From 8f826cb92d39960987e3b590fad2a9fcf33f27a8 Mon Sep 17 00:00:00 2001
From: Xusheng <xusheng@vector35.com>
Date: Mon, 24 Jul 2023 19:13:10 +0800
Subject: [PATCH 1/2] Fix binja backend stack string detection. Re-enable binja
 stack string unit test

---
 CHANGELOG.md                                 | 2 ++
 capa/features/extractors/binja/basicblock.py | 5 +++--
 tests/test_binja_features.py                 | 3 ---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 649965337..59a1a14c7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,8 @@
 
 ### Bug Fixes
 
+- Fix binja backend stack string detection. [#1473](https://github.com/mandiant/capa/issues/1473) [@xusheng6](https://github.com/xusheng6)
+
 ### capa explorer IDA Pro plugin
 
 ### Development
diff --git a/capa/features/extractors/binja/basicblock.py b/capa/features/extractors/binja/basicblock.py
index 30af516da..568ecc7ad 100644
--- a/capa/features/extractors/binja/basicblock.py
+++ b/capa/features/extractors/binja/basicblock.py
@@ -75,10 +75,11 @@ def get_stack_string_len(f: Function, il: MediumLevelILInstruction) -> int:
         return 0
 
     dest = il.params[0]
-    if dest.operation != MediumLevelILOperation.MLIL_ADDRESS_OF:
+    if dest.operation in [MediumLevelILOperation.MLIL_ADDRESS_OF, MediumLevelILOperation.MLIL_VAR]:
+        var = dest.src
+    else:
         return 0
 
-    var = dest.src
     if var.source_type != VariableSourceType.StackVariableSourceType:
         return 0
 
diff --git a/tests/test_binja_features.py b/tests/test_binja_features.py
index 4daaa7901..a2f0cd78f 100644
--- a/tests/test_binja_features.py
+++ b/tests/test_binja_features.py
@@ -40,9 +40,6 @@
     indirect=["sample", "scope"],
 )
 def test_binja_features(sample, scope, feature, expected):
-    if feature == capa.features.common.Characteristic("stack string"):
-        pytest.xfail("skip failing Binja stack string detection temporarily, see #1473")
-
     if isinstance(feature, capa.features.file.Export) and "." in str(feature.value):
         pytest.xfail("skip Binja unsupported forwarded export feature, see #1646")
 

From 557e83b1dc4dd23ddf31c8cf79ef77ad59ef4270 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 14:15:37 +0000
Subject: [PATCH 2/2] build(deps-dev): bump ruff from 0.0.278 to 0.0.280

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.278 to 0.0.280.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.278...v0.0.280)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index a28e244cc..fd68ab55c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -77,7 +77,7 @@ dev = [
     "flake8-simplify==0.20.0",
     "flake8-use-pathlib==0.3.0",
     "flake8-copyright==0.2.4",
-    "ruff==0.0.278",
+    "ruff==0.0.280",
     "black==23.7.0",
     "isort==5.11.4",
     "mypy==1.4.1",