Fix some hardcode issue

xukunzh · xukunzh · commit 20d42694d900 · 2025-06-23T19:31:29.000-07:00
diff --git a/capa/features/common.py b/capa/features/common.py
@@ -439,9 +439,10 @@ def get_value_str(self):
 ARCH_I386 = "i386"
 ARCH_AMD64 = "amd64"
 ARCH_AARCH64 = "aarch64"
+ARCH_ARM = "arm"
 # dotnet
 ARCH_ANY = "any"
-VALID_ARCH = (ARCH_I386, ARCH_AMD64, ARCH_AARCH64, ARCH_ANY)
+VALID_ARCH = (ARCH_I386, ARCH_AMD64, ARCH_AARCH64, ARCH_ARM, ARCH_ANY)
 
 
 class Arch(Feature):
diff --git a/capa/features/extractors/frida/extractor.py b/capa/features/extractors/frida/extractor.py
@@ -3,7 +3,18 @@
 
 
 from capa.features.extractors.frida.models import FridaReport, Call
-from capa.features.common import Feature, String, OS, Arch, Format, FORMAT_APK
+from capa.features.common import (
+    Feature, 
+    String, 
+    OS, 
+    Arch, 
+    Format, 
+    OS_ANDROID,
+    ARCH_AARCH64,
+    ARCH_AMD64,
+    ARCH_I386,
+    FORMAT_APK
+)
 from capa.features.insn import API, Number
 from capa.features.address import (
     NO_ADDRESS,
@@ -20,9 +31,7 @@
     ProcessHandle,
     DynamicFeatureExtractor,
 )
-import logging
 
-logger = logging.getLogger(__name__)
 
 class FridaExtractor(DynamicFeatureExtractor):
     """
@@ -45,17 +54,17 @@ def get_base_address(self) -> Union[_NoAddress, None]:
 
     def extract_global_features(self) -> Iterator[tuple[Feature, Address]]:
         """Basic global features"""
-        yield OS("android"), NO_ADDRESS  # OS: Frida doesn't provide OS info
+        yield OS(OS_ANDROID), NO_ADDRESS  
 
         if self.report.processes:
             process = self.report.processes[0]
             
             if process.arch:
                 arch_mapping = {
-                    "arm64": "aarch64",
-                    "arm": "arm",
-                    "x64": "amd64", 
-                    "ia32": "i386"
+                    "arm64": ARCH_AARCH64,
+                    "arm": ARCH_ARM,
+                    "x64": ARCH_AMD64, 
+                    "ia32": ARCH_I386
                 }
                 capa_arch = arch_mapping.get(process.arch, process.arch)
                 yield Arch(capa_arch), NO_ADDRESS
diff --git a/scripts/frida/java_monitor.js b/scripts/frida/java_monitor.js
@@ -168,7 +168,8 @@ Java.perform(function() {
         File.delete.implementation = function() {
             var path = this.getAbsolutePath();
             var result = this.delete();
-            recordApiCall("java.io.File.delete", []);
+            var args = [];
+            recordApiCall("java.io.File.delete", args);
             debugLog("java.io.File.delete", {"path": path}, result);
             return result;
         };
diff --git a/scripts/frida/test_rules/file_collction.yml b/scripts/frida/test_rules/file_collction.yml
@@ -1,4 +1,3 @@
-# TODO: Review them together next week. I think they need some changes.
 rule:
   meta:
     name: file collection

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-# TODO: Review them together next week. I think they need some changes.`
`2`	`1`	`rule:`
`3`	`2`	`meta:`
`4`	`3`	`name: file collection`