Merge pull request #1764 from mandiant/fix/scope-enum-usage

rules: use Scope enum instead of constants

CHANGELOG.md

@@ -10,6 +10,8 @@
 
 ### Breaking Changes
 
+- remove the `SCOPE_*` constants in favor of the `Scope` enum #1764 @williballenthin
+
 ### New Rules (0)
 
 -

capa/ida/plugin/model.py

@@ -500,13 +500,13 @@ def render_capa_doc_by_program(self, doc: rd.ResultDocument):
                 location = location_.to_capa()
 
                 parent2: CapaExplorerDataItem
-                if capa.rules.FILE_SCOPE in rule.meta.scopes:
+                if capa.rules.Scope.FILE in rule.meta.scopes:
                     parent2 = parent
-                elif capa.rules.FUNCTION_SCOPE in rule.meta.scopes:
+                elif capa.rules.Scope.FUNCTION in rule.meta.scopes:
                     parent2 = CapaExplorerFunctionItem(parent, location)
-                elif capa.rules.BASIC_BLOCK_SCOPE in rule.meta.scopes:
+                elif capa.rules.Scope.BASIC_BLOCK in rule.meta.scopes:
                     parent2 = CapaExplorerBlockItem(parent, location)
-                elif capa.rules.INSTRUCTION_SCOPE in rule.meta.scopes:
+                elif capa.rules.Scope.INSTRUCTION in rule.meta.scopes:
                     parent2 = CapaExplorerInstructionItem(parent, location)
                 else:
                     raise RuntimeError("unexpected rule scope: " + str(rule.meta.scopes.static))

capa/main.py

@@ -1056,7 +1056,7 @@ def compute_dynamic_layout(rules, extractor: DynamicFeatureExtractor, capabiliti
     matched_threads = set()
     for rule_name, matches in capabilities.items():
         rule = rules[rule_name]
-        if capa.rules.THREAD_SCOPE in rule.scopes:
+        if capa.rules.Scope.THREAD in rule.scopes:
             for addr, _ in matches:
                 assert addr in processes_by_thread
                 matched_threads.add(addr)
@@ -1099,7 +1099,7 @@ def compute_static_layout(rules, extractor: StaticFeatureExtractor, capabilities
     matched_bbs = set()
     for rule_name, matches in capabilities.items():
         rule = rules[rule_name]
-        if capa.rules.BASIC_BLOCK_SCOPE in rule.scopes:
+        if capa.rules.Scope.BASIC_BLOCK in rule.scopes:
             for addr, _ in matches:
                 assert addr in functions_by_bb
                 matched_bbs.add(addr)

capa/render/verbose.py

@@ -214,7 +214,7 @@ def render_rules(ostream, doc: rd.ResultDocument):
 
             rows.append((key, v))
 
-        if capa.rules.FILE_SCOPE not in rule.meta.scopes:
+        if capa.rules.Scope.FILE not in rule.meta.scopes:
             locations = [m[0] for m in doc.rules[rule.meta.name].matches]
             rows.append(("matches", "\n".join(map(format_address, locations))))
 

capa/render/vverbose.py

@@ -357,7 +357,7 @@ def render_rules(ostream, doc: rd.ResultDocument):
 
         ostream.writeln(tabulate.tabulate(rows, tablefmt="plain"))
 
-        if capa.rules.FILE_SCOPE in rule.meta.scopes:
+        if capa.rules.Scope.FILE in rule.meta.scopes:
             matches = doc.rules[rule.meta.name].matches
             if len(matches) != 1:
                 # i think there should only ever be one match per file-scope rule,
@@ -379,13 +379,13 @@ def render_rules(ostream, doc: rd.ResultDocument):
                 ostream.write(" @ ")
                 ostream.write(capa.render.verbose.format_address(location))
 
-                if capa.rules.BASIC_BLOCK_SCOPE in rule.meta.scopes:
+                if capa.rules.Scope.BASIC_BLOCK in rule.meta.scopes:
                     ostream.write(
                         " in function "
                         + capa.render.verbose.format_address(frz.Address.from_capa(functions_by_bb[location.to_capa()]))
                     )
 
-                if capa.rules.THREAD_SCOPE in rule.meta.scopes:
+                if capa.rules.Scope.THREAD in rule.meta.scopes:
                     ostream.write(
                         " in process "
                         + capa.render.verbose.format_address(