From c7d24ee29064a476365a2d9d958475088052ef07 Mon Sep 17 00:00:00 2001 From: Michael Hunhoff Date: Wed, 10 Mar 2021 13:49:10 -0700 Subject: [PATCH] adding support for string features with special characters e.g. '\n' --- capa/features/__init__.py | 6 +++++- tests/test_rules.py | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/capa/features/__init__.py b/capa/features/__init__.py index 8bd517f2..fb6165d6 100644 --- a/capa/features/__init__.py +++ b/capa/features/__init__.py @@ -125,6 +125,10 @@ class String(Feature): def __init__(self, value, description=None): super(String, self).__init__(value, description=description) + def get_value_str(self): + """ """ + return repr(self.value).strip("'") + class Regex(String): def __init__(self, value, description=None): @@ -194,7 +198,7 @@ class StringFactory(object): def __new__(self, value, description=None): if value.startswith("/") and (value.endswith("/") or value.endswith("/i")): return Regex(value, description=description) - return String(value, description=description) + return String(str(codecs.decode(value, "unicode_escape")), description=description) class Bytes(Feature): diff --git a/tests/test_rules.py b/tests/test_rules.py index c08d7212..4b4608fc 100644 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -681,6 +681,24 @@ def test_explicit_string_values_int(): assert (String("0x123") in children) == True +def test_string_values_special_characters(): + rule = textwrap.dedent( + """ + rule: + meta: + name: test rule + features: + - or: + - string: hello\\r\\nworld + - string: some\\path + """ + ) + r = capa.rules.Rule.from_yaml(rule) + children = list(r.statement.get_children()) + assert (String("hello\r\nworld") in children) == True + assert (String("some\\path") in children) == True + + def test_regex_values_always_string(): rules = [ capa.rules.Rule.from_yaml(