tests: Add test for sample 2bf18d

tests/test_os_detection.py

@@ -20,6 +20,7 @@ def test_elf_sh_notes():
     # guess: sh notes: OS.LINUX
     # guess: linker: None
     # guess: ABI versions needed: None
+    # guess: symtab: None
     # guess: needed dependencies: None
     path = get_data_path_by_name("2f7f5f")
     with open(path, "rb") as f:
@@ -32,6 +33,7 @@ def test_elf_pt_notes():
     # guess: sh notes: OS.LINUX
     # guess: linker: OS.LINUX
     # guess: ABI versions needed: OS.LINUX
+    # guess: symtab: None
     # guess: needed dependencies: None
     path = get_data_path_by_name("7351f.elf")
     with open(path, "rb") as f:
@@ -44,6 +46,7 @@ def test_elf_so_needed():
     # guess: sh notes: OS.HURD
     # guess: linker: None
     # guess: ABI versions needed: OS.HURD
+    # guess: symtab: None
     # guess: needed dependencies: OS.HURD
     path = get_data_path_by_name("b5f052")
     with open(path, "rb") as f:
@@ -56,7 +59,21 @@ def test_elf_abi_version_hurd():
     # guess: sh notes: OS.HURD
     # guess: linker: None
     # guess: ABI versions needed: OS.HURD
+    # guess: symtab: None
     # guess: needed dependencies: None
     path = get_data_path_by_name("bf7a9c")
     with open(path, "rb") as f:
         assert capa.features.extractors.elf.detect_elf_os(f) == "hurd"
+
+
+def test_elf_symbol_table():
+    # guess: osabi: None
+    # guess: ph notes: None
+    # guess: sh notes: None
+    # guess: linker: None
+    # guess: ABI versions needed: None
+    # guess: symtab: OS.LINUX
+    # guess: needed dependencies: None
+    path = get_data_path_by_name("2bf18d")
+    with open(path, "rb") as f:
+        assert capa.features.extractors.elf.detect_elf_os(f) == "linux"