adjust negative hex numbers in to_yaml

2025-12-12 15:49:46 -08:00 · 2021-01-27 18:36:03 +01:00
parent d6e73577af
commit 072e30498b
3 changed files with 9 additions and 11 deletions
--- a/capa/rules.py
+++ b/capa/rules.py
@@ -6,6 +6,7 @@
 #  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and limitations under the License.

+import re
 import uuid
 import codecs
 import logging
@@ -727,6 +728,14 @@ class Rule(object):
        # assumes features section always exists
        features_offset = doc.find("features")
        doc = doc[:features_offset] + doc[features_offset:].replace("  description:", "    description:")
+
+        # for negative hex numbers, yaml dump outputs:
+        # - offset: !!int '0x-30'
+        # we prefer:
+        # - offset: -0x30
+        # the below regex makes these adjustments and while ugly, we don't have to explore the ruamel.yaml insides
+        doc = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", doc)
+
        return doc


--- a/scripts/capafmt.py
+++ b/scripts/capafmt.py
@@ -14,7 +14,6 @@ Unless required by applicable law or agreed to in writing, software distributed
 is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and limitations under the License.
 """
-import re
 import sys
 import logging
 import argparse
@@ -60,9 +59,6 @@ def main(argv=None):
    rule = capa.rules.Rule.from_yaml_file(args.path, use_ruamel=True)
    reformatted_rule = rule.to_yaml()

-    # fix negative numbers
-    reformatted_rule = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", reformatted_rule)
-
    if args.check:
        if rule.definition == reformatted_rule:
            logger.info("rule is formatted correctly, nice! (%s)", rule.name)
--- a/scripts/lint.py
+++ b/scripts/lint.py
@@ -14,7 +14,6 @@ Unless required by applicable law or agreed to in writing, software distributed
 See the License for the specific language governing permissions and limitations under the License.
 """
 import os
-import re
 import sys
 import time
 import string
@@ -298,12 +297,6 @@ class FormatIncorrect(Lint):
        actual = rule.definition
        expected = capa.rules.Rule.from_yaml(rule.definition, use_ruamel=True).to_yaml()

-        # fix negative numbers
-        # - offset: -0x30
-        # instead of
-        # - offset: !!int '0x-30'
-        expected = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", expected)
-
        if actual != expected:
            diff = difflib.ndiff(actual.splitlines(1), expected.splitlines(1))
            self.recommendation = self.recommendation_template.format("".join(diff))