From c750447d62a492210d262ffc45eef5025e3279a1 Mon Sep 17 00:00:00 2001
From: Moritz Raabe <moritz.raabe@fireeye.com>
Date: Wed, 27 Jan 2021 17:59:56 +0100
Subject: [PATCH 1/2] potential fix for #398

---
 capa/rules.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/capa/rules.py b/capa/rules.py
index 196458d7..01ab1bfa 100644
--- a/capa/rules.py
+++ b/capa/rules.py
@@ -866,7 +866,8 @@ class RuleSet(object):
         given a collection of rules, collect the rules that are needed at the given scope.
         these rules are ordered topologically.
 
-        don't include "lib" rules, unless they are dependencies of other rules.
+        don't include auto-generated "subscope"/"lib" rules.
+        we want to include general "lib" rules here - even if they are not dependencies of other rules, see #398
         """
         scope_rules = set([])
 
@@ -875,7 +876,7 @@ class RuleSet(object):
         #  at lower scope, e.g. function scope.
         # so, we find all dependencies of all rules, and later will filter them down.
         for rule in rules:
-            if rule.meta.get("lib", False):
+            if rule.meta.get("capa/subscope-rule", False):
                 continue
 
             scope_rules.update(get_rules_and_dependencies(rules, rule.name))

From 7b64425c24ad9b388f7bcfaeb7098e93f09f50ac Mon Sep 17 00:00:00 2001
From: Moritz Raabe <moritz.raabe@fireeye.com>
Date: Thu, 28 Jan 2021 08:18:23 +0100
Subject: [PATCH 2/2] update doc and test case

---
 capa/rules.py       | 2 +-
 tests/test_rules.py | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/capa/rules.py b/capa/rules.py
index 01ab1bfa..09929636 100644
--- a/capa/rules.py
+++ b/capa/rules.py
@@ -866,7 +866,7 @@ class RuleSet(object):
         given a collection of rules, collect the rules that are needed at the given scope.
         these rules are ordered topologically.
 
-        don't include auto-generated "subscope"/"lib" rules.
+        don't include auto-generated "subscope" rules.
         we want to include general "lib" rules here - even if they are not dependencies of other rules, see #398
         """
         scope_rules = set([])
diff --git a/tests/test_rules.py b/tests/test_rules.py
index a7059025..c08d7212 100644
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -282,7 +282,8 @@ def test_lib_rules():
             ),
         ]
     )
-    assert len(rules.function_rules) == 1
+    # lib rules are added to the rule set
+    assert len(rules.function_rules) == 2
 
 
 def test_subscope_rules():