From 8f826cb92d39960987e3b590fad2a9fcf33f27a8 Mon Sep 17 00:00:00 2001
From: Xusheng <xusheng@vector35.com>
Date: Mon, 24 Jul 2023 19:13:10 +0800
Subject: [PATCH 1/5] Fix binja backend stack string detection. Re-enable binja
 stack string unit test

---
 CHANGELOG.md                                 | 2 ++
 capa/features/extractors/binja/basicblock.py | 5 +++--
 tests/test_binja_features.py                 | 3 ---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 64996533..59a1a14c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,8 @@
 
 ### Bug Fixes
 
+- Fix binja backend stack string detection. [#1473](https://github.com/mandiant/capa/issues/1473) [@xusheng6](https://github.com/xusheng6)
+
 ### capa explorer IDA Pro plugin
 
 ### Development
diff --git a/capa/features/extractors/binja/basicblock.py b/capa/features/extractors/binja/basicblock.py
index 30af516d..568ecc7a 100644
--- a/capa/features/extractors/binja/basicblock.py
+++ b/capa/features/extractors/binja/basicblock.py
@@ -75,10 +75,11 @@ def get_stack_string_len(f: Function, il: MediumLevelILInstruction) -> int:
         return 0
 
     dest = il.params[0]
-    if dest.operation != MediumLevelILOperation.MLIL_ADDRESS_OF:
+    if dest.operation in [MediumLevelILOperation.MLIL_ADDRESS_OF, MediumLevelILOperation.MLIL_VAR]:
+        var = dest.src
+    else:
         return 0
 
-    var = dest.src
     if var.source_type != VariableSourceType.StackVariableSourceType:
         return 0
 
diff --git a/tests/test_binja_features.py b/tests/test_binja_features.py
index 4daaa790..a2f0cd78 100644
--- a/tests/test_binja_features.py
+++ b/tests/test_binja_features.py
@@ -40,9 +40,6 @@ except ImportError:
     indirect=["sample", "scope"],
 )
 def test_binja_features(sample, scope, feature, expected):
-    if feature == capa.features.common.Characteristic("stack string"):
-        pytest.xfail("skip failing Binja stack string detection temporarily, see #1473")
-
     if isinstance(feature, capa.features.file.Export) and "." in str(feature.value):
         pytest.xfail("skip Binja unsupported forwarded export feature, see #1646")
 

From 557e83b1dc4dd23ddf31c8cf79ef77ad59ef4270 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 14:15:37 +0000
Subject: [PATCH 2/5] build(deps-dev): bump ruff from 0.0.278 to 0.0.280

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.278 to 0.0.280.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.278...v0.0.280)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index a28e244c..fd68ab55 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -77,7 +77,7 @@ dev = [
     "flake8-simplify==0.20.0",
     "flake8-use-pathlib==0.3.0",
     "flake8-copyright==0.2.4",
-    "ruff==0.0.278",
+    "ruff==0.0.280",
     "black==23.7.0",
     "isort==5.11.4",
     "mypy==1.4.1",

From 5f8280eb09b4e6adb13a345be2bb8845d900f0b1 Mon Sep 17 00:00:00 2001
From: Capa Bot <capa-dev@mandiant.com>
Date: Tue, 1 Aug 2023 11:16:09 +0000
Subject: [PATCH 3/5] Sync capa rules submodule

---
 rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules b/rules
index a49c174f..6691e9bd 160000
--- a/rules
+++ b/rules
@@ -1 +1 @@
-Subproject commit a49c174fee5058ca3617a23e782bdcadacb12406
+Subproject commit 6691e9bdbe430f7de84a9ec88911314b44d8a91a

From d12185d851bb65e89444dc7076efb54643c32648 Mon Sep 17 00:00:00 2001
From: Capa Bot <capa-dev@mandiant.com>
Date: Tue, 1 Aug 2023 11:21:02 +0000
Subject: [PATCH 4/5] Sync capa-testfiles submodule

---
 tests/data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/data b/tests/data
index bfcf387b..a34ba30f 160000
--- a/tests/data
+++ b/tests/data
@@ -1 +1 @@
-Subproject commit bfcf387b5b55e65ef02ceb0cc5191ebe49ad5614
+Subproject commit a34ba30f8c5cee29b7539a56038f4976f8883b2b

From ed98bb3a577cf926dc4be2e6c280a903d891c79c Mon Sep 17 00:00:00 2001
From: Capa Bot <capa-dev@mandiant.com>
Date: Tue, 1 Aug 2023 11:21:32 +0000
Subject: [PATCH 5/5] Sync capa rules submodule

---
 CHANGELOG.md | 2 +-
 rules        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 59a1a14c..cf18ff9c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@
 
 ### Breaking Changes
 
-### New Rules (1)
+### New Rules (2)
 
 - executable/pe/export/forwarded-export ronnie.salomonsen@mandiant.com
 -
diff --git a/rules b/rules
index 6691e9bd..3f39a454 160000
--- a/rules
+++ b/rules
@@ -1 +1 @@
-Subproject commit 6691e9bdbe430f7de84a9ec88911314b44d8a91a
+Subproject commit 3f39a454650c75a26ed7e399af541007b92e00b7