name['_description'].fields.append( + _OFFSETFEATURE.fields_by_name['description']) +_OFFSETFEATURE.fields_by_name['description'].containing_oneof = _OFFSETFEATURE.oneofs_by_name['_description'] +_OPERANDNUMBERFEATURE.fields_by_name['operand_number'].message_type = _INTEGER +_OPERANDNUMBERFEATURE.oneofs_by_name['_description'].fields.append( + _OPERANDNUMBERFEATURE.fields_by_name['description']) +_OPERANDNUMBERFEATURE.fields_by_name['description'].containing_oneof = _OPERANDNUMBERFEATURE.oneofs_by_name['_description'] +_OPERANDOFFSETFEATURE.fields_by_name['operand_offset'].message_type = _INTEGER +_OPERANDOFFSETFEATURE.oneofs_by_name['_description'].fields.append( + _OPERANDOFFSETFEATURE.fields_by_name['description']) +_OPERANDOFFSETFEATURE.fields_by_name['description'].containing_oneof = _OPERANDOFFSETFEATURE.oneofs_by_name['_description'] +_PROPERTYFEATURE.oneofs_by_name['_access'].fields.append( + _PROPERTYFEATURE.fields_by_name['access']) +_PROPERTYFEATURE.fields_by_name['access'].containing_oneof = _PROPERTYFEATURE.oneofs_by_name['_access'] +_PROPERTYFEATURE.oneofs_by_name['_description'].fields.append( + _PROPERTYFEATURE.fields_by_name['description']) +_PROPERTYFEATURE.fields_by_name['description'].containing_oneof = _PROPERTYFEATURE.oneofs_by_name['_description'] +_RANGESTATEMENT.fields_by_name['child'].message_type = _FEATURENODE +_RANGESTATEMENT.oneofs_by_name['_description'].fields.append( + _RANGESTATEMENT.fields_by_name['description']) +_RANGESTATEMENT.fields_by_name['description'].containing_oneof = _RANGESTATEMENT.oneofs_by_name['_description'] +_REGEXFEATURE.oneofs_by_name['_description'].fields.append( + _REGEXFEATURE.fields_by_name['description']) +_REGEXFEATURE.fields_by_name['description'].containing_oneof = _REGEXFEATURE.oneofs_by_name['_description'] +_RESULTDOCUMENT_RULESENTRY.fields_by_name['value'].message_type = _RULEMATCHES +_RESULTDOCUMENT_RULESENTRY.containing_type = _RESULTDOCUMENT +_RESULTDOCUMENT.fields_by_name['meta'].message_type = _METADATA +_RESULTDOCUMENT.fields_by_name['rules'].message_type = _RESULTDOCUMENT_RULESENTRY +_RULEMATCHES.fields_by_name['meta'].message_type = _RULEMETADATA +_RULEMATCHES.fields_by_name['matches'].message_type = _PAIR_ADDRESS_MATCH +_RULEMETADATA.fields_by_name['scope'].enum_type = _SCOPE +_RULEMETADATA.fields_by_name['attack'].message_type = _ATTACKSPEC +_RULEMETADATA.fields_by_name['mbc'].message_type = _MBCSPEC +_RULEMETADATA.fields_by_name['maec'].message_type = _MAECMETADATA +_SECTIONFEATURE.oneofs_by_name['_description'].fields.append( + _SECTIONFEATURE.fields_by_name['description']) +_SECTIONFEATURE.fields_by_name['description'].containing_oneof = _SECTIONFEATURE.oneofs_by_name['_description'] +_SOMESTATEMENT.oneofs_by_name['_description'].fields.append( + _SOMESTATEMENT.fields_by_name['description']) +_SOMESTATEMENT.fields_by_name['description'].containing_oneof = _SOMESTATEMENT.oneofs_by_name['_description'] +_STATEMENTNODE.fields_by_name['range'].message_type = _RANGESTATEMENT +_STATEMENTNODE.fields_by_name['some'].message_type = _SOMESTATEMENT +_STATEMENTNODE.fields_by_name['subscope'].message_type = _SUBSCOPESTATEMENT +_STATEMENTNODE.fields_by_name['compound'].message_type = _COMPOUNDSTATEMENT +_STATEMENTNODE.oneofs_by_name['statement'].fields.append( + _STATEMENTNODE.fields_by_name['range']) +_STATEMENTNODE.fields_by_name['range'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] +_STATEMENTNODE.oneofs_by_name['statement'].fields.append( + _STATEMENTNODE.fields_by_name['some']) +_STATEMENTNODE.fields_by_name['some'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] +_STATEMENTNODE.oneofs_by_name['statement'].fields.append( + _STATEMENTNODE.fields_by_name['subscope']) +_STATEMENTNODE.fields_by_name['subscope'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] +_STATEMENTNODE.oneofs_by_name['statement'].fields.append( + _STATEMENTNODE.fields_by_name['compound']) +_STATEMENTNODE.fields_by_name['compound'].containing_oneof = _STATEMENTNODE.oneofs_by_name['statement'] +_STRINGFEATURE.oneofs_by_name['_description'].fields.append( + _STRINGFEATURE.fields_by_name['description']) +_STRINGFEATURE.fields_by_name['description'].containing_oneof = _STRINGFEATURE.oneofs_by_name['_description'] +_SUBSCOPESTATEMENT.fields_by_name['scope'].enum_type = _SCOPE +_SUBSCOPESTATEMENT.oneofs_by_name['_description'].fields.append( + _SUBSCOPESTATEMENT.fields_by_name['description']) +_SUBSCOPESTATEMENT.fields_by_name['description'].containing_oneof = _SUBSCOPESTATEMENT.oneofs_by_name['_description'] +_SUBSTRINGFEATURE.oneofs_by_name['_description'].fields.append( + _SUBSTRINGFEATURE.fields_by_name['description']) +_SUBSTRINGFEATURE.fields_by_name['description'].containing_oneof = _SUBSTRINGFEATURE.oneofs_by_name['_description'] +_ADDRESSES.fields_by_name['address'].message_type = _ADDRESS +_PAIR_ADDRESS_MATCH.fields_by_name['address'].message_type = _ADDRESS +_PAIR_ADDRESS_MATCH.fields_by_name['match'].message_type = _MATCH +_TOKEN_OFFSET.fields_by_name['token'].message_type = _INTEGER +_INTEGER.oneofs_by_name['value'].fields.append( + _INTEGER.fields_by_name['u']) +_INTEGER.fields_by_name['u'].containing_oneof = _INTEGER.oneofs_by_name['value'] +_INTEGER.oneofs_by_name['value'].fields.append( + _INTEGER.fields_by_name['i']) +_INTEGER.fields_by_name['i'].containing_oneof = _INTEGER.oneofs_by_name['value'] +_NUMBER.oneofs_by_name['value'].fields.append( + _NUMBER.fields_by_name['u']) +_NUMBER.fields_by_name['u'].containing_oneof = _NUMBER.oneofs_by_name['value'] +_NUMBER.oneofs_by_name['value'].fields.append( + _NUMBER.fields_by_name['i']) +_NUMBER.fields_by_name['i'].containing_oneof = _NUMBER.oneofs_by_name['value'] +_NUMBER.oneofs_by_name['value'].fields.append( + _NUMBER.fields_by_name['f']) +_NUMBER.fields_by_name['f'].containing_oneof = _NUMBER.oneofs_by_name['value'] +DESCRIPTOR.message_types_by_name['APIFeature'] = _APIFEATURE +DESCRIPTOR.message_types_by_name['Address'] = _ADDRESS +DESCRIPTOR.message_types_by_name['Analysis'] = _ANALYSIS +DESCRIPTOR.message_types_by_name['ArchFeature'] = _ARCHFEATURE +DESCRIPTOR.message_types_by_name['AttackSpec'] = _ATTACKSPEC +DESCRIPTOR.message_types_by_name['BasicBlockFeature'] = _BASICBLOCKFEATURE +DESCRIPTOR.message_types_by_name['BasicBlockLayout'] = _BASICBLOCKLAYOUT +DESCRIPTOR.message_types_by_name['BytesFeature'] = _BYTESFEATURE +DESCRIPTOR.message_types_by_name['CharacteristicFeature'] = _CHARACTERISTICFEATURE +DESCRIPTOR.message_types_by_name['ClassFeature'] = _CLASSFEATURE +DESCRIPTOR.message_types_by_name['CompoundStatement'] = _COMPOUNDSTATEMENT +DESCRIPTOR.message_types_by_name['ExportFeature'] = _EXPORTFEATURE +DESCRIPTOR.message_types_by_name['FeatureCounts'] = _FEATURECOUNTS +DESCRIPTOR.message_types_by_name['FeatureNode'] = _FEATURENODE +DESCRIPTOR.message_types_by_name['FormatFeature'] = _FORMATFEATURE +DESCRIPTOR.message_types_by_name['FunctionFeatureCount'] = _FUNCTIONFEATURECOUNT +DESCRIPTOR.message_types_by_name['FunctionLayout'] = _FUNCTIONLAYOUT +DESCRIPTOR.message_types_by_name['FunctionNameFeature'] = _FUNCTIONNAMEFEATURE +DESCRIPTOR.message_types_by_name['ImportFeature'] = _IMPORTFEATURE +DESCRIPTOR.message_types_by_name['Layout'] = _LAYOUT +DESCRIPTOR.message_types_by_name['LibraryFunction'] = _LIBRARYFUNCTION +DESCRIPTOR.message_types_by_name['MBCSpec'] = _MBCSPEC +DESCRIPTOR.message_types_by_name['MaecMetadata'] = _MAECMETADATA +DESCRIPTOR.message_types_by_name['Match'] = _MATCH +DESCRIPTOR.message_types_by_name['MatchFeature'] = _MATCHFEATURE +DESCRIPTOR.message_types_by_name['Metadata'] = _METADATA +DESCRIPTOR.message_types_by_name['MnemonicFeature'] = _MNEMONICFEATURE +DESCRIPTOR.message_types_by_name['NamespaceFeature'] = _NAMESPACEFEATURE +DESCRIPTOR.message_types_by_name['NumberFeature'] = _NUMBERFEATURE +DESCRIPTOR.message_types_by_name['OSFeature'] = _OSFEATURE +DESCRIPTOR.message_types_by_name['OffsetFeature'] = _OFFSETFEATURE +DESCRIPTOR.message_types_by_name['OperandNumberFeature'] = _OPERANDNUMBERFEATURE +DESCRIPTOR.message_types_by_name['OperandOffsetFeature'] = _OPERANDOFFSETFEATURE +DESCRIPTOR.message_types_by_name['PropertyFeature'] = _PROPERTYFEATURE +DESCRIPTOR.message_types_by_name['RangeStatement'] = _RANGESTATEMENT +DESCRIPTOR.message_types_by_name['RegexFeature'] = _REGEXFEATURE +DESCRIPTOR.message_types_by_name['ResultDocument'] = _RESULTDOCUMENT +DESCRIPTOR.message_types_by_name['RuleMatches'] = _RULEMATCHES +DESCRIPTOR.message_types_by_name['RuleMetadata'] = _RULEMETADATA +DESCRIPTOR.message_types_by_name['Sample'] = _SAMPLE +DESCRIPTOR.message_types_by_name['SectionFeature'] = _SECTIONFEATURE +DESCRIPTOR.message_types_by_name['SomeStatement'] = _SOMESTATEMENT +DESCRIPTOR.message_types_by_name['StatementNode'] = _STATEMENTNODE +DESCRIPTOR.message_types_by_name['StringFeature'] = _STRINGFEATURE +DESCRIPTOR.message_types_by_name['SubscopeStatement'] = _SUBSCOPESTATEMENT +DESCRIPTOR.message_types_by_name['SubstringFeature'] = _SUBSTRINGFEATURE +DESCRIPTOR.message_types_by_name['Addresses'] = _ADDRESSES +DESCRIPTOR.message_types_by_name['Pair_Address_Match'] = _PAIR_ADDRESS_MATCH +DESCRIPTOR.message_types_by_name['Token_Offset'] = _TOKEN_OFFSET +DESCRIPTOR.message_types_by_name['Integer'] = _INTEGER +DESCRIPTOR.message_types_by_name['Number'] = _NUMBER +DESCRIPTOR.enum_types_by_name['AddressType'] = _ADDRESSTYPE +DESCRIPTOR.enum_types_by_name['Scope'] = _SCOPE +_sym_db.RegisterFileDescriptor(DESCRIPTOR) + +APIFeature = _reflection.GeneratedProtocolMessageType('APIFeature', (_message.Message,), { + 'DESCRIPTOR' : _APIFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:APIFeature) + }) +_sym_db.RegisterMessage(APIFeature) + +Address = _reflection.GeneratedProtocolMessageType('Address', (_message.Message,), { + 'DESCRIPTOR' : _ADDRESS, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Address) + }) +_sym_db.RegisterMessage(Address) + +Analysis = _reflection.GeneratedProtocolMessageType('Analysis', (_message.Message,), { + 'DESCRIPTOR' : _ANALYSIS, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Analysis) + }) +_sym_db.RegisterMessage(Analysis) + +ArchFeature = _reflection.GeneratedProtocolMessageType('ArchFeature', (_message.Message,), { + 'DESCRIPTOR' : _ARCHFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:ArchFeature) + }) +_sym_db.RegisterMessage(ArchFeature) + +AttackSpec = _reflection.GeneratedProtocolMessageType('AttackSpec', (_message.Message,), { + 'DESCRIPTOR' : _ATTACKSPEC, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:AttackSpec) + }) +_sym_db.RegisterMessage(AttackSpec) + +BasicBlockFeature = _reflection.GeneratedProtocolMessageType('BasicBlockFeature', (_message.Message,), { + 'DESCRIPTOR' : _BASICBLOCKFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:BasicBlockFeature) + }) +_sym_db.RegisterMessage(BasicBlockFeature) + +BasicBlockLayout = _reflection.GeneratedProtocolMessageType('BasicBlockLayout', (_message.Message,), { + 'DESCRIPTOR' : _BASICBLOCKLAYOUT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:BasicBlockLayout) + }) +_sym_db.RegisterMessage(BasicBlockLayout) + +BytesFeature = _reflection.GeneratedProtocolMessageType('BytesFeature', (_message.Message,), { + 'DESCRIPTOR' : _BYTESFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:BytesFeature) + }) +_sym_db.RegisterMessage(BytesFeature) + +CharacteristicFeature = _reflection.GeneratedProtocolMessageType('CharacteristicFeature', (_message.Message,), { + 'DESCRIPTOR' : _CHARACTERISTICFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:CharacteristicFeature) + }) +_sym_db.RegisterMessage(CharacteristicFeature) + +ClassFeature = _reflection.GeneratedProtocolMessageType('ClassFeature', (_message.Message,), { + 'DESCRIPTOR' : _CLASSFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:ClassFeature) + }) +_sym_db.RegisterMessage(ClassFeature) + +CompoundStatement = _reflection.GeneratedProtocolMessageType('CompoundStatement', (_message.Message,), { + 'DESCRIPTOR' : _COMPOUNDSTATEMENT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:CompoundStatement) + }) +_sym_db.RegisterMessage(CompoundStatement) + +ExportFeature = _reflection.GeneratedProtocolMessageType('ExportFeature', (_message.Message,), { + 'DESCRIPTOR' : _EXPORTFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:ExportFeature) + }) +_sym_db.RegisterMessage(ExportFeature) + +FeatureCounts = _reflection.GeneratedProtocolMessageType('FeatureCounts', (_message.Message,), { + 'DESCRIPTOR' : _FEATURECOUNTS, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:FeatureCounts) + }) +_sym_db.RegisterMessage(FeatureCounts) + +FeatureNode = _reflection.GeneratedProtocolMessageType('FeatureNode', (_message.Message,), { + 'DESCRIPTOR' : _FEATURENODE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:FeatureNode) + }) +_sym_db.RegisterMessage(FeatureNode) + +FormatFeature = _reflection.GeneratedProtocolMessageType('FormatFeature', (_message.Message,), { + 'DESCRIPTOR' : _FORMATFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:FormatFeature) + }) +_sym_db.RegisterMessage(FormatFeature) + +FunctionFeatureCount = _reflection.GeneratedProtocolMessageType('FunctionFeatureCount', (_message.Message,), { + 'DESCRIPTOR' : _FUNCTIONFEATURECOUNT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:FunctionFeatureCount) + }) +_sym_db.RegisterMessage(FunctionFeatureCount) + +FunctionLayout = _reflection.GeneratedProtocolMessageType('FunctionLayout', (_message.Message,), { + 'DESCRIPTOR' : _FUNCTIONLAYOUT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:FunctionLayout) + }) +_sym_db.RegisterMessage(FunctionLayout) + +FunctionNameFeature = _reflection.GeneratedProtocolMessageType('FunctionNameFeature', (_message.Message,), { + 'DESCRIPTOR' : _FUNCTIONNAMEFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:FunctionNameFeature) + }) +_sym_db.RegisterMessage(FunctionNameFeature) + +ImportFeature = _reflection.GeneratedProtocolMessageType('ImportFeature', (_message.Message,), { + 'DESCRIPTOR' : _IMPORTFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:ImportFeature) + }) +_sym_db.RegisterMessage(ImportFeature) + +Layout = _reflection.GeneratedProtocolMessageType('Layout', (_message.Message,), { + 'DESCRIPTOR' : _LAYOUT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Layout) + }) +_sym_db.RegisterMessage(Layout) + +LibraryFunction = _reflection.GeneratedProtocolMessageType('LibraryFunction', (_message.Message,), { + 'DESCRIPTOR' : _LIBRARYFUNCTION, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:LibraryFunction) + }) +_sym_db.RegisterMessage(LibraryFunction) + +MBCSpec = _reflection.GeneratedProtocolMessageType('MBCSpec', (_message.Message,), { + 'DESCRIPTOR' : _MBCSPEC, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:MBCSpec) + }) +_sym_db.RegisterMessage(MBCSpec) + +MaecMetadata = _reflection.GeneratedProtocolMessageType('MaecMetadata', (_message.Message,), { + 'DESCRIPTOR' : _MAECMETADATA, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:MaecMetadata) + }) +_sym_db.RegisterMessage(MaecMetadata) + +Match = _reflection.GeneratedProtocolMessageType('Match', (_message.Message,), { + + 'CapturesEntry' : _reflection.GeneratedProtocolMessageType('CapturesEntry', (_message.Message,), { + 'DESCRIPTOR' : _MATCH_CAPTURESENTRY, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Match.CapturesEntry) + }) + , + 'DESCRIPTOR' : _MATCH, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Match) + }) +_sym_db.RegisterMessage(Match) +_sym_db.RegisterMessage(Match.CapturesEntry) + +MatchFeature = _reflection.GeneratedProtocolMessageType('MatchFeature', (_message.Message,), { + 'DESCRIPTOR' : _MATCHFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:MatchFeature) + }) +_sym_db.RegisterMessage(MatchFeature) + +Metadata = _reflection.GeneratedProtocolMessageType('Metadata', (_message.Message,), { + 'DESCRIPTOR' : _METADATA, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Metadata) + }) +_sym_db.RegisterMessage(Metadata) + +MnemonicFeature = _reflection.GeneratedProtocolMessageType('MnemonicFeature', (_message.Message,), { + 'DESCRIPTOR' : _MNEMONICFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:MnemonicFeature) + }) +_sym_db.RegisterMessage(MnemonicFeature) + +NamespaceFeature = _reflection.GeneratedProtocolMessageType('NamespaceFeature', (_message.Message,), { + 'DESCRIPTOR' : _NAMESPACEFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:NamespaceFeature) + }) +_sym_db.RegisterMessage(NamespaceFeature) + +NumberFeature = _reflection.GeneratedProtocolMessageType('NumberFeature', (_message.Message,), { + 'DESCRIPTOR' : _NUMBERFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:NumberFeature) + }) +_sym_db.RegisterMessage(NumberFeature) + +OSFeature = _reflection.GeneratedProtocolMessageType('OSFeature', (_message.Message,), { + 'DESCRIPTOR' : _OSFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:OSFeature) + }) +_sym_db.RegisterMessage(OSFeature) + +OffsetFeature = _reflection.GeneratedProtocolMessageType('OffsetFeature', (_message.Message,), { + 