-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unit tests on byte extraction might have a wrong expected result #1336
Comments
I am filing this because the binja extractor is failing on these tests, but I think its behavior is correct. |
Good catch. I did not update the tests as part of the change in #1298.
If you want, would be great if you can submit the respective fixes (at least for 1-3). |
Sure, I will submit a PR soon. However, it will be rejected by the CI until vivisect is fixed as well. I guess you can work on top of my upcoming PR. |
Thanks! I'm looking into it now. |
I force pushed moments ago (to fix my fat finger). You will wish to pull it
again to sync.
…On Wed, Mar 1, 2023 at 17:54 Moritz ***@***.***> wrote:
Thanks! I'm looking into it now.
—
Reply to this email directly, view it on GitHub
<#1336 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWRACE2O7Y3GEUJHGVYCD6LWZ4MDZANCNFSM6AAAAAAVLY5BTI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Reading the code at https://github.com/mandiant/capa/blob/master/tests/fixtures.py#L646-L649, I am wondering why the unit test would be expecting to extract those utf16-le strings as bytes sequence rather than strings? Because this comment says we should NOT extract obvious strings as bytes:
https://github.com/mandiant/capa/blob/master/capa/features/extractors/ida/insn.py#L175-L176
Yet, these are clearly "obvious" utf16-le strings:
I feel like:
False
.True
.extract_insn_bytes_features
is written, see this issue.isProbablyString
, but I have not checked its doc or implementation.The text was updated successfully, but these errors were encountered: