def test_14():
tpru = TreePruner(TreePrunerTests.t5, TreePrunerTests.l5, TreePrunerTests.s5)
new_tree = tpru.filter_tree([{
"type": "limit_symbol",
"symbol_id": "s1",
"min": "11",
"max": "15"
}])
res = Tree()
build_tree({
"id": 1,
"block": "B1",
"children": [
{
"id": 3,
"block": "B2",
"children": [
{
"id": 4,
"block": "B4",
"children": []
}
]
}
]
}, res, 0)
assert new_tree == res
def test_15():
tpru = TreePruner(TreePrunerTests.t6, TreePrunerTests.l6, dict())
new_tree = tpru.filter_tree([{
"type": "filter_block",
"block_id": "B1",
"mode": "black",
"count": "2"
}])
res = Tree()
build_tree({
"id": 1,
"block": "B1",
"children": [
{
"id": 2,
"block": "B2",
"children": []
},
{
"id": 3,
"block": "B1",
"children": [
{
"id": 4,
"block": "B2",
"children": []
}
]
}
]
}, res, 0)
assert new_tree == res
def __init__(self,
project,
address_to_block,
pickle_state=None,
starting_state=None,
concretize_addresses=False):
self.project = project # angr project
self.entry_state = None # entry state
self.address_to_block = address_to_block # file json which maps addresses to blocks
self.smgr = None # simulation manager
self.stb = None # simbolic tree builder
self.symbols = dict() # symbol -> Symbol namedtuple
self.concretized_symb = set(
) # set of symbols that have been concretized
self.tree_analyzer = None # tree analyzer (paths, forks, ...)
self.tree_pruner = None # tree pruner
if starting_state is None:
if pickle_state is None:
self.entry_state = self.project.factory.entry_state()
self.entry_state.options.add(
angr.options.ZERO_FILL_UNCONSTRAINED_MEMORY)
self.entry_state.options.add(
angr.options.ZERO_FILL_UNCONSTRAINED_REGISTERS)
else:
self.entry_state = pickle.load(pickle_state)
else:
self.entry_state = starting_state
# very very inefficient in terms of memory consumption
# self.entry_state.options.add(angr.options.EFFICIENT_STATE_MERGING)
if not hasattr(self.entry_state, 'angr_wrapper'):
self.entry_state.register_plugin('angr_wrapper',
AngrWrapperPlugin())
self.entry_state.inspect.b('symbolic_variable',
when=angr.BP_AFTER,
action=self.symbol_creation)
# not the correct way of doing this. There is another way?
self.entry_state.inspect.b('address_concretization',
when=angr.BP_AFTER,
action=self.symbol_concretization)
if concretize_addresses:
self.entry_state.memory.read_strategies[
0] = SimConcretizationStrategyConcretizeUnlessJmp()
self.smgr = self.project.factory.simulation_manager(self.entry_state)
self.smgr.stashes['avoid'] = list()
self.stb = SymbtreeBuilder(self.address_to_block)
self.stb.update(self.entry_state)
self.tree_analyzer = TreeAnalyzer(self.stb.tree, self.address_to_block,
self)
self.tree_pruner = TreePruner(self.stb.tree, self.address_to_block,
self.symbols)
def test_04():
tpru = TreePruner(TreePrunerTests.t2, TreePrunerTests.l2, dict())
new_tree = tpru.filter_tree([{
"type": "filter_edge",
"src_id": "B5",
"dst_id": "B3",
"mode": "black"
}])
res = Tree()
build_tree({
"id": 9,
"block": "B7",
"children": [
{
"id": 1,
"block": "B5",
"children": [
{
"id": 3,
"block": "B4",
"children": [
{
"id": 7,
"block": "B3",
"children": [
{
"id": 8,
"block": "B1",
"children": []
}
]
},
{
"id": 11,
"block": "B8",
"children": []
}
]
}
]
},
{
"id": 10,
"block": "B9",
"children": []
}
]
}, res, 0)
assert new_tree == res
def test_18():
tpru = TreePruner(TreePrunerTests.t3, TreePrunerTests.l3, dict())
new_tree = tpru.filter_tree([{
"type": "limit_fork",
"block_id": "B1",
"num_fork": "1",
"fork_choice": "B1"
}])
res = Tree()
build_tree({
"id": 1,
"block": "B1",
"children": [
{
"id": 2,
"block": "B2",
"children": []
},
{
"id": 3,
"block": "B1",
"children": [
{
"id": 5,
"block": "B1",
"children": [
{
"id": 7,
"block": "B1",
"children": [
{
"id": 9,
"block": "B1",
"children": []
}
]
}
]
}
]
}
]
}, res, 0)
assert new_tree == res
def test_07():
tpru = TreePruner(TreePrunerTests.t2, TreePrunerTests.l2, dict())
new_tree = tpru.filter_tree([{
"type": "filter_block",
"block_id": "B4",
"mode": "white"
},
{
"type": "filter_block",
"block_id": "B8",
"mode": "white"
}])
res = Tree()
build_tree({
"id": 9,
"block": "B7",
"children": [
{
"id": 1,
"block": "B5",
"children": [
{
"id": 3,
"block": "B4",
"children": [
{
"id": 11,
"block": "B8",
"children": []
}
]
}
]
}
]
}, res, 0)
assert new_tree == res
def test_02():
tpru = TreePruner(TreePrunerTests.t2, TreePrunerTests.l2, dict())
new_tree = tpru.filter_tree([{
"type": "filter_block",
"block_id": "B5",
"mode": "black"
},
{
"type": "filter_block",
"block_id": "B9",
"mode": "black"
}])
res = Tree() # not it drops all the nodes
# build_tree({
# "id": 9,
# "block": "B7",
# "children": []
# }, res, 0)
assert new_tree == res
def test_01():
tpru = TreePruner(TreePrunerTests.t1, TreePrunerTests.l1, dict())
new_tree = tpru.filter_tree([{
"type": "filter_block",
"block_id": "B4",
"mode": "black"
}])
res = Tree()
build_tree({
"id": 1,
"block": "B1",
"children": [
{
"id": 2,
"block": "B2",
"children": []
}
]
}, res, 0)
assert new_tree == res
def test_13():
tpru = TreePruner(TreePrunerTests.t4, TreePrunerTests.l4, TreePrunerTests.s4)
new_tree = tpru.filter_tree([{
"type": "limit_symbol",
"symbol_id": "s1",
"min": str(-2**31),
"max": "0"
}])
res = Tree()
build_tree({
"id": 1,
"block": "B1",
"children": [
{
"id": 3,
"block": "B4",
"children": []
}
]
}, res, 0)
assert new_tree == res
def test_09():
tpru = TreePruner(TreePrunerTests.t2, TreePrunerTests.l2, dict())
new_tree = tpru.filter_tree([{
"type": "filter_edge",
"src_id": "B3",
"dst_id": "B2",
"mode": "white"
}])
res = Tree()
build_tree({
"id": 9,
"block": "B7",
"children": [
{
"id": 1,
"block": "B5",
"children": [
{
"id": 2,
"block": "B3",
"children": [
{
"id": 4,
"block": "B2",
"children": []
}
]
}
]
}
]
}, res, 0)
assert new_tree == res