'DESCRIPTOR' : _OFFSETFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:OffsetFeature) + }) +_sym_db.RegisterMessage(OffsetFeature) + +OperandNumberFeature = _reflection.GeneratedProtocolMessageType('OperandNumberFeature', (_message.Message,), { + 'DESCRIPTOR' : _OPERANDNUMBERFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:OperandNumberFeature) + }) +_sym_db.RegisterMessage(OperandNumberFeature) + +OperandOffsetFeature = _reflection.GeneratedProtocolMessageType('OperandOffsetFeature', (_message.Message,), { + 'DESCRIPTOR' : _OPERANDOFFSETFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:OperandOffsetFeature) + }) +_sym_db.RegisterMessage(OperandOffsetFeature) + +PropertyFeature = _reflection.GeneratedProtocolMessageType('PropertyFeature', (_message.Message,), { + 'DESCRIPTOR' : _PROPERTYFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:PropertyFeature) + }) +_sym_db.RegisterMessage(PropertyFeature) + +RangeStatement = _reflection.GeneratedProtocolMessageType('RangeStatement', (_message.Message,), { + 'DESCRIPTOR' : _RANGESTATEMENT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:RangeStatement) + }) +_sym_db.RegisterMessage(RangeStatement) + +RegexFeature = _reflection.GeneratedProtocolMessageType('RegexFeature', (_message.Message,), { + 'DESCRIPTOR' : _REGEXFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:RegexFeature) + }) +_sym_db.RegisterMessage(RegexFeature) + +ResultDocument = _reflection.GeneratedProtocolMessageType('ResultDocument', (_message.Message,), { + + 'RulesEntry' : _reflection.GeneratedProtocolMessageType('RulesEntry', (_message.Message,), { + 'DESCRIPTOR' : _RESULTDOCUMENT_RULESENTRY, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:ResultDocument.RulesEntry) + }) + , + 'DESCRIPTOR' : _RESULTDOCUMENT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:ResultDocument) + }) +_sym_db.RegisterMessage(ResultDocument) +_sym_db.RegisterMessage(ResultDocument.RulesEntry) + +RuleMatches = _reflection.GeneratedProtocolMessageType('RuleMatches', (_message.Message,), { + 'DESCRIPTOR' : _RULEMATCHES, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:RuleMatches) + }) +_sym_db.RegisterMessage(RuleMatches) + +RuleMetadata = _reflection.GeneratedProtocolMessageType('RuleMetadata', (_message.Message,), { + 'DESCRIPTOR' : _RULEMETADATA, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:RuleMetadata) + }) +_sym_db.RegisterMessage(RuleMetadata) + +Sample = _reflection.GeneratedProtocolMessageType('Sample', (_message.Message,), { + 'DESCRIPTOR' : _SAMPLE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Sample) + }) +_sym_db.RegisterMessage(Sample) + +SectionFeature = _reflection.GeneratedProtocolMessageType('SectionFeature', (_message.Message,), { + 'DESCRIPTOR' : _SECTIONFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:SectionFeature) + }) +_sym_db.RegisterMessage(SectionFeature) + +SomeStatement = _reflection.GeneratedProtocolMessageType('SomeStatement', (_message.Message,), { + 'DESCRIPTOR' : _SOMESTATEMENT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:SomeStatement) + }) +_sym_db.RegisterMessage(SomeStatement) + +StatementNode = _reflection.GeneratedProtocolMessageType('StatementNode', (_message.Message,), { + 'DESCRIPTOR' : _STATEMENTNODE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:StatementNode) + }) +_sym_db.RegisterMessage(StatementNode) + +StringFeature = _reflection.GeneratedProtocolMessageType('StringFeature', (_message.Message,), { + 'DESCRIPTOR' : _STRINGFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:StringFeature) + }) +_sym_db.RegisterMessage(StringFeature) + +SubscopeStatement = _reflection.GeneratedProtocolMessageType('SubscopeStatement', (_message.Message,), { + 'DESCRIPTOR' : _SUBSCOPESTATEMENT, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:SubscopeStatement) + }) +_sym_db.RegisterMessage(SubscopeStatement) + +SubstringFeature = _reflection.GeneratedProtocolMessageType('SubstringFeature', (_message.Message,), { + 'DESCRIPTOR' : _SUBSTRINGFEATURE, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:SubstringFeature) + }) +_sym_db.RegisterMessage(SubstringFeature) + +Addresses = _reflection.GeneratedProtocolMessageType('Addresses', (_message.Message,), { + 'DESCRIPTOR' : _ADDRESSES, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Addresses) + }) +_sym_db.RegisterMessage(Addresses) + +Pair_Address_Match = _reflection.GeneratedProtocolMessageType('Pair_Address_Match', (_message.Message,), { + 'DESCRIPTOR' : _PAIR_ADDRESS_MATCH, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Pair_Address_Match) + }) +_sym_db.RegisterMessage(Pair_Address_Match) + +Token_Offset = _reflection.GeneratedProtocolMessageType('Token_Offset', (_message.Message,), { + 'DESCRIPTOR' : _TOKEN_OFFSET, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Token_Offset) + }) +_sym_db.RegisterMessage(Token_Offset) + +Integer = _reflection.GeneratedProtocolMessageType('Integer', (_message.Message,), { + 'DESCRIPTOR' : _INTEGER, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Integer) + }) +_sym_db.RegisterMessage(Integer) + +Number = _reflection.GeneratedProtocolMessageType('Number', (_message.Message,), { + 'DESCRIPTOR' : _NUMBER, + '__module__' : 'capa.render.proto.capa_pb2' + # @@protoc_insertion_point(class_scope:Number) + }) +_sym_db.RegisterMessage(Number) + + +_MATCH_CAPTURESENTRY._options = None +_RESULTDOCUMENT_RULESENTRY._options = None # @@protoc_insertion_point(module_scope) diff --git a/capa/render/proto/capa_pb2.pyi b/capa/render/proto/capa_pb2.pyi index 174b1a974..f8313f1fd 100644 --- a/capa/render/proto/capa_pb2.pyi +++ b/capa/render/proto/capa_pb2.pyi @@ -776,6 +776,7 @@ class Metadata(google.protobuf.message.Message): ARGV_FIELD_NUMBER: builtins.int SAMPLE_FIELD_NUMBER: builtins.int ANALYSIS_FIELD_NUMBER: builtins.int + FLAVOR_FIELD_NUMBER: builtins.int timestamp: builtins.str """iso8601 format, like: 2019-01-01T00:00:00Z""" version: builtins.str @@ -785,6 +786,7 @@ class Metadata(google.protobuf.message.Message): def sample(self) -> global___Sample: ... @property def analysis(self) -> global___Analysis: ... + flavor: builtins.str def __init__( self, *, @@ -793,9 +795,10 @@ class Metadata(google.protobuf.message.Message): argv: collections.abc.Iterable[builtins.str] | None = ..., sample: global___Sample | None = ..., analysis: global___Analysis | None = ..., + flavor: builtins.str = ..., ) -> None: ... def HasField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "sample", b"sample"]) -> builtins.bool: ... - def ClearField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "argv", b"argv", "sample", b"sample", "timestamp", b"timestamp", "version", b"version"]) -> None: ... + def ClearField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "argv", b"argv", "flavor", b"flavor", "sample", b"sample", "timestamp", b"timestamp", "version", b"version"]) -> None: ... global___Metadata = Metadata diff --git a/capa/render/result_document.py b/capa/render/result_document.py index 612d252ce..f2dbd5fc6 100644 --- a/capa/render/result_document.py +++ b/capa/render/result_document.py @@ -125,6 +125,7 @@ class Metadata(Model): version: str argv: Optional[Tuple[str, ...]] sample: Sample + flavor: Literal["static", "dynamic"] analysis: Analysis From 3057b5fb9d2416b77e56a874f5d17fab0faeb8d9 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 09:49:13 +0000 Subject: [PATCH 5/8] render: show analysis flavor closes #1711 --- capa/ida/helpers.py | 2 +- capa/main.py | 7 +- capa/render/default.py | 1 + capa/render/proto/__init__.py | 23 +++-- capa/render/proto/capa.proto | 8 +- capa/render/proto/capa_pb2.py | 156 ++++++++++++++++++++------------- capa/render/proto/capa_pb2.pyi | 21 ++++- capa/render/result_document.py | 8 +- capa/render/verbose.py | 3 + 9 files changed, 155 insertions(+), 74 deletions(-) diff --git a/capa/ida/helpers.py b/capa/ida/helpers.py index b85e96189..325dfd9cc 100644 --- a/capa/ida/helpers.py +++ b/capa/ida/helpers.py @@ -153,7 +153,7 @@ def collect_metadata(rules: List[Path]): sha256=sha256, path=idaapi.get_input_file_path(), ), - flavor="static", + flavor=rdoc.Flavor.STATIC, analysis=rdoc.StaticAnalysis( format=idaapi.get_file_type_name(), arch=arch, diff --git a/capa/main.py b/capa/main.py index a9361b1c5..cb0d5459f 100644 --- a/capa/main.py +++ b/capa/main.py @@ -21,7 +21,7 @@ import contextlib import collections from enum import Enum -from typing import Any, Dict, List, Tuple, Literal, Callable, Optional +from typing