-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
read and render results document #991
Comments
rendering an existing results document is a great idea! |
Could you please explain it a bit more and guide me how to do it ? |
For the rendering of an existing result document (JSON), we'll have to:
|
@williballenthin is adding a new format FORMAT_RESULT a correct approach as by this we can reuse args.sample to accept json file as cited by @mr-tz ,and rather than --format=result we can just compare the initial buf.read of the file to be {"meta": to ensure its a results.json file |
Yes, an explicit new FORMAT and auto-detection via the first few bytes (and subquential successful loading) sound great. |
Hi @mr-tz -tz ,I would like to work on fixing issue. I would appreciate your guidance as I work on this issue. Let me know if you have any suggestions or guidance on how I can get started. Thank you! |
No, @ooprathamm is working on this in #1396 so let’s follow their work and lend a hand if they ask for help. Otherwise, is feature is already being addressed.
|
when wanting to display different output modes, e.g. plain or verbose, the whole program needs to run again. this can be a bit slow, since capa needs to re-analyze the binary, extract features, do the matching, etc. with the results document saved by the user, we could also take that as an input and render per the specified arguments.
the flow would look like this:
--json
option and directs the output to a file, likecapa foo.exe --json > foo.json
capa foo.json -v
andcapa foo.json -vv
i dont think we want to introduce any more cli options than we have to, so lets use output redirection for writing the json to a file. we could add a new
--format=
option like--format=result
to indicate to capa that the input file is a result document, likecapa --format=result foo.json
. and/or, we could autodetect when the input file appears to be a result document json and just do the right thing. we could autodetect by noticing the content is json, has some strings we expect, and decodes correctly into a result document.once we have a result document loaded, then the output behavior here shouldn't have to change.
uses cases for this would be:
this will require a bit of refactoring so let's agree if this is worth it and how to do it, first.
The text was updated successfully, but these errors were encountered: