gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-06-12 19:11:32 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct operator precedence in FeatureRegexRegistryControlSetMatchIncomplete

Browse Source 
The `or "currentcontrolset" in pat` branch triggered the lint for any
regex containing "currentcontrolset", even unrelated paths like
HKLM\Software\CurrentControlSet that don't need the system\\ fix.

Fix by requiring "system\\\\" in both branches of the condition.
This commit is contained in:
Willi Ballenthin
2026-04-22 22:10:59 +03:00
committed by Willi Ballenthin
parent 861f3b8619
commit fc7f0533d7
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/lint.py
+1 -1
View File
@@ -752,7 +752,7 @@ class FeatureRegexRegistryControlSetMatchIncomplete(Lint):
pat = feature.value.lower()
if "system\\\\" in pat and "controlset" in pat or "currentcontrolset" in pat:
if "system\\\\" in pat and ("controlset" in pat or "currentcontrolset" in pat):
if "system\\\\(controlset\\d{3}|currentcontrolset)" not in pat:
return True