import Any, Dict, List, Tuple, Callable, Optional from pathlib import Path import halo @@ -1023,11 +1023,10 @@ def collect_metadata( arch = get_arch(sample_path) os_ = get_os(sample_path) if os_ == OS_AUTO else os_ - flavor: Literal["static", "dynamic"] if isinstance(extractor, StaticFeatureExtractor): - flavor = "static" + flavor = rdoc.Flavor.STATIC elif isinstance(extractor, DynamicFeatureExtractor): - flavor = "dynamic" + flavor = rdoc.Flavor.DYNAMIC else: assert_never(extractor) diff --git a/capa/render/default.py b/capa/render/default.py index 79567e4b2..1af0d27ca 100644 --- a/capa/render/default.py +++ b/capa/render/default.py @@ -33,6 +33,7 @@ def render_meta(doc: rd.ResultDocument, ostream: StringIO): (width("md5", 22), width(doc.meta.sample.md5, 82)), ("sha1", doc.meta.sample.sha1), ("sha256", doc.meta.sample.sha256), + ("analysis", doc.meta.flavor), ("os", doc.meta.analysis.os), ("format", doc.meta.analysis.format), ("arch", doc.meta.analysis.arch), diff --git a/capa/render/proto/__init__.py b/capa/render/proto/__init__.py index aea569c02..2cd9406ef 100644 --- a/capa/render/proto/__init__.py +++ b/capa/render/proto/__init__.py @@ -25,7 +25,7 @@ Alternatively, --pyi_out=. can be used to generate a Python Interface file that supports development """ import datetime -from typing import Any, Dict, Union, Literal +from typing import Any, Dict, Union import google.protobuf.json_format @@ -121,6 +121,15 @@ def scope_to_pb2(scope: capa.rules.Scope) -> capa_pb2.Scope.ValueType: assert_never(scope) +def flavor_to_pb2(flavor: rd.Flavor) -> capa_pb2.Flavor.ValueType: + if flavor == rd.Flavor.STATIC: + return capa_pb2.Flavor.FLAVOR_STATIC + elif flavor == rd.Flavor.DYNAMIC: + return capa_pb2.Flavor.FLAVOR_DYNAMIC + else: + assert_never(flavor) + + def metadata_to_pb2(meta: rd.Metadata) -> capa_pb2.Metadata: assert isinstance(meta.analysis, rd.StaticAnalysis) return capa_pb2.Metadata( @@ -128,7 +137,7 @@ def metadata_to_pb2(meta: rd.Metadata) -> capa_pb2.Metadata: version=meta.version, argv=meta.argv, sample=google.protobuf.json_format.ParseDict(meta.sample.model_dump(), capa_pb2.Sample()), - flavor=meta.flavor, + flavor=flavor_to_pb2(meta.flavor), analysis=capa_pb2.Analysis( format=meta.analysis.format, arch=meta.analysis.arch, @@ -481,9 +490,13 @@ def scope_from_pb2(scope: capa_pb2.Scope.ValueType) -> capa.rules.Scope: assert_never(scope) -def flavor_from_pb2(flavor: str) -> Literal["static", "dynamic"]: - assert flavor in ("static", "dynamic") - return flavor # type: ignore +def flavor_from_pb2(flavor: capa_pb2.Flavor.ValueType) -> rd.Flavor: + if flavor == capa_pb2.Flavor.FLAVOR_STATIC: + return rd.Flavor.STATIC + elif flavor == capa_pb2.Flavor.FLAVOR_DYNAMIC: + return rd.Flavor.DYNAMIC + else: + assert_never(flavor) def metadata_from_pb2(meta: capa_pb2.Metadata) -> rd.Metadata: diff --git a/capa/render/proto/capa.proto b/capa/render/proto/capa.proto index 7f0abe84f..22277ffad 100644 --- a/capa/render/proto/capa.proto +++ b/capa/render/proto/capa.proto @@ -192,13 +192,19 @@ message MatchFeature { optional string description = 3; } +enum Flavor { + FLAVOR_UNSPECIFIED = 0; + FLAVOR_STATIC = 1; + FLAVOR_DYNAMIC = 2; +} + message Metadata { string timestamp = 1; // iso8601 format, like: 2019-01-01T00:00:00Z string version = 2; repeated string argv = 3; Sample sample = 4; Analysis analysis = 5; - string flavor = 6; + Flavor flavor = 6; } message MnemonicFeature { diff --git a/capa/render/proto/capa_pb2.py b/capa/render/proto/capa_pb2.py index ba826a15f..c33afeea2 100644 --- a/capa/render/proto/capa_pb2.py +++ b/capa/render/proto/capa_pb2.py @@ -20,7 +20,7 @@ syntax='proto3', serialized_options=None, create_key=_descriptor._internal_create_key, - serialized_pb=b'\n\x1c\x63\x61pa/render/proto/capa.proto\"Q\n\nAPIFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03\x61pi\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"l\n\x07\x41\x64\x64ress\x12\x1a\n\x04type\x18\x01 \x01(\x0e\x32\x0c.AddressType\x12\x15\n\x01v\x18\x02 \x01(\x0b\x32\x08.IntegerH\x00\x12%\n\x0ctoken_offset\x18\x03 \x01(\x0b\x32\r.Token_OffsetH\x00\x42\x07\n\x05value\"\xe4\x01\n\x08\x41nalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x0c\x62\x61se_address\x18\x06 \x01(\x0b\x32\x08.Address\x12\x17\n\x06layout\x18\x07 \x01(\x0b\x32\x07.Layout\x12&\n\x0e\x66\x65\x61ture_counts\x18\x08 \x01(\x0b\x32\x0e.FeatureCounts\x12+\n\x11library_functions\x18\t \x03(\x0b\x32\x10.LibraryFunction\"S\n\x0b\x41rchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\nAttackSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x0e\n\x06tactic\x18\x02 \x01(\t\x12\x11\n\ttechnique\x18\x03 \x01(\t\x12\x14\n\x0csubtechnique\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"K\n\x11\x42\x61sicBlockFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"-\n\x10\x42\x61sicBlockLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\"U\n\x0c\x42ytesFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x62ytes\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"g\n\x15\x43haracteristicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x16\n\x0e\x63haracteristic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\x0c\x43lassFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x63lass_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"K\n\x11\x43ompoundStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"W\n\rExportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x65xport\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"G\n\rFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12(\n\tfunctions\x18\x02 \x03(\x0b\x32\x15.FunctionFeatureCount\"\xf7\x06\n\x0b\x46\x65\x61tureNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x02os\x18\x02 \x01(\x0b\x32\n.OSFeatureH\x00\x12\x1c\n\x04\x61rch\x18\x03 \x01(\x0b\x32\x0c.ArchFeatureH\x00\x12 \n\x06\x66ormat\x18\x04 \x01(\x0b\x32\x0e.FormatFeatureH\x00\x12\x1e\n\x05match\x18\x05 \x01(\x0b\x32\r.MatchFeatureH\x00\x12\x30\n\x0e\x63haracteristic\x18\x06 \x01(\x0b\x32\x16.CharacteristicFeatureH\x00\x12 \n\x06\x65xport\x18\x07 \x01(\x0b\x32\x0e.ExportFeatureH\x00\x12!\n\x07import_\x18\x08 \x01(\x0b\x32\x0e.ImportFeatureH\x00\x12\"\n\x07section\x18\t \x01(\x0b\x32\x0f.SectionFeatureH\x00\x12-\n\rfunction_name\x18\n \x01(\x0b\x32\x14.FunctionNameFeatureH\x00\x12&\n\tsubstring\x18\x0b \x01(\x0b\x32\x11.SubstringFeatureH\x00\x12\x1e\n\x05regex\x18\x0c \x01(\x0b\x32\r.RegexFeatureH\x00\x12 \n\x06string\x18\r \x01(\x0b\x32\x0e.StringFeatureH\x00\x12\x1f\n\x06\x63lass_\x18\x0e \x01(\x0b\x32\r.ClassFeatureH\x00\x12&\n\tnamespace\x18\x0f \x01(\x0b\x32\x11.NamespaceFeatureH\x00\x12\x1a\n\x03\x61pi\x18\x10 \x01(\x0b\x32\x0b.APIFeatureH\x00\x12%\n\tproperty_\x18\x11 \x01(\x0b\x32\x10.PropertyFeatureH\x00\x12 \n\x06number\x18\x12 \x01(\x0b\x32\x0e.NumberFeatureH\x00\x12\x1e\n\x05\x62ytes\x18\x13 \x01(\x0b\x32\r.BytesFeatureH\x00\x12 \n\x06offset\x18\x14 \x01(\x0b\x32\x0e.OffsetFeatureH\x00\x12$\n\x08mnemonic\x18\x15 \x01(\x0b\x32\x10.MnemonicFeatureH\x00\x12/\n\x0eoperand_number\x18\x16 \x01(\x0b\x32\x15.OperandNumberFeatureH\x00\x12/\n\x0eoperand_offset\x18\x17 \x01(\x0b\x32\x15.OperandOffsetFeatureH\x00\x12)\n\x0b\x62\x61sic_block\x18\x18 \x01(\x0b\x32\x12.BasicBlockFeatureH\x00\x42\t\n\x07\x66\x65\x61ture\"W\n\rFormatFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x66ormat\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"@\n\x14\x46unctionFeatureCount\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"\\\n\x0e\x46unctionLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12/\n\x14matched_basic_blocks\x18\x02 \x03(\x0b\x32\x11.BasicBlockLayout\"d\n\x13\x46unctionNameFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\rfunction_name\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"X\n\rImportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07import_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\",\n\x06Layout\x12\"\n\tfunctions\x18\x01 \x03(\x0b\x32\x0f.FunctionLayout\":\n\x0fLibraryFunction\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x0c\n\x04name\x18\x02 \x01(\t\"Y\n\x07MBCSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x11\n\tobjective\x18\x02 \x01(\t\x12\x10\n\x08\x62\x65havior\x18\x03 \x01(\t\x12\x0e\n\x06method\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"\x9a\x01\n\x0cMaecMetadata\x12\x1b\n\x13\x61nalysis_conclusion\x18\x01 \x01(\t\x12\x1e\n\x16\x61nalysis_conclusion_ov\x18\x02 \x01(\t\x12\x16\n\x0emalware_family\x18\x03 \x01(\t\x12\x18\n\x10malware_category\x18\x04 \x01(\t\x12\x1b\n\x13malware_category_ov\x18\x05 \x01(\t\"\x82\x02\n\x05Match\x12\x0f\n\x07success\x18\x01 \x01(\x08\x12#\n\tstatement\x18\x02 \x01(\x0b\x32\x0e.StatementNodeH\x00\x12\x1f\n\x07\x66\x65\x61ture\x18\x03 \x01(\x0b\x32\x0c.FeatureNodeH\x00\x12\x18\n\x08\x63hildren\x18\x05 \x03(\x0b\x32\x06.Match\x12\x1b\n\tlocations\x18\x06 \x03(\x0b\x32\x08.Address\x12&\n\x08\x63\x61ptures\x18\x07 \x03(\x0b\x32\x14.Match.CapturesEntry\x1a;\n\rCapturesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x19\n\x05value\x18\x02 \x01(\x0b\x32\n.Addresses:\x02\x38\x01\x42\x06\n\x04node\"U\n\x0cMatchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05match\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x82\x01\n\x08Metadata\x12\x11\n\ttimestamp\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04\x61rgv\x18\x03 \x03(\t\x12\x17\n\x06sample\x18\x04 \x01(\x0b\x32\x07.Sample\x12\x1b\n\x08\x61nalysis\x18\x05 \x01(\x0b\x32\t.Analysis\x12\x0e\n\x06\x66lavor\x18\x06 \x01(\t\"[\n\x0fMnemonicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x10\n\x08mnemonic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10NamespaceFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\rNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x17\n\x06number\x18\x02 \x01(\x0b\x32\x07.Number\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"O\n\tOSFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\n\n\x02os\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"a\n\rOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x06offset\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_number\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_offset\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"|\n\x0fPropertyFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tproperty_\x18\x02 \x01(\t\x12\x13\n\x06\x61\x63\x63\x65ss\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x42\t\n\x07_accessB\x0e\n\x0c_description\"\x7f\n\x0eRangeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03min\x18\x02 \x01(\x04\x12\x0b\n\x03max\x18\x03 \x01(\x04\x12\x1b\n\x05\x63hild\x18\x04 \x01(\x0b\x32\x0c.FeatureNode\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"U\n\x0cRegexFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05regex\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x90\x01\n\x0eResultDocument\x12\x17\n\x04meta\x18\x01 \x01(\x0b\x32\t.Metadata\x12)\n\x05rules\x18\x02 \x03(\x0b\x32\x1a.ResultDocument.RulesEntry\x1a:\n\nRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x1b\n\x05value\x18\x02 \x01(\x0b\x32\x0c.RuleMatches:\x02\x38\x01\"`\n\x0bRuleMatches\x12\x1b\n\x04meta\x18\x01 \x01(\x0b\x32\r.RuleMetadata\x12\x0e\n\x06source\x18\x02 \x01(\t\x12$\n\x07matches\x18\x03 \x03(\x0b\x32\x13.Pair_Address_Match\"\x8a\x02\n\x0cRuleMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x0f\n\x07\x61uthors\x18\x03 \x03(\t\x12\x15\n\x05scope\x18\x04 \x01(\x0e\x32\x06.Scope\x12\x1b\n\x06\x61ttack\x18\x05 \x03(\x0b\x32\x0b.AttackSpec\x12\x15\n\x03mbc\x18\x06 \x03(\x0b\x32\x08.MBCSpec\x12\x12\n\nreferences\x18\x07 \x03(\t\x12\x10\n\x08\x65xamples\x18\x08 \x03(\t\x12\x13\n\x0b\x64\x65scription\x18\t \x01(\t\x12\x0b\n\x03lib\x18\n \x01(\x08\x12\x1b\n\x04maec\x18\x0b \x01(\x0b\x32\r.MaecMetadata\x12\x18\n\x10is_subscope_rule\x18\x0c \x01(\x08\"A\n\x06Sample\x12\x0b\n\x03md5\x18\x01 \x01(\t\x12\x0c\n\x04sha1\x18\x02 \x01(\t\x12\x0e\n\x06sha256\x18\x03 \x01(\t\x12\x0c\n\x04path\x18\x04 \x01(\t\"Y\n\x0eSectionFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07section\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\rSomeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\r\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xbc\x01\n\rStatementNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12 \n\x05range\x18\x02 \x01(\x0b\x32\x0f.RangeStatementH\x00\x12\x1e\n\x04some\x18\x03 \x01(\x0b\x32\x0e.SomeStatementH\x00\x12&\n\x08subscope\x18\x04 \x01(\x0b\x32\x12.SubscopeStatementH\x00\x12&\n\x08\x63ompound\x18\x05 \x01(\x0b\x32\x12.CompoundStatementH\x00\x42\x0b\n\tstatement\"W\n\rStringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06string\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"b\n\x11SubscopeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\x05scope\x18\x02 \x01(\x0e\x32\x06.Scope\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10SubstringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tsubstring\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"&\n\tAddresses\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x03(\x0b\x32\x08.Address\"F\n\x12Pair_Address_Match\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x15\n\x05match\x18\x02 \x01(\x0b\x32\x06.Match\"7\n\x0cToken_Offset\x12\x17\n\x05token\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x0e\n\x06offset\x18\x02 \x01(\x04\",\n\x07Integer\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x42\x07\n\x05value\"8\n\x06Number\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x12\x0b\n\x01\x66\x18\x03 \x01(\x01H\x00\x42\x07\n\x05value*\xcb\x01\n\x0b\x41\x64\x64ressType\x12\x1b\n\x17\x41\x44\x44RESSTYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14\x41\x44\x44RESSTYPE_ABSOLUTE\x10\x01\x12\x18\n\x14\x41\x44\x44RESSTYPE_RELATIVE\x10\x02\x12\x14\n\x10\x41\x44\x44RESSTYPE_FILE\x10\x03\x12\x18\n\x14\x41\x44\x44RESSTYPE_DN_TOKEN\x10\x04\x12\x1f\n\x1b\x41\x44\x44RESSTYPE_DN_TOKEN_OFFSET\x10\x05\x12\x1a\n\x16\x41\x44\x44RESSTYPE_NO_ADDRESS\x10\x06*p\n\x05Scope\x12\x15\n\x11SCOPE_UNSPECIFIED\x10\x00\x12\x0e\n\nSCOPE_FILE\x10\x01\x12\x12\n\x0eSCOPE_FUNCTION\x10\x02\x12\x15\n\x11SCOPE_BASIC_BLOCK\x10\x03\x12\x15\n\x11SCOPE_INSTRUCTION\x10\x04\x62\x06proto3' + serialized_pb=b'\n\x1c\x63\x61pa/render/proto/capa.proto\"Q\n\nAPIFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03\x61pi\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"l\n\x07\x41\x64\x64ress\x12\x1a\n\x04type\x18\x01 \x01(\x0e\x32\x0c.AddressType\x12\x15\n\x01v\x18\x02 \x01(\x0b\x32\x08.IntegerH\x00\x12%\n\x0ctoken_offset\x18\x03 \x01(\x0b\x32\r.Token_OffsetH\x00\x42\x07\n\x05value\"\xe4\x01\n\x08\x41nalysis\x12\x0e\n\x06\x66ormat\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\n\n\x02os\x18\x03 \x01(\t\x12\x11\n\textractor\x18\x04 \x01(\t\x12\r\n\x05rules\x18\x05 \x03(\t\x12\x1e\n\x0c\x62\x61se_address\x18\x06 \x01(\x0b\x32\x08.Address\x12\x17\n\x06layout\x18\x07 \x01(\x0b\x32\x07.Layout\x12&\n\x0e\x66\x65\x61ture_counts\x18\x08 \x01(\x0b\x32\x0e.FeatureCounts\x12+\n\x11library_functions\x18\t \x03(\x0b\x32\x10.LibraryFunction\"S\n\x0b\x41rchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\nAttackSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x0e\n\x06tactic\x18\x02 \x01(\t\x12\x11\n\ttechnique\x18\x03 \x01(\t\x12\x14\n\x0csubtechnique\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"K\n\x11\x42\x61sicBlockFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"-\n\x10\x42\x61sicBlockLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\"U\n\x0c\x42ytesFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x62ytes\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"g\n\x15\x43haracteristicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x16\n\x0e\x63haracteristic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\x0c\x43lassFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x63lass_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"K\n\x11\x43ompoundStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x02 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"W\n\rExportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x65xport\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"G\n\rFeatureCounts\x12\x0c\n\x04\x66ile\x18\x01 \x01(\x04\x12(\n\tfunctions\x18\x02 \x03(\x0b\x32\x15.FunctionFeatureCount\"\xf7\x06\n\x0b\x46\x65\x61tureNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x02os\x18\x02 \x01(\x0b\x32\n.OSFeatureH\x00\x12\x1c\n\x04\x61rch\x18\x03 \x01(\x0b\x32\x0c.ArchFeatureH\x00\x12 \n\x06\x66ormat\x18\x04 \x01(\x0b\x32\x0e.FormatFeatureH\x00\x12\x1e\n\x05match\x18\x05 \x01(\x0b\x32\r.MatchFeatureH\x00\x12\x30\n\x0e\x63haracteristic\x18\x06 \x01(\x0b\x32\x16.CharacteristicFeatureH\x00\x12 \n\x06\x65xport\x18\x07 \x01(\x0b\x32\x0e.ExportFeatureH\x00\x12!\n\x07import_\x18\x08 \x01(\x0b\x32\x0e.ImportFeatureH\x00\x12\"\n\x07section\x18\t \x01(\x0b\x32\x0f.SectionFeatureH\x00\x12-\n\rfunction_name\x18\n \x01(\x0b\x32\x14.FunctionNameFeatureH\x00\x12&\n\tsubstring\x18\x0b \x01(\x0b\x32\x11.SubstringFeatureH\x00\x12\x1e\n\x05regex\x18\x0c \x01(\x0b\x32\r.RegexFeatureH\x00\x12 \n\x06string\x18\r \x01(\x0b\x32\x0e.StringFeatureH\x00\x12\x1f\n\x06\x63lass_\x18\x0e \x01(\x0b\x32\r.ClassFeatureH\x00\x12&\n\tnamespace\x18\x0f \x01(\x0b\x32\x11.NamespaceFeatureH\x00\x12\x1a\n\x03\x61pi\x18\x10 \x01(\x0b\x32\x0b.APIFeatureH\x00\x12%\n\tproperty_\x18\x11 \x01(\x0b\x32\x10.PropertyFeatureH\x00\x12 \n\x06number\x18\x12 \x01(\x0b\x32\x0e.NumberFeatureH\x00\x12\x1e\n\x05\x62ytes\x18\x13 \x01(\x0b\x32\r.BytesFeatureH\x00\x12 \n\x06offset\x18\x14 \x01(\x0b\x32\x0e.OffsetFeatureH\x00\x12$\n\x08mnemonic\x18\x15 \x01(\x0b\x32\x10.MnemonicFeatureH\x00\x12/\n\x0eoperand_number\x18\x16 \x01(\x0b\x32\x15.OperandNumberFeatureH\x00\x12/\n\x0eoperand_offset\x18\x17 \x01(\x0b\x32\x15.OperandOffsetFeatureH\x00\x12)\n\x0b\x62\x61sic_block\x18\x18 \x01(\x0b\x32\x12.BasicBlockFeatureH\x00\x42\t\n\x07\x66\x65\x61ture\"W\n\rFormatFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06\x66ormat\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"@\n\x14\x46unctionFeatureCount\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"\\\n\x0e\x46unctionLayout\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12/\n\x14matched_basic_blocks\x18\x02 \x03(\x0b\x32\x11.BasicBlockLayout\"d\n\x13\x46unctionNameFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\rfunction_name\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"X\n\rImportFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07import_\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\",\n\x06Layout\x12\"\n\tfunctions\x18\x01 \x03(\x0b\x32\x0f.FunctionLayout\":\n\x0fLibraryFunction\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x0c\n\x04name\x18\x02 \x01(\t\"Y\n\x07MBCSpec\x12\r\n\x05parts\x18\x01 \x03(\t\x12\x11\n\tobjective\x18\x02 \x01(\t\x12\x10\n\x08\x62\x65havior\x18\x03 \x01(\t\x12\x0e\n\x06method\x18\x04 \x01(\t\x12\n\n\x02id\x18\x05 \x01(\t\"\x9a\x01\n\x0cMaecMetadata\x12\x1b\n\x13\x61nalysis_conclusion\x18\x01 \x01(\t\x12\x1e\n\x16\x61nalysis_conclusion_ov\x18\x02 \x01(\t\x12\x16\n\x0emalware_family\x18\x03 \x01(\t\x12\x18\n\x10malware_category\x18\x04 \x01(\t\x12\x1b\n\x13malware_category_ov\x18\x05 \x01(\t\"\x82\x02\n\x05Match\x12\x0f\n\x07success\x18\x01 \x01(\x08\x12#\n\tstatement\x18\x02 \x01(\x0b\x32\x0e.StatementNodeH\x00\x12\x1f\n\x07\x66\x65\x61ture\x18\x03 \x01(\x0b\x32\x0c.FeatureNodeH\x00\x12\x18\n\x08\x63hildren\x18\x05 \x03(\x0b\x32\x06.Match\x12\x1b\n\tlocations\x18\x06 \x03(\x0b\x32\x08.Address\x12&\n\x08\x63\x61ptures\x18\x07 \x03(\x0b\x32\x14.Match.CapturesEntry\x1a;\n\rCapturesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x19\n\x05value\x18\x02 \x01(\x0b\x32\n.Addresses:\x02\x38\x01\x42\x06\n\x04node\"U\n\x0cMatchFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05match\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x8b\x01\n\x08Metadata\x12\x11\n\ttimestamp\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04\x61rgv\x18\x03 \x03(\t\x12\x17\n\x06sample\x18\x04 \x01(\x0b\x32\x07.Sample\x12\x1b\n\x08\x61nalysis\x18\x05 \x01(\x0b\x32\t.Analysis\x12\x17\n\x06\x66lavor\x18\x06 \x01(\x0e\x32\x07.Flavor\"[\n\x0fMnemonicFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x10\n\x08mnemonic\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10NamespaceFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"`\n\rNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x17\n\x06number\x18\x02 \x01(\x0b\x32\x07.Number\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"O\n\tOSFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\n\n\x02os\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"a\n\rOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x18\n\x06offset\x18\x02 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandNumberFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_number\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x7f\n\x14OperandOffsetFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12 \n\x0eoperand_offset\x18\x03 \x01(\x0b\x32\x08.Integer\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"|\n\x0fPropertyFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tproperty_\x18\x02 \x01(\t\x12\x13\n\x06\x61\x63\x63\x65ss\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x42\t\n\x07_accessB\x0e\n\x0c_description\"\x7f\n\x0eRangeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0b\n\x03min\x18\x02 \x01(\x04\x12\x0b\n\x03max\x18\x03 \x01(\x04\x12\x1b\n\x05\x63hild\x18\x04 \x01(\x0b\x32\x0c.FeatureNode\x12\x18\n\x0b\x64\x65scription\x18\x05 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"U\n\x0cRegexFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05regex\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\x90\x01\n\x0eResultDocument\x12\x17\n\x04meta\x18\x01 \x01(\x0b\x32\t.Metadata\x12)\n\x05rules\x18\x02 \x03(\x0b\x32\x1a.ResultDocument.RulesEntry\x1a:\n\nRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x1b\n\x05value\x18\x02 \x01(\x0b\x32\x0c.RuleMatches:\x02\x38\x01\"`\n\x0bRuleMatches\x12\x1b\n\x04meta\x18\x01 \x01(\x0b\x32\r.RuleMetadata\x12\x0e\n\x06source\x18\x02 \x01(\t\x12$\n\x07matches\x18\x03 \x03(\x0b\x32\x13.Pair_Address_Match\"\x8a\x02\n\x0cRuleMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x11\n\tnamespace\x18\x02 \x01(\t\x12\x0f\n\x07\x61uthors\x18\x03 \x03(\t\x12\x15\n\x05scope\x18\x04 \x01(\x0e\x32\x06.Scope\x12\x1b\n\x06\x61ttack\x18\x05 \x03(\x0b\x32\x0b.AttackSpec\x12\x15\n\x03mbc\x18\x06 \x03(\x0b\x32\x08.MBCSpec\x12\x12\n\nreferences\x18\x07 \x03(\t\x12\x10\n\x08\x65xamples\x18\x08 \x03(\t\x12\x13\n\x0b\x64\x65scription\x18\t \x01(\t\x12\x0b\n\x03lib\x18\n \x01(\x08\x12\x1b\n\x04maec\x18\x0b \x01(\x0b\x32\r.MaecMetadata\x12\x18\n\x10is_subscope_rule\x18\x0c \x01(\x08\"A\n\x06Sample\x12\x0b\n\x03md5\x18\x01 \x01(\t\x12\x0c\n\x04sha1\x18\x02 \x01(\t\x12\x0e\n\x06sha256\x18\x03 \x01(\t\x12\x0c\n\x04path\x18\x04 \x01(\t\"Y\n\x0eSectionFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07section\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"V\n\rSomeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\r\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"\xbc\x01\n\rStatementNode\x12\x0c\n\x04type\x18\x01 \x01(\t\x12 \n\x05range\x18\x02 \x01(\x0b\x32\x0f.RangeStatementH\x00\x12\x1e\n\x04some\x18\x03 \x01(\x0b\x32\x0e.SomeStatementH\x00\x12&\n\x08subscope\x18\x04 \x01(\x0b\x32\x12.SubscopeStatementH\x00\x12&\n\x08\x63ompound\x18\x05 \x01(\x0b\x32\x12.CompoundStatementH\x00\x42\x0b\n\tstatement\"W\n\rStringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0e\n\x06string\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"b\n\x11SubscopeStatement\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x15\n\x05scope\x18\x02 \x01(\x0e\x32\x06.Scope\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"]\n\x10SubstringFeature\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tsubstring\x18\x02 \x01(\t\x12\x18\n\x0b\x64\x65scription\x18\x03 \x01(\tH\x00\x88\x01\x01\x42\x0e\n\x0c_description\"&\n\tAddresses\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x03(\x0b\x32\x08.Address\"F\n\x12Pair_Address_Match\x12\x19\n\x07\x61\x64\x64ress\x18\x01 \x01(\x0b\x32\x08.Address\x12\x15\n\x05match\x18\x02 \x01(\x0b\x32\x06.Match\"7\n\x0cToken_Offset\x12\x17\n\x05token\x18\x01 \x01(\x0b\x32\x08.Integer\x12\x0e\n\x06offset\x18\x02 \x01(\x04\",\n\x07Integer\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x42\x07\n\x05value\"8\n\x06Number\x12\x0b\n\x01u\x18\x01 \x01(\x04H\x00\x12\x0b\n\x01i\x18\x02 \x01(\x12H\x00\x12\x0b\n\x01\x66\x18\x03 \x01(\x01H\x00\x42\x07\n\x05value*\xcb\x01\n\x0b\x41\x64\x64ressType\x12\x1b\n\x17\x41\x44\x44RESSTYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14\x41\x44\x44RESSTYPE_ABSOLUTE\x10\x01\x12\x18\n\x14\x41\x44\x44RESSTYPE_RELATIVE\x10\x02\x12\x14\n\x10\x41\x44\x44RESSTYPE_FILE\x10\x03\x12\x18\n\x14\x41\x44\x44RESSTYPE_DN_TOKEN\x10\x04\x12\x1f\n\x1b\x41\x44\x44RESSTYPE_DN_TOKEN_OFFSET\x10\x05\x12\x1a\n\x16\x41\x44\x44RESSTYPE_NO_ADDRESS\x10\x06*G\n\x06\x46lavor\x12\x16\n\x12\x46LAVOR_UNSPECIFIED\x10\x00\x12\x11\n\rFLAVOR_STATIC\x10\x01\x12\x12\n\x0e\x46LAVOR_DYNAMIC\x10\x02*p\n\x05Scope\x12\x15\n\x11SCOPE_UNSPECIFIED\x10\x00\x12\x0e\n\nSCOPE_FILE\x10\x01\x12\x12\n\x0eSCOPE_FUNCTION\x10\x02\x12\x15\n\x11SCOPE_BASIC_BLOCK\x10\x03\x12\x15\n\x11SCOPE_INSTRUCTION\x10\x04\x62\x06proto3' ) _ADDRESSTYPE = _descriptor.EnumDescriptor( @@ -68,12 +68,43 @@ ], containing_type=None, serialized_options=None, - serialized_start=6023, - serialized_end=6226, + serialized_start=6032, + serialized_end=6235, ) _sym_db.RegisterEnumDescriptor(_ADDRESSTYPE) AddressType = enum_type_wrapper.EnumTypeWrapper(_ADDRESSTYPE) +_FLAVOR = _descriptor.EnumDescriptor( + name='Flavor', + full_name='Flavor', + filename=None, + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + values=[ + _descriptor.EnumValueDescriptor( + name='FLAVOR_UNSPECIFIED', index=0, number=0, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='FLAVOR_STATIC', index=1, number=1, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + _descriptor.EnumValueDescriptor( + name='FLAVOR_DYNAMIC', index=2, number=2, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key), + ], + containing_type=None, + serialized_options=None, + serialized_start=6237, + serialized_end=6308, +) +_sym_db.RegisterEnumDescriptor(_FLAVOR) + +Flavor = enum_type_wrapper.EnumTypeWrapper(_FLAVOR) _SCOPE = _descriptor.EnumDescriptor( name='Scope', full_name='Scope', @@ -109,8 +140,8 @@ ], containing_type=None, serialized_options=None, - serialized_start=6228, - serialized_end=6340, + serialized_start=6310, + serialized_end=6422, ) _sym_db.RegisterEnumDescriptor(_SCOPE) @@ -122,6 +153,9 @@ ADDRESSTYPE_DN_TOKEN = 4 ADDRESSTYPE_DN_TOKEN_OFFSET = 5 ADDRESSTYPE_NO_ADDRESS = 6 +FLAVOR_UNSPECIFIED = 0 +FLAVOR_STATIC = 1 +FLAVOR_DYNAMIC = 2 SCOPE_UNSPECIFIED = 0 SCOPE_FILE = 1 SCOPE_FUNCTION = 2 @@ -1620,8 +1654,8 @@ serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='flavor', full_name='Metadata.flavor', index=5, - number=6, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=b"".decode('utf-8'), + number=6, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), @@ -1638,7 +1672,7 @@ oneofs=[ ], serialized_start=3316, - serialized_end=3446, + serialized_end=3455, ) @@ -1688,8 +1722,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=3448, - serialized_end=3539, + serialized_start=3457, + serialized_end=3548, ) @@ -1739,8 +1773,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=3541, - serialized_end=3634, + serialized_start=3550, + serialized_end=3643, ) @@ -1790,8 +1824,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=3636, - serialized_end=3732, + serialized_start=3645, + serialized_end=3741, ) @@ -1841,8 +1875,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=3734, - serialized_end=3813, + serialized_start=3743, + serialized_end=3822, ) @@ -1892,8 +1926,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=3815, - serialized_end=3912, + serialized_start=3824, + serialized_end=3921, ) @@ -1950,8 +1984,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=3914, - serialized_end=4041, + serialized_start=3923, + serialized_end=4050, ) @@ -2008,8 +2042,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=4043, - serialized_end=4170, + serialized_start=4052, + serialized_end=4179, ) @@ -2071,8 +2105,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=4172, - serialized_end=4296, + serialized_start=4181, + serialized_end=4305, ) @@ -2136,8 +2170,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=4298, - serialized_end=4425, + serialized_start=4307, + serialized_end=4434, ) @@ -2187,8 +2221,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=4427, - serialized_end=4512, + serialized_start=4436, + serialized_end=4521, ) @@ -2226,8 +2260,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4601, - serialized_end=4659, + serialized_start=4610, + serialized_end=4668, ) _RESULTDOCUMENT = _descriptor.Descriptor( @@ -2264,8 +2298,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4515, - serialized_end=4659, + serialized_start=4524, + serialized_end=4668, ) @@ -2310,8 +2344,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4661, - serialized_end=4757, + serialized_start=4670, + serialized_end=4766, ) @@ -2419,8 +2453,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4760, - serialized_end=5026, + serialized_start=4769, + serialized_end=5035, ) @@ -2472,8 +2506,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=5028, - serialized_end=5093, + serialized_start=5037, + serialized_end=5102, ) @@ -2523,8 +2557,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5095, - serialized_end=5184, + serialized_start=5104, + serialized_end=5193, ) @@ -2574,8 +2608,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5186, - serialized_end=5272, + serialized_start=5195, + serialized_end=5281, ) @@ -2639,8 +2673,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5275, - serialized_end=5463, + serialized_start=5284, + serialized_end=5472, ) @@ -2690,8 +2724,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5465, - serialized_end=5552, + serialized_start=5474, + serialized_end=5561, ) @@ -2741,8 +2775,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5554, - serialized_end=5652, + serialized_start=5563, + serialized_end=5661, ) @@ -2792,8 +2826,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5654, - serialized_end=5747, + serialized_start=5663, + serialized_end=5756, ) @@ -2824,8 +2858,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=5749, - serialized_end=5787, + serialized_start=5758, + serialized_end=5796, ) @@ -2863,8 +2897,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=5789, - serialized_end=5859, + serialized_start=5798, + serialized_end=5868, ) @@ -2902,8 +2936,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=5861, - serialized_end=5916, + serialized_start=5870, + serialized_end=5925, ) @@ -2946,8 +2980,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5918, - serialized_end=5962, + serialized_start=5927, + serialized_end=5971, ) @@ -2997,8 +3031,8 @@ create_key=_descriptor._internal_create_key, fields=[]), ], - serialized_start=5964, - serialized_end=6020, + serialized_start=5973, + serialized_end=6029, ) _APIFEATURE.oneofs_by_name['_description'].fields.append( @@ -3164,6 +3198,7 @@ _MATCHFEATURE.fields_by_name['description'].containing_oneof = _MATCHFEATURE.oneofs_by_name['_description'] _METADATA.fields_by_name['sample'].message_type = _SAMPLE _METADATA.fields_by_name['analysis'].message_type = _ANALYSIS +_METADATA.fields_by_name['flavor'].enum_type = _FLAVOR _MNEMONICFEATURE.oneofs_by_name['_description'].fields.append( _MNEMONICFEATURE.fields_by_name['description']) _MNEMONICFEATURE.fields_by_name['description'].containing_oneof = _MNEMONICFEATURE.oneofs_by_name['_description'] @@ -3315,6 +3350,7 @@ DESCRIPTOR.message_types_by_name['Integer'] = _INTEGER DESCRIPTOR.message_types_by_name['Number'] = _NUMBER DESCRIPTOR.enum_types_by_name['AddressType'] = _ADDRESSTYPE +DESCRIPTOR.enum_types_by_name['Flavor'] = _FLAVOR DESCRIPTOR.enum_types_by_name['Scope'] = _SCOPE _sym_db.RegisterFileDescriptor(DESCRIPTOR) diff --git a/capa/render/proto/capa_pb2.pyi b/capa/render/proto/capa_pb2.pyi index f8313f1fd..d00e8fdb5 100644 --- a/capa/render/proto/capa_pb2.pyi +++ b/capa/render/proto/capa_pb2.pyi @@ -43,6 +43,23 @@ ADDRESSTYPE_DN_TOKEN_OFFSET: AddressType.ValueType # 5 ADDRESSTYPE_NO_ADDRESS: AddressType.ValueType # 6 global___AddressType = AddressType +class _Flavor: + ValueType = typing.NewType("ValueType", builtins.int) + V: typing_extensions.TypeAlias = ValueType + +class _FlavorEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[_Flavor.ValueType], builtins.type): + DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor + FLAVOR_UNSPECIFIED: _Flavor.ValueType # 0 + FLAVOR_STATIC: _Flavor.ValueType # 1 + FLAVOR_DYNAMIC: _Flavor.ValueType # 2 + +class Flavor(_Flavor, metaclass=_FlavorEnumTypeWrapper): ... + +FLAVOR_UNSPECIFIED: Flavor.ValueType # 0 +FLAVOR_STATIC: Flavor.ValueType # 1 +FLAVOR_DYNAMIC: Flavor.ValueType # 2 +global___Flavor = Flavor + class _Scope: ValueType = typing.NewType("ValueType", builtins.int) V: typing_extensions.TypeAlias = ValueType @@ -786,7 +803,7 @@ class Metadata(google.protobuf.message.Message): def sample(self) -> global___Sample: ... @property def analysis(self) -> global___Analysis: ... - flavor: builtins.str + flavor: global___Flavor.ValueType def __init__( self, *, @@ -795,7 +812,7 @@ class Metadata(google.protobuf.message.Message): argv: collections.abc.Iterable[builtins.str] | None = ..., sample: global___Sample | None = ..., analysis: global___Analysis | None = ..., - flavor: builtins.str = ..., + flavor: global___Flavor.ValueType = ..., ) -> None: ... def HasField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "sample", b"sample"]) -> builtins.bool: ... def ClearField(self, field_name: typing_extensions.Literal["analysis", b"analysis", "argv", b"argv", "flavor", b"flavor", "sample", b"sample", "timestamp", b"timestamp", "version", b"version"]) -> None: ... diff --git a/capa/render/result_document.py b/capa/render/result_document.py index f2dbd5fc6..57f0c8b64 100644 --- a/capa/render/result_document.py +++ b/capa/render/result_document.py @@ -7,6 +7,7 @@ # See the License for the specific language governing permissions and limitations under the License. import datetime import collections +from enum import Enum from typing import Dict, List, Tuple, Union, Literal, Optional from pydantic import Field, BaseModel, ConfigDict @@ -120,12 +121,17 @@ class DynamicAnalysis(Model): Analysis: TypeAlias = Union[StaticAnalysis, DynamicAnalysis] +class Flavor(str, Enum): + STATIC = "static" + DYNAMIC = "dynamic" + + class Metadata(Model): timestamp: datetime.datetime version: str argv: Optional[Tuple[str, ...]] sample: Sample - flavor: Literal["static", "dynamic"] + flavor: Flavor analysis: Analysis diff --git a/capa/render/verbose.py b/capa/render/verbose.py index 77392cf92..843814bd6 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -92,6 +92,7 @@ def render_static_meta(ostream, doc: rd.ResultDocument): os windows format pe arch amd64 + analysis static extractor VivisectFeatureExtractor base address 0x10000000 rules (embedded rules) @@ -110,6 +111,7 @@ def render_static_meta(ostream, doc: rd.ResultDocument): ("os", doc.meta.analysis.os), ("format", doc.meta.analysis.format), ("arch", doc.meta.analysis.arch), + ("analysis", doc.meta.flavor), ("extractor", doc.meta.analysis.extractor), ("base address", format_address(doc.meta.analysis.base_address)), ("rules", "\n".join(doc.meta.analysis.rules)), @@ -154,6 +156,7 @@ def render_dynamic_meta(ostream, doc: rd.ResultDocument): ("os", doc.meta.analysis.os), ("format", doc.meta.analysis.format), ("arch", doc.meta.analysis.arch), + ("analysis", doc.meta.flavor), ("extractor", doc.meta.analysis.extractor), ("rules", "\n".join(doc.meta.analysis.rules)), ("process count", len(doc.meta.analysis.feature_counts.processes)), From e100a63cc8836e93246e8a2da92183229051fd69 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 10:34:41 +0000 Subject: [PATCH 6/8] rules: use set instead of tuple, add doc since the primary operation is `contain()`, set is more appropriate than tuple. --- capa/rules/__init__.py | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/capa/rules/__init__.py b/capa/rules/__init__.py index ac3c86c4c..610010006 100644 --- a/capa/rules/__init__.py +++ b/capa/rules/__init__.py @@ -97,25 +97,27 @@ class Scope(str, Enum): # these literals are used to check if the flavor # of a rule is correct. -STATIC_SCOPES = ( +STATIC_SCOPES = { FILE_SCOPE, GLOBAL_SCOPE, FUNCTION_SCOPE, BASIC_BLOCK_SCOPE, INSTRUCTION_SCOPE, -) -DYNAMIC_SCOPES = ( +} +DYNAMIC_SCOPES = { FILE_SCOPE, GLOBAL_SCOPE, PROCESS_SCOPE, THREAD_SCOPE, CALL_SCOPE, -) +} @dataclass class Scopes: + # when None, the scope is not supported by a rule static: Optional[str] = None + # when None, the scope is not supported by a rule dynamic: Optional[str] = None def __contains__(self, scope: Union[Scope, str]) -> bool: @@ -148,15 +150,10 @@ def from_dict(self, scopes: dict) -> "Scopes": raise InvalidRule("invalid scopes value. At least one scope must be specified") # check that all the specified scopes are valid - if scopes["static"] not in ( - *STATIC_SCOPES, - None, - ): + if scopes["static"] and scopes["static"] not in STATIC_SCOPES: raise InvalidRule(f"{scopes['static']} is not a valid static scope") - if scopes["dynamic"] not in ( - *DYNAMIC_SCOPES, - None, - ): + + if scopes["dynamic"] and scopes["dynamic"] not in DYNAMIC_SCOPES: raise InvalidRule(f"{scopes['dynamic']} is not a valid dynamic scope") return Scopes(static=scopes["static"], dynamic=scopes["dynamic"]) From 3c069a67844a9969b922ae2473533aae0a658147 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 10:35:40 +0000 Subject: [PATCH 7/8] rules: don't change passed-in argument make a local copy of the scopes dict --- capa/rules/__init__.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capa/rules/__init__.py b/capa/rules/__init__.py index 610010006..3e446449f 100644 --- a/capa/rules/__init__.py +++ b/capa/rules/__init__.py @@ -137,6 +137,10 @@ def __repr__(self) -> str: @classmethod def from_dict(self, scopes: dict) -> "Scopes": assert isinstance(scopes, dict) + + # make local copy so we don't make changes outside of this routine + scopes = dict(scopes) + # mark non-specified scopes as invalid if "static" not in scopes: scopes["static"] = None From 8202e9e921b0504a50ff358131840374e82a400c Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 10:36:59 +0000 Subject: [PATCH 8/8] main: don't use analysis flavor to filter rules im worried this will interact poorly with our rule cache, unless we add more handling there, which needs more testing. so, since the filtering likely has only a small impact on performance, revert the rule filtering changes for simplicity. --- capa/main.py | 32 ++------------------------------ capa/rules/__init__.py | 6 ------ tests/test_rules.py | 4 ++-- 3 files changed, 4 insertions(+), 38 deletions(-) diff --git a/capa/main.py b/capa/main.py index cb0d5459f..ccabdc155 100644 --- a/capa/main.py +++ b/capa/main.py @@ -20,7 +20,6 @@ import itertools import contextlib import collections -from enum import Enum from typing import Any, Dict, List, Tuple, Callable, Optional from pathlib import Path @@ -80,8 +79,6 @@ FORMAT_DOTNET, FORMAT_FREEZE, FORMAT_RESULT, - STATIC_FORMATS, - DYNAMIC_FORMATS, ) from capa.features.address import NO_ADDRESS, Address from capa.features.extractors.base_extractor import ( @@ -118,15 +115,6 @@ logger = logging.getLogger("capa") -class ExecutionContext(str, Enum): - STATIC = "static" - DYNAMIC = "dynamic" - - -STATIC_CONTEXT = ExecutionContext.STATIC -DYNAMIC_CONTEXT = ExecutionContext.DYNAMIC - - @contextlib.contextmanager def timing(msg: str): t0 = time.time() @@ -890,7 +878,6 @@ def get_rules( rule_paths: List[RulePath], cache_dir=None, on_load_rule: Callable[[RulePath, int, int], None] = on_load_rule_default, - analysis_context: Optional[ExecutionContext] = None, ) -> RuleSet: """ args: @@ -929,14 +916,7 @@ def get_rules( rules.append(rule) logger.debug("loaded rule: '%s' with scope: %s", rule.name, rule.scopes) - # filter rules according to the execution context - if analysis_context is STATIC_CONTEXT: - ruleset = capa.rules.RuleSet(rules, rules_filter_func=lambda rule: rule.scopes.static) - elif analysis_context is DYNAMIC_CONTEXT: - ruleset = capa.rules.RuleSet(rules, rules_filter_func=lambda rule: rule.scopes.dynamic) - else: - # default: load all rules - ruleset = capa.rules.RuleSet(rules) + ruleset = capa.rules.RuleSet(rules) capa.rules.cache.cache_ruleset(cache_dir, ruleset) @@ -1465,15 +1445,7 @@ def main(argv: Optional[List[str]] = None): else: cache_dir = capa.rules.cache.get_default_cache_directory() - if format_ in STATIC_FORMATS: - analysis_context = STATIC_CONTEXT - elif format_ in DYNAMIC_FORMATS: - analysis_context = DYNAMIC_CONTEXT - else: - # freeze or result formats - analysis_context = None - - rules = get_rules(args.rules, cache_dir=cache_dir, analysis_context=analysis_context) + rules = get_rules(args.rules, cache_dir=cache_dir) logger.debug( "successfully loaded %s rules", diff --git a/capa/rules/__init__.py b/capa/rules/__init__.py index 3e446449f..3b9680362 100644 --- a/capa/rules/__init__.py +++ b/capa/rules/__init__.py @@ -1263,7 +1263,6 @@ class RuleSet: def __init__( self, rules: List[Rule], - rules_filter_func=None, ): super().__init__() @@ -1281,11 +1280,6 @@ def __init__( ensure_rule_dependencies_are_met(rules) - if rules_filter_func: - # this allows for filtering the ruleset based on - # the execution context (static or dynamic) - rules = list(filter(rules_filter_func, rules)) - if len(rules) == 0: raise InvalidRuleSet("no rules selected") diff --git a/tests/test_rules.py b/tests/test_rules.py index 1c6a04940..1472f9d0d 100644 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -408,8 +408,8 @@ def test_rules_flavor_filtering(): ), ] - static_rules = capa.rules.RuleSet(rules.copy(), rules_filter_func=lambda rule: rule.scopes.static) - dynamic_rules = capa.rules.RuleSet(rules, rules_filter_func=lambda rule: rule.scopes.dynamic) + static_rules = capa.rules.RuleSet([r for r in rules if r.meta.scopes.static is not None]) + dynamic_rules = capa.rules.RuleSet([r for r in rules if r.meta.scopes.dynamic is not None]) # only static rule assert len(static_rules) == 1