From 41a397661f760c6fe16206db023ff8953bdd2932 Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Fri, 10 Nov 2023 11:40:55 +0100
Subject: [PATCH] fix whitespace removal in format check

---
 capa/features/extractors/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/capa/features/extractors/common.py b/capa/features/extractors/common.py
index e318a141b..b7bb3c399 100644
--- a/capa/features/extractors/common.py
+++ b/capa/features/extractors/common.py
@@ -65,7 +65,7 @@ def extract_format(buf) -> Iterator[Tuple[Feature, Address]]:
         yield Format(FORMAT_FREEZE), NO_ADDRESS
     elif buf.startswith(MATCH_RESULT):
         yield Format(FORMAT_RESULT), NO_ADDRESS
-    elif re.sub(rb"\w", b"", buf[:20]).startswith(MATCH_JSON_OBJECT):
+    elif re.sub(rb"\s", b"", buf[:20]).startswith(MATCH_JSON_OBJECT):
         # potential start of JSON object data without whitespace
         # we don't know what it is exactly, but may support it (e.g. a dynamic CAPE sandbox report)
         # skip verdict here and let subsequent code analyze this further