From db450683576f3e8f2b2b5959fcbfb8932b2b33c7 Mon Sep 17 00:00:00 2001
From: William Ballenthin <william.ballenthin@fireeye.com>
Date: Tue, 24 Aug 2021 16:13:41 -0600
Subject: [PATCH] tests: fix tests for substring

---
 tests/fixtures.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/fixtures.py b/tests/fixtures.py
index c59df288..0ae1e557 100644
--- a/tests/fixtures.py
+++ b/tests/fixtures.py
@@ -464,10 +464,10 @@ FEATURE_PRESENCE_TESTS = sorted(
         ("mimikatz", "function=0x40105D", capa.features.common.String("ACR  > "), True),
         ("mimikatz", "function=0x40105D", capa.features.common.String("nope"), False),
         ("773290...", "function=0x140001140", capa.features.common.String(r"%s:\\OfficePackagesForWDAG"), True),
-        # insn/regex, issue #262
+        # insn/regex
         ("pma16-01", "function=0x4021B0", capa.features.common.Regex("HTTP/1.0"), True),
-        ("pma16-01", "function=0x4021B0", capa.features.common.Regex("www.practicalmalwareanalysis.com"), False),
-        ("pma16-01", "function=0x4021B0", capa.features.common.Substring("practicalmalwareanalysis.com"), False),
+        ("pma16-01", "function=0x40328b", capa.features.common.Regex("www.practicalmalwareanalysis.com"), True),
+        ("pma16-01", "function=0x40328b", capa.features.common.Substring("practicalmalwareanalysis.com"), True),
         # insn/string, pointer to string
         ("mimikatz", "function=0x44EDEF", capa.features.common.String("INPUTEVENT"), True),
         # insn/string, direct memory reference