def testIfStatement(self):
script = """
var s;
var i = 3;
if (i > 4) {
while (i > 0) {
s += "a";
i -= 1;
}
}
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
for bp in ast.breakpoints:
bp_type = bp['type']
bp_line = bp['line']
if bp_type in (ast.LOOP_BREAKPOINT, ):
assert bp_line in (9, )
if bp_type in (ast.ASSIGN_BREAKPOINT, ):
assert bp_line in (3, )
def testVariableDeclaration(self):
script = """
var uninitialized;
var foo = "bar";
var number = 1;
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
names = [p['name'] for p in ast.names]
assert 'uninitialized' in names
assert 'foo' in names
assert 'number' in names
for bp in ast.breakpoints:
bp_type = bp['type']
bp_line = bp['line']
if bp_type in (ast.ASSIGN_BREAKPOINT, ):
assert bp_line in (
3,
4,
)
def testAssign(self):
script = """;
var number = 0;
number += 1;
number -= 1;
number *= 2;
number /= 3;
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
for bp in ast.breakpoints:
bp_type = bp['type']
bp_line = bp['line']
if bp_type in (ast.ASSIGN_BREAKPOINT, ):
assert bp_line in (
2,
3,
4,
5,
6,
)
def testCallEval3(self):
script = """
eval("A" * 1024);
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
def testCallEval2(self):
script = """
var a = "A" * 1024;
eval(a);
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
def testCall(self):
script = """
function callme(a) {
return a;
}
callme('foobar');
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
def testFunctionReturnLiteral(self):
script = """
function test1() {
var test2 = 1;
return 'abcdabcdabcdabcdabcdabcdabcdabcdabcdabcd';
}
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
assert 'abcdabcdabcdabcdabcdabcdabcdabcdabcdabcd' in ast.shellcodes
def testFunctionDeclaration(self):
script = """
function foo(bar) {
var a;
a = "qwerty";
return a;
}
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
assert {'name': 'a', 'scope': 'foo'} in ast.names
assert {
'scope': 'foo',
'line': 4,
'type': ast.ASSIGN_BREAKPOINT
} in ast.breakpoints
def test_exception(self, caplog):
caplog.clear()
script = """
variable s; //Intended syntax error
"""
log.ThugOpts.ast_debug = True
AST(script)
assert "[AST] Script parsing error" in caplog.text
log.ThugOpts.ast_debug = False
def testForStatement(self):
script = """
var s;
var i = 0;
for (i = 0; i < 3; i++) {
s += "a";
}
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
for bp in ast.breakpoints:
bp_type = bp['type']
bp_line = bp['line']
if bp_type in (ast.LOOP_BREAKPOINT, ):
assert bp_line in (7, )
if bp_type in (ast.ASSIGN_BREAKPOINT, ):
assert bp_line in (3, )
def testForInStatement(self):
script = """
var person = {fname:"John", lname:"Doe", age:25};
var text;
var x;
for (x in person) {
text += person[x] + " ";
}
"""
ast = AST(script)
ast.walk()
self.debug_info(script, ast)
for bp in ast.breakpoints:
bp_type = bp['type']
bp_line = bp['line']
if bp_type in (ast.LOOP_BREAKPOINT, ):
assert bp_line in (8, )
if bp_type in (ast.ASSIGN_BREAKPOINT, ):
assert bp_line in (2, )
def evalScript(self, script, tag=None):
if log.ThugOpts.verbose or log.ThugOpts.debug:
log.info(script)
result = 0
try:
log.JSClassifier.classify(
log.ThugLogging.url if log.ThugOpts.local else self.url,
script)
if log.ThugOpts.code_logging:
log.ThugLogging.add_code_snippet(script, 'Javascript',
'Contained_Inside')
except Exception:
pass
if tag:
self.doc.current = tag
else:
try:
body = self.doc.body
except Exception:
# This code is for when you are desperate :)
body = self.doc.getElementsByTagName('body')[0]
if body and body.tag.contents:
self.doc.current = body.tag.contents[-1]
else:
self.doc.current = self.doc.doc.contents[-1]
with self.context as ctxt:
try:
ast = AST(script, self)
except Exception:
log.warning(traceback.format_exc())
return result
if log.ThugOpts.Personality.isIE():
cc = CCInterpreter()
script = cc.run(script)
shellcode = Shellcode.Shellcode(self, ctxt, ast, script)
result = shellcode.run()
log.ThugLogging.ContextAnalyzer.analyze(self)
return result
