Merge pull request #243 from fireeye/fix-241

fix 241: string counting exception
2025-12-12 15:49:46 -08:00 · 2020-08-18 12:09:52 -06:00
parent 5f731f72ed d3dad3a66a
commit 585a9c167f
2 changed files with 18 additions and 1 deletions
--- a/capa/features/init.py
+++ b/capa/features/init.py
@@ -161,7 +161,7 @@ class Regex(String):


 class StringFactory(object):
-    def __new__(self, value, description):
+    def __new__(self, value, description=None):
        if value.startswith("/") and (value.endswith("/") or value.endswith("/i")):
            return Regex(value, description=description)
        return String(value, description=description)
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -162,6 +162,23 @@ def test_rule_yaml_count_range():
    assert r.evaluate({Number(100): {1, 2, 3}}) == False


+def test_rule_yaml_count_string():
+    rule = textwrap.dedent(
+        """
+        rule:
+            meta:
+                name: test rule
+            features:
+                - count(string(foo)): 2
+        """
+    )
+    r = capa.rules.Rule.from_yaml(rule)
+    assert r.evaluate({String("foo"): {}}) == False
+    assert r.evaluate({String("foo"): {1}}) == False
+    assert r.evaluate({String("foo"): {1, 2}}) == True
+    assert r.evaluate({String("foo"): {1, 2, 3}}) == False
+
+
 def test_invalid_rule_feature():
    with pytest.raises(capa.rules.InvalidRule):
        capa.rules.Rule.from_yaml(