manual adjust negative numbers

scripts/capafmt.py

@@ -14,6 +14,7 @@ Unless required by applicable law or agreed to in writing, software distributed
  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and limitations under the License.
 """
+import re
 import sys
 import logging
 import argparse
@@ -59,6 +60,9 @@ def main(argv=None):
     rule = capa.rules.Rule.from_yaml_file(args.path, use_ruamel=True)
     reformatted_rule = rule.to_yaml()
 
+    # fix negative numbers
+    reformatted_rule = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", reformatted_rule)
+
     if args.check:
         if rule.definition == reformatted_rule:
             logger.info("rule is formatted correctly, nice! (%s)", rule.name)
@@ -71,7 +75,7 @@ def main(argv=None):
         with open(args.path, "wb") as f:
             f.write(reformatted_rule.encode("utf-8"))
     else:
-        print(rule.to_yaml().rstrip("\n"))
+        print(reformatted_rule)
 
     return 0
 

scripts/lint.py

@@ -14,6 +14,7 @@ Unless required by applicable law or agreed to in writing, software distributed
 See the License for the specific language governing permissions and limitations under the License.
 """
 import os
+import re
 import sys
 import time
 import string
@@ -297,9 +298,11 @@ class FormatIncorrect(Lint):
         actual = rule.definition
         expected = capa.rules.Rule.from_yaml(rule.definition, use_ruamel=True).to_yaml()
 
-        # ignore different quote characters
-        actual = actual.replace("'", '"')
-        expected = expected.replace("'", '"')
+        # fix negative numbers
+        # - offset: -0x30
+        # instead of
+        # - offset: !!int '0x-30'
+        expected = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", expected)
 
         if actual != expected:
             diff = difflib.ndiff(actual.splitlines(1), expected.splitlines(1))