Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL package proposal: capa-explorer-web.vm #1136

Closed
mr-tz opened this issue Sep 13, 2024 · 9 comments · Fixed by #1181
Closed

URL package proposal: capa-explorer-web.vm #1136

mr-tz opened this issue Sep 13, 2024 · 9 comments · Fixed by #1181
Labels
😕 needs info Further information is needed 🆕 package New package request/idea/PR

Comments

@mr-tz
Copy link
Contributor

mr-tz commented Sep 13, 2024

Package Name

capa-explorer-web

Tool Name

capa Explorer Web

Package type

OTHER/UNKNOWN

Is the tool a console application?

false

Version

0

Category

Utilities

Tool's authors

@s-ff, @mike-hunhoff, @williballenthin, @mr-tz

Tool's description

capa Explorer Web is a web-based tool to explore the capabilities identified by capa.

Download URL

https://mandiant.github.io/capa/explorer/capa-explorer-web.zip

Download SHA256 Hash

TBD

Dependencies

No response

Why is this tool a good addition?

This tool allows you to interactively browse and display capa results in multiple viewing modes.

Extra information

There is currently no version tracking. How do you recommend we adjust the URL/file to allow for easier tracking and updates?

This is similar to CyberChef so can be installed analogous most likely.

@mr-tz mr-tz added the 🆕 package New package request/idea/PR label Sep 13, 2024
@Ana06
Copy link
Member

Ana06 commented Sep 30, 2024

@mr-tz the URL should include the version and the URL should work until we have updated the URL to the new version in VM-Packages.

@Ana06 Ana06 added the 😕 needs info Further information is needed label Sep 30, 2024
@Ana06 Ana06 self-assigned this Sep 30, 2024
@Ana06 Ana06 added this to the FLARE-VM 2024 Q4-P1 milestone Sep 30, 2024
@fariss
Copy link
Contributor

fariss commented Oct 4, 2024

I've explored a bit the options we have to keep a public feed of releases for capa Explorer Web and here my thoughts:

  • Using the Github Releases: as far I know, this is not doable because VM-Packages checks the tag_name of a repo (in our case 7.0.3) against the version declared in the capa-explorer-web.vm nuspec file (1.0.0), which is not the intended goal. Even though we have both capa and capa explorer in the same repo, they don't get released with the same version number.

  • Using npm registry: we can publish explorer Web release to the NPM registry which keeps a feed of all releases. VM-packages can download the latest using VM-Install-Node-Tool cmdlet (npm install -g capa-explorer-web). This will pull the standalone index.html distributable to the working directory, which can then be moved to the tools dir.

@Ana06 / @mr-tz what do you think about the second option?

@mr-tz
Copy link
Contributor Author

mr-tz commented Oct 4, 2024

NPM registry may be an option but I also feel like that capa should make standalone HTMLs directly available for easy download and usage.

@fariss
Copy link
Contributor

fariss commented Oct 4, 2024

NPM registry may be an option but I also feel like that capa should make standalone HTMLs directly available for easy download and usage.

npm registry provides a way to download the zip artifacts easily via https://registry.npmjs.org/<package-name>/-/<package-name>-<version>.tgz. So if we decide to publish there, we can retrieve past releases of capa Explorer Web.

Here is an example from cyberchef npm package:
https://registry.npmjs.org/cyberchef/-/cyberchef-10.19.2.tgz ⟶ retrieves v10.19.2 archive
https://registry.npmjs.org/cyberchef/-/cyberchef-10.18.9.tgz ⟶ retrieves v10.18.9 archive

@Ana06
Copy link
Member

Ana06 commented Oct 9, 2024

Thanks for the ideas @s-ff!

From the FLARE-VM/VM-Packages perspective, we just need a link anywhere to be able to create the package.

My personal opinion is that capa web releases should be synchronized with capa releases as it would allow to release the capa web release in the same capa release, where users can find it easily and FLARE-VM can use it and update it using the current automation. It would also have another advantanges: avoid uncompatibility of rules when merging breaking changes, displaying the version in web for better bug reporting and rules compatibility, and announcing big capa web changes to users instead of constant small changes.

The https://registry.npmjs.org option is also valid and may be easier to implement. But note that VM-Packages does not support automatic updates for https://registry.npmjs.org. We only update tools using GH releases automatically as that is what most tools use to release.

@Ana06 Ana06 removed their assignment Nov 22, 2024
@Ana06 Ana06 removed this from the FLARE-VM 2024 Q4-P1 milestone Nov 22, 2024
@mr-tz
Copy link
Contributor Author

mr-tz commented Nov 26, 2024

@fariss can we move ahead here? should we do a release or store a copy in a temporary location in the meantime?

@fariss
Copy link
Contributor

fariss commented Nov 26, 2024

@mr-tz yes please go ahead with a release, and I can create a vm package via a PR here.

@mr-tz
Copy link
Contributor Author

mr-tz commented Nov 27, 2024

https://github.com/mandiant/capa/blob/master/web/explorer/releases/capa-explorer-web-v1.0.0-6a2330c.zip

capa-explorer-web-v1.0.0-6a2330c
Release Date: 2024-11-27 13:03:17 UTC
SHA256: 3a7cf6927b0e8595f08b685669b215ef779eade622efd5e8d33efefadd849025

@fariss
Copy link
Contributor

fariss commented Nov 27, 2024

Thank you @mr-tz, creating a vm-package now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
😕 needs info Further information is needed 🆕 package New package request/idea/PR
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants