)

* [ISSUE_TEMPLATE] Update Code of Conduct

Change Code of Conduct by Google's default Code of Conduct, as the used
linked has been removed from capa for consistency with other Google
projects.

* [CONTRIBUTING] Add CONTRIBUTING file

Add CONTRIBUTING file with information about CLA and Google's code of
conduct to follow Google conventions/policies. Include also other
details to make contributing easier.

* Add use-bigint-function

Add new `data-manipulation/encryption/use-bigint-function.yml` rule to
identify bigint functions as these functions may help reverse engineers
identifying crypto. Example of bigint functions identified by this rule:
- `bi_copi`
- `bi_permanent`
- `bi_depermant`
- `bi_free`

Reference:
- https://github.com/ezhangle/krypton/blob/147d69429bfb03cce7113dca6dba36e77f8a9325/src/bigint.c
- https://github.com/bnoordhuis/mongrel2/blob/3e9b57d82aeb627be0aebfb346199bfdfd67e530/src/crypto/bigint.c

* Add rsa-encrypt

Add new rule `data-manipulation/encryption/rsa/rsa-encrypt.yml` that
identifies the RSA encryption implementation from:
- https://github.com/ezhangle/krypton/blob/147d69429bfb03cce7113dca6dba36e77f8a9325/src/rsa.c#L232
- https://github.com/bnoordhuis/mongrel2/blob/3e9b57d82aeb627be0aebfb346199bfdfd67e530/src/crypto/rsa.c#L233

Rename current RSA encryption/decryption rules in the nursery to add
`via WinAPI` to prevent name conflict.

* remove duplicate features from some rules

* keep commented hex values to show AfdOpenPacketX structure

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* use sequence scope instead of thread scope for "static: function" rules

* use sequence scope instead of thread scope for "static: basic block" rules

* make runtime linking rules more concise

* doc: describe sequence scope

* rename "sequence" scope to "span of calls" scope

* Update anti-analysis/anti-av/check-for-sandbox-and-av-modules.yml

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update anti-analysis/anti-vm/vm-detection/check-for-windows-sandbox-via-device.yml

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update collection/get-geographical-location.yml

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update collection/file-managers/gather-classicftp-information.yml

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update collection/database/wmi/reference-wmi-statements.yml

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update collection/database/sql/reference-sql-statements.yml

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

---------

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

ref mandiant/capa#2579

closes #943

* remove redundant matches for dynamic scope

* fix lints

* fix lints

* tighten scopes

* add dotnet limitation rule for dynamic samples

* restructure limitations rules

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor limitation rules to use 'static' namespace

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* update internal .NET file limitation description and name

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

…oo (#990)