From 76913af20b133721b5d5722b6120942ac8b19fc4 Mon Sep 17 00:00:00 2001
From: Maxime Berthault <2143487+Maxou56800@users.noreply.github.com>
Date: Fri, 12 Jul 2024 12:25:19 +0200
Subject: [PATCH] Binary Ninja update and fix (#2205)

* Fix binja warning (use of a deprecated API method)

* Update binja plugin
> Fix json openning and parsing
> Fix base address

* Fix code_style

* lint black update
---
 capa/features/extractors/binja/extractor.py |  2 +-
 scripts/import-to-bn.py                     | 26 +++++++++++++++++----
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/capa/features/extractors/binja/extractor.py b/capa/features/extractors/binja/extractor.py
index e8d42908d..e542494af 100644
--- a/capa/features/extractors/binja/extractor.py
+++ b/capa/features/extractors/binja/extractor.py
@@ -28,7 +28,7 @@
 
 class BinjaFeatureExtractor(StaticFeatureExtractor):
     def __init__(self, bv: binja.BinaryView):
-        super().__init__(hashes=SampleHashes.from_bytes(bv.file.raw.read(0, len(bv.file.raw))))
+        super().__init__(hashes=SampleHashes.from_bytes(bv.file.raw.read(0, bv.file.raw.length)))
         self.bv = bv
         self.global_features: List[Tuple[Feature, Address]] = []
         self.global_features.extend(capa.features.extractors.binja.file.extract_file_format(self.bv))
diff --git a/scripts/import-to-bn.py b/scripts/import-to-bn.py
index 7fefcd2fb..b09780a65 100644
--- a/scripts/import-to-bn.py
+++ b/scripts/import-to-bn.py
@@ -69,7 +69,8 @@ def load_analysis(bv):
         return 0
     binaryninja.log_info(f"Using capa file {path}")
 
-    doc = json.loads(path.read_bytes().decode("utf-8"))
+    with Path(path).open("r", encoding="utf-8") as file:
+        doc = json.load(file)
 
     if "meta" not in doc or "rules" not in doc:
         binaryninja.log_error("doesn't appear to be a capa report")
@@ -83,20 +84,35 @@ def load_analysis(bv):
         binaryninja.log_error("sample mismatch")
         return -2
 
+    # Retreive base address
+    capa_base_address = 0
+    if "analysis" in doc["meta"] and "base_address" in doc["meta"]["analysis"]:
+        if doc["meta"]["analysis"]["base_address"]["type"] == "absolute":
+            capa_base_address = int(doc["meta"]["analysis"]["base_address"]["value"])
+
     rows = []
     for rule in doc["rules"].values():
         if rule["meta"].get("lib"):
             continue
         if rule["meta"].get("capa/subscope"):
             continue
-        if rule["meta"]["scope"] != "function":
+        if rule["meta"]["scopes"].get("static") != "function":
             continue
 
         name = rule["meta"]["name"]
         ns = rule["meta"].get("namespace", "")
-        for va in rule["matches"].keys():
-            va = int(va)
-            rows.append((ns, name, va))
+        for matches in rule["matches"]:
+            for match in matches:
+                if "type" not in match.keys():
+                    continue
+                if "value" not in match.keys():
+                    continue
+                va = match["value"]
+                # Substract va and CAPA base_address
+                va = int(va) - capa_base_address
+                # Add binja base address
+                va = va + bv.start
+                rows.append((ns, name, va))
 
     # order by (namespace, name) so that like things show up together
     rows = sorted(rows)