Willi Ballenthin

icon indicating a website link http://www.williballenthin.com/ icon indicating an email [email protected]

icon company @HexRaysSA icon location /usr/bin/nethack

Results 296 issues of Willi Ballenthin

rule app: generate redirects for non-normalized rule names

We uniquely identify capa rules by their filename, which is *mostly* lowercasing and replacing spaces with dashes. but there are a few other rules (https://github.com/mandiant/capa/blob/c3f24c2f48d1119f01f7cf32f9326619f9c9afa9/scripts/lint.py#L109-L116). external services might not know...

rule website

rule app: use jinja for templating

rather than using f-strings, we should use [jinja](https://jinja.palletsprojects.com/en/3.1.x/) for templating and generating HTML.

rule website

use pydantic tagged unions to more quickly validate the result document

1 comment

In our result document JSON document, we use unions in a few places, such as `freeze.features.Feature`: https://github.com/mandiant/capa/blob/c409b2b7ed7f5f2a9c3b9efc9e75dd5779205576/capa/features/freeze/features.py#L351 ![image](https://github.com/user-attachments/assets/d361f91a-3848-46a7-aedb-9edfb459ac68) I've learned that to validate incoming data against this union, pydantic will...

enhancement
good first issue
help wanted
performance

SegmentationViolation: edc093c58aba375a0f8976732839015d71be265b28ea59cd2afef745da85487e

4 comment

edc093c58aba375a0f8976732839015d71be265b28ea59cd2afef745da85487e on VT

bug
viv-bug

Exception: b0c3a78748aeba228c1393696ecf5ac9ee99daebe7101027ef17d9600f49c26f

3 comment

b0c3a78748aeba228c1393696ecf5ac9ee99daebe7101027ef17d9600f49c26f on VT

bug
viv-bug

AssertionError: 208a5ed91cd6196c7dd5c667a94e988a75ab22453b1b25daf50acb17197a935e

3 comment

208a5ed91cd6196c7dd5c667a94e988a75ab22453b1b25daf50acb17197a935e on VT

bug

struct.error: f4a54ac4c54b62e624baffa90a9c9af7234711e355ec618ec1c797b8d272ac3f

2 comment

f4a54ac4c54b62e624baffa90a9c9af7234711e355ec618ec1c797b8d272ac3f on VT

bug
viv-bug

UnicodeDecodeError: 699ace764ed8f67a54c32a3310bcd53c0e733f80729240c8082498d547216428

2 comment

699ace764ed8f67a54c32a3310bcd53c0e733f80729240c8082498d547216428 on VT

bug
viv-bug

webui: when the window width is narrow, render entry data vertically

2 comment

When the browser window is narrow, such as on mobile, we should render the rule results table in a different way so that all information can easily be seen. Today,...

gsoc
webui

PE/ELF loader fixes

5 comment

This PR fixes four loader bugs encountered while running vivisect against a large number of real world samples. The associated capa issue #s (and ultimately sample hashes) are referenced in...

bug