Python exception when trying to create a rule that involves counting strings

[D4nch3n]

Description

When attempting to count the number of occurrences of a string in the file context, capa crashes with an exception when trying to create a new Feature() object.

Steps to Reproduce

1. Create a capa rule with the following:

rule:
  meta:
    name: test
    namespace: test
    scope: file
  features:
    - count(string("This program cannot be run in DOS mode")): 1

2. Run this rule against any PE fle using the -r option

Expected behavior:

Either display whether the file matched the given count rule, or display a message saying that count isn't supported in the file scope.

Actual behavior:

Capa crashes with the following exception:

Versions

capa 1.1.0 for linux (running on ubuntu 18.04)

Additional Information

None

[Ana06]

This also fails with function scope:

rule:
  meta:
    name: test
    namespace: test
    scope: function
  features:
    - count(string("This program cannot be run in DOS mode")): 1

And it fails in current master as well.

So, it looks like a bug. Thanks for reporting it @D4nch3n! 👍

[williballenthin]

Looks like this is a bug in parsing the rule, rather than evaluating it.

[williballenthin]

I think this is because StringFactory has a required argument description but when it is invoked here the description is not provided - hence the TypeError.

I think we can fix this by making StringFactory description a kwarg with default value.

[williballenthin]

@D4nch3n note: strings don't have surrounding quotes, so "This program..." doesn't do what you think