diff --git a/capa/features/extractors/binja/insn.py b/capa/features/extractors/binja/insn.py index 23de37ce..99d5d6ef 100644 --- a/capa/features/extractors/binja/insn.py +++ b/capa/features/extractors/binja/insn.py @@ -439,7 +439,7 @@ def extract_insn_peb_access_characteristic_features( return True value = right.value.value - if not (reg, value) in (("fsbase", 0x30), ("gsbase", 0x60)): + if (reg, value) not in (("fsbase", 48), ("gsbase", 96)): return True results.append((Characteristic("peb access"), ih.address)) diff --git a/capa/features/extractors/ida/insn.py b/capa/features/extractors/ida/insn.py index ac8c8956..7acae816 100644 --- a/capa/features/extractors/ida/insn.py +++ b/capa/features/extractors/ida/insn.py @@ -73,7 +73,7 @@ def extract_insn_api_features(fh: FunctionHandle, bbh: BBHandle, ih: InsnHandle) """ insn: idaapi.insn_t = ih.inner - if not insn.get_canon_mnem() in ("call", "jmp"): + if insn.get_canon_mnem() not in ("call", "jmp"): return # check calls to imported functions diff --git a/capa/ida/plugin/form.py b/capa/ida/plugin/form.py index 70a5f128..75e04b9e 100644 --- a/capa/ida/plugin/form.py +++ b/capa/ida/plugin/form.py @@ -536,7 +536,7 @@ class CapaExplorerForm(idaapi.PluginForm): @param new_ea: destination ea @param old_ea: source ea """ - if not self.view_tabs.currentIndex() in (0, 1): + if self.view_tabs.currentIndex() not in (0, 1): return if idaapi.get_widget_type(widget) != idaapi.BWN_DISASM: diff --git a/capa/main.py b/capa/main.py index f5f1178a..172f6c70 100644 --- a/capa/main.py +++ b/capa/main.py @@ -254,7 +254,8 @@ def find_capabilities(ruleset: RuleSet, extractor: FeatureExtractor, disable_pro if disable_progress: # do not use tqdm to avoid unnecessary side effects when caller intends # to disable progress completely - pbar = lambda s, *args, **kwargs: s + def pbar(s, *args, **kwargs): + return s functions = list(extractor.get_functions()) n_funcs = len(functions) diff --git a/tests/test_engine.py b/tests/test_engine.py index 09560257..8806a59b 100644 --- a/tests/test_engine.py +++ b/tests/test_engine.py @@ -17,112 +17,93 @@ ADDR4 = capa.features.address.AbsoluteVirtualAddress(0x401004) def test_number(): - assert Number(1).evaluate({Number(0): {ADDR1}}) == False - assert Number(1).evaluate({Number(1): {ADDR1}}) == True - assert Number(1).evaluate({Number(2): {ADDR1, ADDR2}}) == False + assert Number(1).evaluate({Number(0): {ADDR1}}) is False + assert Number(1).evaluate({Number(1): {ADDR1}}) is True + assert Number(1).evaluate({Number(2): {ADDR1, ADDR2}}) is False def test_and(): - assert And([Number(1)]).evaluate({Number(0): {ADDR1}}) == False - assert And([Number(1)]).evaluate({Number(1): {ADDR1}}) == True - assert And([Number(1), Number(2)]).evaluate({Number(0): {ADDR1}}) == False - assert And([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) == False - assert And([Number(1), Number(2)]).evaluate({Number(2): {ADDR1}}) == False - assert And([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}, Number(2): {ADDR2}}) == True + assert And([Number(1)]).evaluate({Number(0): {ADDR1}}) is False + assert And([Number(1)]).evaluate({Number(1): {ADDR1}}) is True + assert And([Number(1), Number(2)]).evaluate({Number(0): {ADDR1}}) is False + assert And([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) is False + assert And([Number(1), Number(2)]).evaluate({Number(2): {ADDR1}}) is False + assert And([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}, Number(2): {ADDR2}}) is True def test_or(): - assert Or([Number(1)]).evaluate({Number(0): {ADDR1}}) == False - assert Or([Number(1)]).evaluate({Number(1): {ADDR1}}) == True - assert Or([Number(1), Number(2)]).evaluate({Number(0): {ADDR1}}) == False - assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) == True - assert Or([Number(1), Number(2)]).evaluate({Number(2): {ADDR1}}) == True - assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}, Number(2): {ADDR2}}) == True + assert Or([Number(1)]).evaluate({Number(0): {ADDR1}}) is False + assert Or([Number(1)]).evaluate({Number(1): {ADDR1}}) is True + assert Or([Number(1), Number(2)]).evaluate({Number(0): {ADDR1}}) is False + assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) is True + assert Or([Number(1), Number(2)]).evaluate({Number(2): {ADDR1}}) is True + assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}, Number(2): {ADDR2}}) is True def test_not(): - assert Not(Number(1)).evaluate({Number(0): {ADDR1}}) == True - assert Not(Number(1)).evaluate({Number(1): {ADDR1}}) == False + assert Not(Number(1)).evaluate({Number(0): {ADDR1}}) is True + assert Not(Number(1)).evaluate({Number(1): {ADDR1}}) is False def test_some(): - assert Some(0, [Number(1)]).evaluate({Number(0): {ADDR1}}) == True - assert Some(1, [Number(1)]).evaluate({Number(0): {ADDR1}}) == False + assert Some(0, [Number(1)]).evaluate({Number(0): {ADDR1}}) is True + assert Some(1, [Number(1)]).evaluate({Number(0): {ADDR1}}) is False - assert Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}}) == False - assert Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}}) == False + assert Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}}) is False + assert Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}}) is False assert ( - Some(2, [Number(1), Number(2), Number(3)]).evaluate( - {Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}} - ) - == True + Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}}) is True ) assert ( - Some(2, [Number(1), Number(2), Number(3)]).evaluate( - {Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}, Number(3): {ADDR1}} - ) - == True + Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}, Number(3): {ADDR1}}) is True ) assert ( - Some(2, [Number(1), Number(2), Number(3)]).evaluate( - { - Number(0): {ADDR1}, - Number(1): {ADDR1}, - Number(2): {ADDR1}, - Number(3): {ADDR1}, - Number(4): {ADDR1}, - } - ) - == True + Some(2, [Number(1), Number(2), Number(3)]).evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}, Number(3): {ADDR1}, Number(4): {ADDR1}}) is True ) def test_complex(): - assert True == Or( - [And([Number(1), Number(2)]), Or([Number(3), Some(2, [Number(4), Number(5), Number(6)])])] - ).evaluate({Number(5): {ADDR1}, Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) + assert True is Or([And([Number(1), Number(2)]), Or([Number(3), Some(2, [Number(4), Number(5), Number(6)])])]).evaluate({Number(5): {ADDR1}, Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) - assert False == Or([And([Number(1), Number(2)]), Or([Number(3), Some(2, [Number(4), Number(5)])])]).evaluate( - {Number(5): {ADDR1}, Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}} - ) + assert False is Or([And([Number(1), Number(2)]), Or([Number(3), Some(2, [Number(4), Number(5)])])]).evaluate({Number(5): {ADDR1}, Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) def test_range(): # unbounded range, but no matching feature # since the lower bound is zero, and there are zero matches, ok - assert Range(Number(1)).evaluate({Number(2): {}}) == True + assert Range(Number(1)).evaluate({Number(2): {}}) is True # unbounded range with matching feature should always match - assert Range(Number(1)).evaluate({Number(1): {}}) == True - assert Range(Number(1)).evaluate({Number(1): {ADDR1}}) == True + assert Range(Number(1)).evaluate({Number(1): {}}) is True + assert Range(Number(1)).evaluate({Number(1): {ADDR1}}) is True # unbounded max - assert Range(Number(1), min=1).evaluate({Number(1): {ADDR1}}) == True - assert Range(Number(1), min=2).evaluate({Number(1): {ADDR1}}) == False - assert Range(Number(1), min=2).evaluate({Number(1): {ADDR1, ADDR2}}) == True + assert Range(Number(1), min=1).evaluate({Number(1): {ADDR1}}) is True + assert Range(Number(1), min=2).evaluate({Number(1): {ADDR1}}) is False + assert Range(Number(1), min=2).evaluate({Number(1): {ADDR1, ADDR2}}) is True # unbounded min - assert Range(Number(1), max=0).evaluate({Number(1): {ADDR1}}) == False - assert Range(Number(1), max=1).evaluate({Number(1): {ADDR1}}) == True - assert Range(Number(1), max=2).evaluate({Number(1): {ADDR1}}) == True - assert Range(Number(1), max=2).evaluate({Number(1): {ADDR1, ADDR2}}) == True - assert Range(Number(1), max=2).evaluate({Number(1): {ADDR1, ADDR2, ADDR3}}) == False + assert Range(Number(1), max=0).evaluate({Number(1): {ADDR1}}) is False + assert Range(Number(1), max=1).evaluate({Number(1): {ADDR1}}) is True + assert Range(Number(1), max=2).evaluate({Number(1): {ADDR1}}) is True + assert Range(Number(1), max=2).evaluate({Number(1): {ADDR1, ADDR2}}) is True + assert Range(Number(1), max=2).evaluate({Number(1): {ADDR1, ADDR2, ADDR3}}) is False # we can do an exact match by setting min==max - assert Range(Number(1), min=1, max=1).evaluate({Number(1): {}}) == False - assert Range(Number(1), min=1, max=1).evaluate({Number(1): {ADDR1}}) == True - assert Range(Number(1), min=1, max=1).evaluate({Number(1): {ADDR1, ADDR2}}) == False + assert Range(Number(1), min=1, max=1).evaluate({Number(1): {}}) is False + assert Range(Number(1), min=1, max=1).evaluate({Number(1): {ADDR1}}) is True + assert Range(Number(1), min=1, max=1).evaluate({Number(1): {ADDR1, ADDR2}}) is False # bounded range - assert Range(Number(1), min=1, max=3).evaluate({Number(1): {}}) == False - assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1}}) == True - assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1, ADDR2}}) == True - assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1, ADDR2, ADDR3}}) == True - assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1, ADDR2, ADDR3, ADDR4}}) == False + assert Range(Number(1), min=1, max=3).evaluate({Number(1): {}}) is False + assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1}}) is True + assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1, ADDR2}}) is True + assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1, ADDR2, ADDR3}}) is True + assert Range(Number(1), min=1, max=3).evaluate({Number(1): {ADDR1, ADDR2, ADDR3, ADDR4}}) is False def test_short_circuit(): - assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) == True + assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) is True # with short circuiting, only the children up until the first satisfied child are captured. assert len(Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}, short_circuit=True).children) == 1 @@ -131,8 +112,8 @@ def test_short_circuit(): def test_eval_order(): # base cases. - assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) == True - assert Or([Number(1), Number(2)]).evaluate({Number(2): {ADDR1}}) == True + assert Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}) is True + assert Or([Number(1), Number(2)]).evaluate({Number(2): {ADDR1}}) is True # with short circuiting, only the children up until the first satisfied child are captured. assert len(Or([Number(1), Number(2)]).evaluate({Number(1): {ADDR1}}).children) == 1 diff --git a/tests/test_function_id.py b/tests/test_function_id.py index c6ad2be9..f256db32 100644 --- a/tests/test_function_id.py +++ b/tests/test_function_id.py @@ -4,20 +4,20 @@ import capa.features.insn def test_function_id_simple_match(pma16_01_extractor): - assert pma16_01_extractor.is_library_function(0x407490) == True + assert pma16_01_extractor.is_library_function(4224144) is True assert pma16_01_extractor.get_function_name(0x407490) == "__aulldiv" def test_function_id_gz_pat(pma16_01_extractor): # aullrem is stored in `test_aullrem.pat.gz` - assert pma16_01_extractor.is_library_function(0x407500) == True + assert pma16_01_extractor.is_library_function(4224256) is True assert pma16_01_extractor.get_function_name(0x407500) == "__aullrem" def test_function_id_complex_match(pma16_01_extractor): # 0x405714 is __spawnlp which requires recursive match of __spawnvp at 0x407FAB # (and __spawnvpe at 0x409DE8) - assert pma16_01_extractor.is_library_function(0x405714) == True + assert pma16_01_extractor.is_library_function(4216596) is True assert pma16_01_extractor.get_function_name(0x405714) == "__spawnlp" diff --git a/tests/test_rules.py b/tests/test_rules.py index 29db2a2f..132f478f 100644 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -40,8 +40,8 @@ ADDR4 = capa.features.address.AbsoluteVirtualAddress(0x401004) def test_rule_ctor(): r = capa.rules.Rule("test rule", capa.rules.FUNCTION_SCOPE, Or([Number(1)]), {}) - assert r.evaluate({Number(0): {ADDR1}}) == False - assert r.evaluate({Number(1): {ADDR2}}) == True + assert r.evaluate({Number(0): {ADDR1}}) is False + assert r.evaluate({Number(1): {ADDR2}}) is True def test_rule_yaml(): @@ -63,10 +63,10 @@ def test_rule_yaml(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({Number(0): {ADDR1}}) == False - assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}}) == False - assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}}) == True - assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}, Number(3): {ADDR1}}) == True + assert r.evaluate({Number(0): {ADDR1}}) is False + assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}}) is False + assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}}) is True + assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}, Number(3): {ADDR1}}) is True def test_rule_yaml_complex(): @@ -89,8 +89,8 @@ def test_rule_yaml_complex(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({Number(5): {ADDR1}, Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) == True - assert r.evaluate({Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) == False + assert r.evaluate({Number(5): {ADDR1}, Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) is True + assert r.evaluate({Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) is False def test_rule_descriptions(): @@ -167,8 +167,8 @@ def test_rule_yaml_not(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({Number(1): {ADDR1}}) == True - assert r.evaluate({Number(1): {ADDR1}, Number(2): {ADDR1}}) == False + assert r.evaluate({Number(1): {ADDR1}}) is True + assert r.evaluate({Number(1): {ADDR1}, Number(2): {ADDR1}}) is False def test_rule_yaml_count(): @@ -182,9 +182,9 @@ def test_rule_yaml_count(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({Number(100): set()}) == False - assert r.evaluate({Number(100): {ADDR1}}) == True - assert r.evaluate({Number(100): {ADDR1, ADDR2}}) == False + assert r.evaluate({Number(100): set()}) is False + assert r.evaluate({Number(100): {ADDR1}}) is True + assert r.evaluate({Number(100): {ADDR1, ADDR2}}) is False def test_rule_yaml_count_range(): @@ -198,10 +198,10 @@ def test_rule_yaml_count_range(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({Number(100): set()}) == False - assert r.evaluate({Number(100): {ADDR1}}) == True - assert r.evaluate({Number(100): {ADDR1, ADDR2}}) == True - assert r.evaluate({Number(100): {ADDR1, ADDR2, ADDR3}}) == False + assert r.evaluate({Number(100): set()}) is False + assert r.evaluate({Number(100): {ADDR1}}) is True + assert r.evaluate({Number(100): {ADDR1, ADDR2}}) is True + assert r.evaluate({Number(100): {ADDR1, ADDR2, ADDR3}}) is False def test_rule_yaml_count_string(): @@ -215,10 +215,10 @@ def test_rule_yaml_count_string(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({String("foo"): set()}) == False - assert r.evaluate({String("foo"): {ADDR1}}) == False - assert r.evaluate({String("foo"): {ADDR1, ADDR2}}) == True - assert r.evaluate({String("foo"): {ADDR1, ADDR2, ADDR3}}) == False + assert r.evaluate({String("foo"): set()}) is False + assert r.evaluate({String("foo"): {ADDR1}}) is False + assert r.evaluate({String("foo"): {ADDR1, ADDR2}}) is True + assert r.evaluate({String("foo"): {ADDR1, ADDR2, ADDR3}}) is False def test_invalid_rule_feature(): @@ -466,12 +466,12 @@ def test_number_symbol(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (Number(1) in children) == True - assert (Number(0xFFFFFFFF) in children) == True - assert (Number(2, description="symbol name") in children) == True - assert (Number(3, description="symbol name") in children) == True - assert (Number(4, description="symbol name = another name") in children) == True - assert (Number(0x100, description="symbol name") in children) == True + assert (Number(1) in children) is True + assert (Number(4294967295) in children) is True + assert (Number(2, description="symbol name") in children) is True + assert (Number(3, description="symbol name") in children) is True + assert (Number(4, description="symbol name = another name") in children) is True + assert (Number(256, description="symbol name") in children) is True def test_count_number_symbol(): @@ -488,11 +488,11 @@ def test_count_number_symbol(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({Number(2): set()}) == False - assert r.evaluate({Number(2): {ADDR1}}) == True - assert r.evaluate({Number(2): {ADDR1, ADDR2}}) == False - assert r.evaluate({Number(0x100, description="symbol name"): {ADDR1}}) == False - assert r.evaluate({Number(0x100, description="symbol name"): {ADDR1, ADDR2, ADDR3}}) == True + assert r.evaluate({Number(2): set()}) is False + assert r.evaluate({Number(2): {ADDR1}}) is True + assert r.evaluate({Number(2): {ADDR1, ADDR2}}) is False + assert r.evaluate({Number(256, description="symbol name"): {ADDR1}}) is False + assert r.evaluate({Number(256, description="symbol name"): {ADDR1, ADDR2, ADDR3}}) is True def test_invalid_number(): @@ -553,11 +553,11 @@ def test_offset_symbol(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (Offset(1) in children) == True - assert (Offset(2, description="symbol name") in children) == True - assert (Offset(3, description="symbol name") in children) == True - assert (Offset(4, description="symbol name = another name") in children) == True - assert (Offset(0x100, description="symbol name") in children) == True + assert (Offset(1) in children) is True + assert (Offset(2, description="symbol name") in children) is True + assert (Offset(3, description="symbol name") in children) is True + assert (Offset(4, description="symbol name = another name") in children) is True + assert (Offset(256, description="symbol name") in children) is True def test_count_offset_symbol(): @@ -574,11 +574,11 @@ def