def test_all_tests_for_this_cs(self):
cs = ChallengeSet.create(name="foo")
job = AFLJob.create(cs=cs)
test1 = farnsworth.models.Test.create(cs=cs, job=job, blob="test1")
test2 = farnsworth.models.Test.create(cs=cs, job=job, blob="test2")
assert_equals(len(cs.tests), 2)
def test_found_crash_for_cs(self):
cs = ChallengeSet.create(name="foo")
job = AFLJob.create(cs=cs)
crash = farnsworth.models.Crash.create(cs=cs,
job=job,
blob="crash",
crash_pc=0x41414141)
assert_true(cs.found_crash)
def test_undrilled_tests_for_cs(self):
cs = ChallengeSet.create(name="foo")
job = AFLJob.create(cs=cs)
new_test = farnsworth.models.Test.create(cs=cs,
job=job,
blob="crash",
drilled=False)
assert_true(len(cs.undrilled_tests), 1)
def test_has_type1(self):
from farnsworth.models.pov_test_result import PovTestResult
pov_type = 'type1'
cs = ChallengeSet.create(name="foo")
job = AFLJob.create(cs=cs)
Exploit.create(cs=cs,
job=job,
pov_type=pov_type,
blob=BLOB,
c_code="code",
reliability=0)
assert_false(cs.has_type1)
Exploit.create(cs=cs,
job=job,
pov_type=pov_type,
blob=BLOB,
c_code="code",
reliability=1)
assert_true(cs.has_type1)
# if not first condition is not met
r2 = Round.create(num=2)
cs2 = ChallengeSet.create(name="bar")
job2 = AFLJob.create(cs=cs2)
cbn2 = ChallengeBinaryNode.create(name="bar", cs=cs2, blob="aaa")
team2 = Team.create(name=Team.OUR_NAME)
exploit2 = Exploit.create(cs=cs2,
job=job2,
pov_type=pov_type,
blob=BLOB,
c_code="code",
reliability=0)
csf2 = ChallengeSetFielding.create_or_update_available(team=team2,
cbn=cbn2,
round=r2)
pov_result2 = PovTestResult.create(exploit=exploit2,
cs_fielding=csf2,
num_success=0)
assert_false(cs2.has_type1)
pov_result2.num_success = 10
pov_result2.save()
assert_true(cs2.has_type1)
def test_pov_type(self):
cs = ChallengeSet.create(name="foo")
job = AFLJob.create(cs=cs)
exploit = Exploit.create(cs=cs, job=job, pov_type="type1", blob="exploit",
c_code="exploit it")
assert_equals(exploit.pov_type, "type1")
def invalid_pov_type():
Exploit.create(cs=cs, job=job, pov_type="bar")
assert_raises(Exception, invalid_pov_type)
def setup(self):
farnsworth.test_support.truncate_tables()
self.cbn = ChallengeBinaryNode.create(blob=open(
os.path.join(cbs_path, 'qualifier_event/ccf3d301/ccf3d301_01'),
'rb').read(),
name='ccf3d301_01',
cs_id='ccf3d301')
self.job = AFLJob.create(limit_cpu=4,
limit_memory=1,
limit_time=10,
cbn=self.cbn)
self.aw = worker.AFLWorker()
def test_get_or_create(self):
cs = ChallengeSet.create(name="foo")
job = AFLJob.create()
crash, created = Crash.get_or_create(cs=cs, job=job, blob="a blob")
assert_true(created)
crash, created = Crash.get_or_create(cs=cs, job=job, blob="a blob")
assert_false(created)
# because we're opening another transaction in create_or_get()
# rollback doesn't work. clean everything in a transaction
with Crash._meta.database.atomic():
crash.delete_instance()
job.delete_instance()
cs.delete_instance()
def test_save_and_create_automatically_calculates_sha256(self):
cs = ChallengeSet.create(name="foo")
job = AFLJob.create()
crash = Crash(cs=cs, job=job, blob="a blob")
assert_is_none(crash.sha256)
crash.save()
assert_equals(crash.sha256, "bbffdf5ecaf101e014fa03c8d0b1996554bac10f")
crash = Crash(cs=cs, job=job, blob="a blob", sha256="sum")
crash.save()
assert_equals(crash.sha256, "sum")
crash = Crash.create(cs=cs, job=job, blob="another blob")
assert_is_not_none(crash.sha256)
def test_input_test(self):
cs = ChallengeSet.create(name="foo")
generating_job = AFLJob.create(cs=cs)
test = farnsworth.models.Test.create(job=generating_job,
cs=cs,
blob=str("ciao"))
job = DrillerJob(cs=cs, payload={'test_id': test.id})
assert_equal(str(job.input_test.blob), "ciao")
# it caches result between different requests
assert_false(job.input_test.drilled)
job.input_test.drilled = True
job.input_test.save()
assert_true(job.input_test.drilled)
def test_submit_to(self):
r0 = Round.create(num=0)
r1 = Round.create(num=1)
cs = ChallengeSet.create(name="foo")
cs.rounds = [r1.id]
job = AFLJob.create(cs=cs)
exploit = Exploit.create(job=job, cs=cs, pov_type="type1", blob=BLOB, c_code="exploit it")
team = Team.create(name="opponent")
assert_equals(len(exploit.fieldings), 0)
ef = exploit.submit_to(team=team, throws=10)
assert_equals(len(exploit.fieldings), 1)
assert_equals(ef.submission_round, Round.current_round())
ef = exploit.submit_to(team=team, throws=5, round=r0)
assert_equals(len(exploit.fieldings), 2)
assert_equals(ef.submission_round, r0)
def test_cs_sha256_uniqueness(self):
cs = ChallengeSet.create(name="foo")
job = AFLJob.create()
crash = Crash.create(cs=cs, job=job, blob="a blob")
assert_raises(Crash.create, cs=cs, job=job, blob="a blob")
def try_drilling(name, get_crashes):
# set up the node
cs = ChallengeSet.get_or_create(name=name.split('_')[0])
cbn = ChallengeBinaryNode.get_create(name=name, cs=cs)
cbn.root = cbn
cbn.save()
Exploit.delete().where(Exploit.cbn == cbn).execute()
if not cbn.crashes or get_crashes:
# Delete the testcases
Test.delete().where(Test.cbn == cbn).execute()
Crash.delete().where(Crash.cbn == cbn).execute()
assert len(cbn.tests) == 0
afl_job = AFLJob.create(cbn=cbn,
limit_cpu=4,
limit_memory=1,
limit_time=80)
afl_thread = AFLThread(afl_job)
afl_thread.start()
for _ in range(10):
if len(cbn.tests) == 2: break
time.sleep(1)
assert len(cbn.tests) == 2
assert len(afl_thread._worker._seen) == 2
assert len(cbn.crashes) == 0
# schedule driller
for i in cbn.tests:
dj = DrillerJob.create(payload=i,
cbn=cbn,
limit_cpu=1,
limit_memory=10)
dw = worker.DrillerWorker()
dw.run(dj)
assert len(dj.tests) > 0 #pylint:disable=no-member
for _ in range(80):
if len(cbn.crashes) > 0: break
time.sleep(1)
assert len(afl_thread._worker._seen) > 2
assert len(cbn.tests) > 2
assert len(cbn.crashes) > 0
afl_thread.join()
sorted_crashes = sorted(cbn.crashes, key=lambda x: -len(str(x.blob)))
print "Chose crash of length %d" % len(sorted_crashes[0].blob)
rj = RexJob.create(payload=sorted_crashes[0],
cbn=cbn,
limit_cpu=1,
limit_memory=10)
rw = worker.RexWorker()
rw.run(rj)
assert len(cbn.exploits) == 2