extract dynamic capabilities

[yelhamer]

Checklist

• No CHANGELOG update needed

• No new tests needed

• No documentation update needed

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[yelhamer]

will work on fixing the protobuf mypy issues and vverbose, then will remove the draft status. feel free to review in the meanwhile

[mr-tz]

looking good so far!

[yelhamer]

Couldn't fix the mypy issues for some reason...

I tried adding the exclusions using pyproject.toml, mypy.ini, and pre-commit config files. All worked locally, but for some reason only tests/_test_proto,py was being excluded in the Github actions tests.

I'll take a look at this more afterwards, in the meantime, the tests succeed locally so I think a review would be nice (so that I could address the comments and the mypy issues together in future commits). The result_document.py tests might fail if you try to run them locally, and that's because I haven't updated all of the test result document (rd) data nor opened a PR to capa-testfiles, will do so after the dynamic statement PR gets merged (I'll be opening that shortly).

Here are the test results:

[williballenthin]

see inline comments.

overall, looks good! i'd like to run it locally and see how things work.

do you think we should separate StaticResultDocument from DynamicResultDocument? or, let the code switch on doc.meta.analysis?

[williballenthin]

we should probably introduce a dedicated type for the meta variable

[yelhamer]

is it okay to introduce a type with just 2 attributes max ("feature_counts" and "library_functions") ?

[williballenthin]

yup, its fine to introduce trivial types. the major benefit is that mypy can help is identify bugs, as well as serving as a single place for documenting what the data in each field means. otherwise, we're left marking up the various dict construction statements.

[williballenthin]

with the dynamic branch being sync'd, there will now be conflicts here to be fixed. you should try to merge dynamic-feature-extraction into this branch and update the PR.

[mr-tz]

good progress, please see my inline comments and can you add a few tests on the dynamic rendering and calling capa main (test_main) with CAPE input?

[williballenthin]

some not-very-hard things to fix, and then i think we should go ahead and merge this. i think the logic looks quite good!

[williballenthin]

see a few inline changes, then im happy for this to be merged.

[mr-tz]

should be good to merge, not sure what's wrong with the failing 3.11 test