test_count_offset_symbol(): """ ) r = capa.rules.Rule.from_yaml(rule) - assert r.evaluate({Offset(2): set()}) == False - assert r.evaluate({Offset(2): {ADDR1}}) == True - assert r.evaluate({Offset(2): {ADDR1, ADDR2}}) == False - assert r.evaluate({Offset(0x100, description="symbol name"): {ADDR1}}) == False - assert r.evaluate({Offset(0x100, description="symbol name"): {ADDR1, ADDR2, ADDR3}}) == True + assert r.evaluate({Offset(2): set()}) is False + assert r.evaluate({Offset(2): {ADDR1}}) is True + assert r.evaluate({Offset(2): {ADDR1, ADDR2}}) is False + assert r.evaluate({Offset(256, description="symbol name"): {ADDR1}}) is False + assert r.evaluate({Offset(256, description="symbol name"): {ADDR1, ADDR2, ADDR3}}) is True def test_invalid_offset(): @@ -664,8 +664,8 @@ def test_explicit_string_values_int(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (String("123") in children) == True - assert (String("0x123") in children) == True + assert (String("123") in children) is True + assert (String("0x123") in children) is True def test_string_values_special_characters(): @@ -683,8 +683,8 @@ def test_string_values_special_characters(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (String("hello\r\nworld") in children) == True - assert (String("bye\nbye") in children) == True + assert (String("hello\r\nworld") in children) is True + assert (String("bye\nbye") in children) is True def test_substring_feature(): @@ -702,9 +702,9 @@ def test_substring_feature(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (Substring("abc") in children) == True - assert (Substring("def") in children) == True - assert (Substring("gh\ni") in children) == True + assert (Substring("abc") in children) is True + assert (Substring("def") in children) is True + assert (Substring("gh\ni") in children) is True def test_substring_description(): @@ -721,7 +721,7 @@ def test_substring_description(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (Substring("abc") in children) == True + assert (Substring("abc") in children) is True def test_filter_rules(): @@ -902,9 +902,9 @@ def test_function_name_features(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (FunctionName("strcpy") in children) == True - assert (FunctionName("strcmp", description="copy from here to there") in children) == True - assert (FunctionName("strdup", description="duplicate a string") in children) == True + assert (FunctionName("strcpy") in children) is True + assert (FunctionName("strcmp", description="copy from here to there") in children) is True + assert (FunctionName("strdup", description="duplicate a string") in children) is True def test_os_features(): @@ -921,8 +921,8 @@ def test_os_features(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (OS(OS_WINDOWS) in children) == True - assert (OS(OS_LINUX) not in children) == True + assert (OS(OS_WINDOWS) in children) is True + assert (OS(OS_LINUX) not in children) is True def test_format_features(): @@ -939,8 +939,8 @@ def test_format_features(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (Format(FORMAT_PE) in children) == True - assert (Format(FORMAT_ELF) not in children) == True + assert (Format(FORMAT_PE) in children) is True + assert (Format(FORMAT_ELF) not in children) is True def test_arch_features(): @@ -957,8 +957,8 @@ def test_arch_features(): ) r = capa.rules.Rule.from_yaml(rule) children = list(r.statement.get_children()) - assert (Arch(ARCH_AMD64) in children) == True - assert (Arch(ARCH_I386) not in children) == True + assert (Arch(ARCH_AMD64) in children) is True + assert (Arch(ARCH_I386) not in children) is True def test_property_access(): @@ -973,10 +973,10 @@ def test_property_access(): """ ) ) - assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.READ): {ADDR1}}) == True + assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.READ): {ADDR1}}) is True - assert r.evaluate({Property("System.IO.FileInfo::Length"): {ADDR1}}) == False - assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.WRITE): {ADDR1}}) == False + assert r.evaluate({Property("System.IO.FileInfo::Length"): {ADDR1}}) is False + assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.WRITE): {ADDR1}}) is False def test_property_access_symbol(): @@ -992,8 +992,5 @@ def test_property_access_symbol(): ) ) assert ( - r.evaluate( - {Property("System.IO.FileInfo::Length", access=FeatureAccess.READ, description="some property"): {ADDR1}} - ) - == True + r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.READ, description="some property"): {ADDR1}}) is True )