diff --git a/capa/features/extractors/viv/insn.py b/capa/features/extractors/viv/insn.py index 1516b13e..5e83c3b2 100644 --- a/capa/features/extractors/viv/insn.py +++ b/capa/features/extractors/viv/insn.py @@ -7,7 +7,6 @@ from capa.features import MAX_BYTES_FEATURE_SIZE, Bytes, String, Characteristic from capa.features.insn import Number, Offset, Mnemonic from capa.features.extractors.viv.indirect_calls import NotFoundError, resolve_indirect_call - # security cookie checks may perform non-zeroing XORs, these are expected within a certain # byte range within the first and returning basic blocks, this helps to reduce FP features SECURITY_COOKIE_BYTES_DELTA = 0x40 diff --git a/capa/rules.py b/capa/rules.py index f81cfac3..6347f754 100644 --- a/capa/rules.py +++ b/capa/rules.py @@ -211,7 +211,7 @@ def parse_description(s, value_type, description=None): """ s can be an int or a string """ - if value_type != "string" and isinstance(s, str) and " = " in s: + if value_type != "string" and isinstance(s, six.string_types) and " = " in s: if description: raise InvalidRule( 'unexpected value: "%s", only one description allowed (inline description with ` = `)' % s @@ -222,7 +222,7 @@ def parse_description(s, value_type, description=None): else: value = s - if isinstance(value, str): + if isinstance(value, six.string_types): if value_type == "bytes": try: value = codecs.decode(value.replace(" ", ""), "hex") @@ -801,7 +801,7 @@ class RuleSet(object): rules_filtered = set([]) for rule in rules: for k, v in rule.meta.items(): - if isinstance(v, str) and tag in v: + if isinstance(v, six.string_types) and tag in v: logger.debug('using rule "%s" and dependencies, found tag in meta.%s: %s', rule.name, k, v) rules_filtered.update(set(capa.rules.get_rules_and_dependencies(rules, rule.name))) break