tests: migrate BinExport2 count tests to data-driven fixtures

Extend parse_feature to handle operand[N].number and operand[N].offset
via functools.partial so count(operand[1].offset(0x0)) can be expressed
in fixture JSON. Move the two BE2_INTEL count tests into binexport.json,
remove the old FEATURE_COUNT_TESTS_BE2_INTEL list and do_test_feature_count
helper.

Also fix rebase issues: wrong import in get_viv_extractor (capa.main →
capa.loader), missing import in get_ghidra_extractor, missing CD constant
in test_scripts.py, and import ordering.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: williballenthin

capa/rules/__init__.py

@@ -21,6 +21,7 @@
 import struct
 import logging
 import binascii
+import functools
 import collections
 from enum import Enum
 from typing import Any, Union, Callable, Iterator, Optional, cast
@@ -444,6 +445,12 @@ def parse_feature(key: str):
         return capa.features.common.Namespace
     elif key == "property":
         return capa.features.insn.Property
+    elif key.startswith("operand[") and key.endswith("].number"):
+        index = int(key[len("operand[") : -len("].number")])
+        return functools.partial(capa.features.insn.OperandNumber, index)
+    elif key.startswith("operand[") and key.endswith("].offset"):
+        index = int(key[len("operand[") : -len("].offset")])
+        return functools.partial(capa.features.insn.OperandOffset, index)
     else:
         raise InvalidRule(f"unexpected statement: {key}")
 

tests/fixtures.py

@@ -25,7 +25,6 @@
 
 import capa.rules
 import capa.engine as ceng
-import capa.loader
 import capa.render.result_document
 from capa.features.common import OS_AUTO, FORMAT_AUTO, Feature
 from capa.features.address import Address
@@ -647,29 +646,6 @@ def parametrize(params, values, **kwargs):
     return pytest.mark.parametrize(params, values, ids=ids, **kwargs)
 
 
-FEATURE_COUNT_TESTS_BE2_INTEL = [
-    (
-        "mimikatz",
-        "function=0x40105d,bb=0x401125,insn=0x401125",
-        capa.features.insn.Offset(0),
-        1,
-    ),
-    (
-        "mimikatz",
-        "function=0x40105d,bb=0x401125,insn=0x401125",
-        capa.features.insn.OperandOffset(1, 0),
-        1,
-    ),
-]
-
-
-def do_test_feature_count(get_extractor, sample, scope, feature, expected):
-    extractor = get_extractor(sample)
-    features = scope(extractor)
-    assert features.get(feature, set()) != set(), f"{feature} should be found in {scope.__name__}"
-    assert len(features[feature]) == expected, f"{feature} should be found {expected} times in {scope.__name__}"
-
-
 def get_result_doc(path: Path):
     return capa.render.result_document.ResultDocument.from_file(path)
 
@@ -727,7 +703,7 @@ def dynamic_a0000a6_rd():
 # as well as some fixtures below
 @functools.lru_cache(maxsize=1)
 def get_viv_extractor(path: Path):
-    import capa.main
+    import capa.loader
     import capa.features.extractors.viv.extractor
 
     sigpaths = [
@@ -856,6 +832,7 @@ def get_ghidra_extractor(path: Path):
     if not pyghidra.started():
         pyghidra.start()
 
+    import capa.loader
     import capa.features.extractors.ghidra.context
 
     if path in GHIDRA_CACHE:

tests/fixtures/features/binexport.json

@@ -1055,6 +1055,18 @@
       "location": "function=0x401000",
       "feature": "count(basic blocks): 3",
       "explanation": "Ghidra: 3 basic blocks in function"
+    },
+    {
+      "file": "mimikatz.ghidra.be2",
+      "location": "function=0x40105d,bb=0x401125,insn=0x401125",
+      "feature": "count(offset(0x0)): 1",
+      "explanation": "MOV [EDI], CX matches OFFSET_ZERO_PATTERNS, must yield Offset(0) exactly once"
+    },
+    {
+      "file": "mimikatz.ghidra.be2",
+      "location": "function=0x40105d,bb=0x401125,insn=0x401125",
+      "feature": "count(operand[1].offset(0x0)): 1",
+      "explanation": "MOV [EDI], CX matches OFFSET_ZERO_PATTERNS, must yield OperandOffset(1, 0) exactly once"
     }
   ]
 }

tests/test_binexport_features.py

@@ -23,16 +23,3 @@
 def test_binexport_features(feature_fixture):
     extractor = fixtures.get_binexport_extractor(feature_fixture.sample_path)
     fixtures.run_feature_fixture(extractor, feature_fixture)
-
-
-@fixtures.parametrize(
-    "sample,scope,feature,expected",
-    fixtures.FEATURE_COUNT_TESTS_BE2_INTEL,
-    indirect=["sample", "scope"],
-)
-def test_binexport_feature_counts_intel(sample, scope, feature, expected):
-    sample = sample.parent / "binexport2" / (sample.name + ".ghidra.BinExport")
-    assert sample.exists()
-    fixtures.do_test_feature_count(
-        fixtures.get_binexport_extractor, sample, scope, feature, expected
-    )

tests/test_scripts.py

@@ -21,12 +21,14 @@
 from pathlib import Path
 
 import pytest
+import fixtures
 
 import capa.rules
-import fixtures
 
 logger = logging.getLogger(__name__)
 
+CD = Path(__file__).resolve().parent
+
 
 def get_script_path(s: str):
     return str(fixtures.CD / ".." / "scripts" / s)