From b49fb7fcf94b9ae2259b657bd47c0ee250ee4373 Mon Sep 17 00:00:00 2001
From: Pratham Chauhan <Prathamchauhan2002@gmail.com>
Date: Wed, 29 Mar 2023 16:06:20 +0530
Subject: [PATCH] Revert "introducing match strings constant for formats"

This reverts commit 530e28cbc32b13d0a5a9c6d0955a86dd05439977.
---
 capa/features/extractors/common.py | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/capa/features/extractors/common.py b/capa/features/extractors/common.py
index 806f895c7..e9d77cee3 100644
--- a/capa/features/extractors/common.py
+++ b/capa/features/extractors/common.py
@@ -16,10 +16,6 @@
 
 logger = logging.getLogger(__name__)
 
-#match strings for formats
-MATCH_PE = b"MZ"
-MATCH_ELF = b"\x7fELF"
-MATCH_RESULT = b"{\"meta\":"
 
 def extract_file_strings(buf, **kwargs) -> Iterator[Tuple[String, Address]]:
     """
@@ -33,13 +29,13 @@ def extract_file_strings(buf, **kwargs) -> Iterator[Tuple[String, Address]]:
 
 
 def extract_format(buf) -> Iterator[Tuple[Feature, Address]]:
-    if buf.startswith(MATCH_PE):
+    if buf.startswith(b"MZ"):
         yield Format(FORMAT_PE), NO_ADDRESS
-    elif buf.startswith(MATCH_ELF):
+    elif buf.startswith(b"\x7fELF"):
         yield Format(FORMAT_ELF), NO_ADDRESS
     elif is_freeze(buf):
         yield Format(FORMAT_FREEZE), NO_ADDRESS
-    elif buf.startswith(MATCH_RESULT):
+    elif buf.startswith(b"{\"meta\":"):
         yield Format(FORMAT_RESULT), NO_ADDRESS
     else:
         # we likely end up here:
@@ -51,14 +47,14 @@ def extract_format(buf) -> Iterator[Tuple[Feature, Address]]:
 
 
 def extract_arch(buf) -> Iterator[Tuple[Feature, Address]]:
-    if buf.startswith(MATCH_PE):
+    if buf.startswith(b"MZ"):
         yield from capa.features.extractors.pefile.extract_file_arch(pe=pefile.PE(data=buf))
 
-    elif buf.startswith(MATCH_ELF):
+    elif buf.startswith(b"\x7fELF"):
         with contextlib.closing(io.BytesIO(buf)) as f:
             arch = capa.features.extractors.elf.detect_elf_arch(f)
     
-    elif buf.startswith(MATCH_RESULT):
+    elif buf.startswith(b"{\"meta\":"):
         arch = ARCH_ANY
 
         if arch not in capa.features.common.VALID_ARCH:
@@ -83,11 +79,11 @@ def extract_arch(buf) -> Iterator[Tuple[Feature, Address]]:
 
 
 def extract_os(buf) -> Iterator[Tuple[Feature, Address]]:
-    if buf.startswith(MATCH_PE):
+    if buf.startswith(b"MZ"):
         yield OS(OS_WINDOWS), NO_ADDRESS
-    elif buf.startswith(MATCH_RESULT):
+    elif buf.startswith(b"{\"meta\":"):
         yield OS(OS_ANY), NO_ADDRESS
-    elif buf.startswith(MATCH_ELF):
+    elif buf.startswith(b"\x7fELF"):
         with contextlib.closing(io.BytesIO(buf)) as f:
             os = capa.features.extractors.elf.detect_elf_os(f)