Merge pull request #1844 from mandiant/mr-tz-patch-1

fix whitespace removal in format check
mandiant · Nov 11, 2023 · dee0aa7 · dee0aa7
2 parents 0097822 + 41a3976
commit dee0aa7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/capa/features/extractors/common.py b/capa/features/extractors/common.py
@@ -65,7 +65,7 @@ def extract_format(buf) -> Iterator[Tuple[Feature, Address]]:
         yield Format(FORMAT_FREEZE), NO_ADDRESS
     elif buf.startswith(MATCH_RESULT):
         yield Format(FORMAT_RESULT), NO_ADDRESS
-    elif re.sub(rb"\w", b"", buf[:20]).startswith(MATCH_JSON_OBJECT):
+    elif re.sub(rb"\s", b"", buf[:20]).startswith(MATCH_JSON_OBJECT):
         # potential start of JSON object data without whitespace
         # we don't know what it is exactly, but may support it (e.g. a dynamic CAPE sandbox report)
         # skip verdict here and let subsequent code analyze this further