def test_identify_with_many_opportunities(self):
'''CrossdiskRenameMutator should find one opportunity in a trace with
one stat-like call
'''
trace_data = '''2503 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e05000
2503 set_thread_area({entry_number:-1, base_addr:0xb7e05700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 (entry_number:6)
2503 mprotect(0xb7fb6000, 8192, PROT_READ) = 0
2503 rename("test/test.txt", "test/test2.txt") = 0
2503 mprotect(0x8049000, 4096, PROT_READ) = 0
2503 mprotect(0xb7ffe000, 4096, PROT_READ) = 0
2503 munmap(0xb7fbc000, 100584) = 0
2503 rename("test/test.txt", "test/test2.txt") = 0
'''
trace_file = tempfile.NamedTemporaryFile()
trace_file.write(trace_data)
trace_file.flush()
syscalls = Trace.Trace(
trace_file.name,
DEFAULT_CONFIG_PATH + 'syscall_definitions.pickle').syscalls
trace_file.close()
mut = CrossdiskRenameMutator()
lines = mut.identify_lines(syscalls)
self.assertEqual(len(lines), 2)
def test_sigreturn(self):
strace_path = get_test_data_path("signals.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
sigreturn_call = t.syscalls[2]
assert sigreturn_call.args[0].value == "{mask=[]}"
assert sigreturn_call.ret == (26827, None)
def test_identify_with_many_opportunities(self):
'''FsyncNoSpaceMutator should find one opportunity in a trace with
one stat-like call
'''
trace_data = r'''5414 munmap(0xb7fbc000, 100584) = 0
5414 fstat64(1, {st_dev=makedev(0, 21), st_ino=13, st_mode=S_IFCHR|0620, st_nlink=1, st_uid=1000, st_gid=5, st_blksize=1024, st_blocks=0, st_rdev=makedev(136, 10), st_atime=2019/06/06-10:29:52.005720855, st_mtime=2019/06/06-10:29:52.005720855, st_ctime=2019/06/05-19:12:41.005720855}) = 0
5414 brk(NULL) = 0x804b000
5414 brk(0x806c000) = 0x806c000
5414 write(1, "Fsync please!\n", 14) = 14
5414 fsync(0) = 0
5414 fsync(0) = 0
5414 fsync(0) = 0
'''
trace_file = tempfile.NamedTemporaryFile()
trace_file.write(trace_data)
trace_file.flush()
syscalls = Trace.Trace(
trace_file.name,
DEFAULT_CONFIG_PATH + 'syscall_definitions.pickle').syscalls
trace_file.close()
mut = FsyncNoSpaceMutator()
lines = mut.identify_lines(syscalls)
self.assertEqual(len(lines), 3)
def test_get_euid(self):
strace_path = get_test_data_path("execve.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
geteuid_call = t.syscalls[2]
assert geteuid_call.ret == (0, None)
def test_identify_with_many_opportunities(self):
'''UnusualFiletypeMutator should find one opportunity in a trace with
one stat-like call
'''
trace_data = '''28725 close(1) = 0
28725 lstat64(".data.txt.TziqM5", {st_dev=makedev(8, 1), st_ino=50795, st_mode=S_IFREG|0600, st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=8, st_size=13, st_atime=2018/05/06-16:29:03.502410913, st_mtime=2018/05/06-16:29:03.502410913, st_ctime=2018/05/06-16:29:03.502410913}) = 0
28725 lstat64(".data.txt.TziqM5", {st_dev=makedev(8, 1), st_ino=50795, st_mode=S_IFREG|0600, st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=8, st_size=13, st_atime=2018/05/06-16:29:03.502410913, st_mtime=2018/05/06-16:29:03.502410913, st_ctime=2018/05/06-16:29:03.502410913}) = 0
28725 lstat64(".data.txt.TziqM5", {st_dev=makedev(8, 1), st_ino=50795, st_mode=S_IFREG|0600, st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=8, st_size=13, st_atime=2018/05/06-16:29:03.502410913, st_mtime=2018/05/06-16:29:03.502410913, st_ctime=2018/05/06-16:29:03.502410913}) = 0
28725 utimensat(AT_FDCWD, ".data.txt.TziqM5", [UTIME_NOW, {1525649303, 124679220}], AT_SYMLINK_NOFOLLOW) = 0
28725 chmod(".data.txt.TziqM5", 0664) = 0
28725 rename(".data.txt.TziqM5", "data.txt") = 0
28725 _newselect(5, [0], [4], [0], {60, 0}) = 1 (out [4], left {59, 999997})
28725 write(4, "\4\0\0k\1\0\0\0", 8) = 8
28725 _newselect(1, [0], [], [0], {60, 0}) = 1 (in [0], left {59, 999998})
28725 read(0, "\1\0\0\7\0", 32768) = 5
28725 munmap(0xb7b36000, 266240) = 0
28725 munmap(0xb7bc8000, 135168) = 0'''
trace_file = tempfile.NamedTemporaryFile()
trace_file.write(trace_data)
trace_file.flush()
syscalls = Trace.Trace(
trace_file.name,
DEFAULT_CONFIG_PATH + 'syscall_definitions.pickle').syscalls
trace_file.close()
mut = UnusualFiletypeMutator()
lines = mut.identify_lines(syscalls)
self.assertEqual(len(lines), 3)
def test_brk(self):
strace_path = get_test_data_path("misc.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
brk_call = t.syscalls[0]
assert brk_call.args[0].value == "NULL"
assert brk_call.ret == ("0x56221d7d1000", None)
def test_tid_addr(self):
strace_path = get_test_data_path("misc.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
set_tid_addr_call = t.syscalls[1]
assert set_tid_addr_call.args[0].value == "7f75b62c36d0"
assert set_tid_addr_call.ret == (29898, None)
def test_access(self):
strace_path = get_test_data_path("execve.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
bad_access_call = t.syscalls[6]
assert bad_access_call.args[0].value == "/etc/ld.so.preload"
assert bad_access_call.args[1].value == ["R_OK"]
assert bad_access_call.ret == (-1, "ENOENT")
def test_robust_list(self):
strace_path = get_test_data_path("misc.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
set_robust_list_call = t.syscalls[2]
assert set_robust_list_call.args[0].value == "0x7f75b62c36e0"
assert set_robust_list_call.args[1].value == "24"
assert set_robust_list_call.ret == (0, None)
def test_statfs(self):
strace_path = get_test_data_path("fstat.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
statfs_call = t.syscalls[3]
assert statfs_call.args[0].value == "/sys/fs/selinux"
assert statfs_call.args[1].value == "0x7ffffab26f40"
assert statfs_call.ret == (-1, "ENOENT")
def test_munmap(self):
strace_path = get_test_data_path("memory.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
munmap_call = t.syscalls[2]
assert munmap_call.args[0].value == "0x7fcf9d4b0000"
assert munmap_call.args[1].value == "75070"
assert munmap_call.ret == (0, None)
def test_listen(self):
strace_path = get_test_data_path("socket.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
listen_call = t.syscalls[11]
assert listen_call.args[0].value == 7
assert listen_call.args[1].value == 5
assert listen_call.ret == (0, None)
def openat(self):
strace_path = get_test_data_path("openclose.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
openat_call = t.syscalls[4]
assert openat_call.args[0].value == "AT_FDCWD"
assert openat_call.args[1].value == "/etc/ld.so.cache"
assert openat_call.ret == (7, None)
def test_getdents64(self): # Note: empty function
strace_path = get_test_data_path("directory.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
getdents64_call = t.syscalls[7]
assert getdents64_call.args[0].value == 7
assert getdents64_call.args[1].value == "[]"
assert getdents64_call.args[2].value == 32768
assert getdents64_call.ret == (0, None)
def test_close(self):
strace_path = get_test_data_path("openclose.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
close_call = t.syscalls[3]
assert close_call.name == "close"
assert close_call.args[0].value == 3
assert close_call.ret == (0, None)
def test_lseek(self):
strace_path = get_test_data_path("execve.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
lseek_call = t.syscalls[3]
assert lseek_call.args[0].value == 3
assert lseek_call.args[1].value == "0"
assert lseek_call.args[2].value == ["SEEK_SET"]
assert lseek_call.ret == (0, None)
def test_mprotect(self):
strace_path = get_test_data_path("memory.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
mprotect_call = t.syscalls[0]
assert mprotect_call.args[0].value == "0x7f3366ab3000"
assert mprotect_call.args[1].value == "12288"
assert mprotect_call.args[2].value == ["PROT_READ"]
assert mprotect_call.ret == (0, None)
def test_pread64(self):
strace_path = get_test_data_path("misc.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
prlimit64_call = t.syscalls[6]
assert prlimit64_call.args[0].value == 3
assert prlimit64_call.args[2].value == "784"
assert prlimit64_call.args[3].value == "64"
assert prlimit64_call.ret == (784, None)
def test_lstat(self):
strace_path = get_test_data_path("fstat.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
lstat_call = t.syscalls[2]
assert lstat_call.args[0].value == "/proc/self/task"
assert lstat_call.args[1].value[0] == "st_dev=makedev(0, 0x16)"
assert lstat_call.args[1].value[5] == "st_gid=0"
assert lstat_call.ret == (0, None)
def test_clone(self):
strace_path = get_test_data_path("clone.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
clone_call = t.syscalls[0]
assert clone_call.args[0].value == ["child_stack=NULL"]
assert (clone_call.args[1].value ==
"flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD")
assert clone_call.args[2].value == ["child_tidptr=0x7fdb04c07810"]
assert clone_call.ret == (21677, None)
def test_getcwd(self):
strace_path = get_test_data_path("directory.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
getcwd_call = t.syscalls[6]
assert (
getcwd_call.args[0].value ==
'"/home/almazhan/Desktop/res_tandon/posix-omni-parser/testbins"')
assert getcwd_call.args[1].value == "4096"
assert getcwd_call.ret == (61, None)
def test_fstat(self):
strace_path = get_test_data_path("fstat.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
fstat_call = t.syscalls[0]
assert fstat_call.name == "fstat"
assert fstat_call.args[0].value == 3
assert fstat_call.args[1].value[0] == "st_dev=makedev(0, 4)"
assert fstat_call.args[1].value[5] == "st_gid=0"
def test_prlimit64(self): # Note-incorrect parsing
strace_path = get_test_data_path("memory.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
prlimit64_call = t.syscalls[3]
assert prlimit64_call.args[0].value == 0
assert prlimit64_call.args[1].value == ["RLIMIT_STACK"]
assert prlimit64_call.args[2].value == "NULL"
assert prlimit64_call.args[3].value == "{rlim_cur=8192*1024"
assert prlimit64_call.ret == (0, None)
def test_socket(self):
strace_path = get_test_data_path("socket.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
socket_call = t.syscalls[0]
assert socket_call.name == "socket"
assert socket_call.args[0].value == ["PF_INET"]
assert socket_call.args[1].value == ["SOCK_STREAM"]
assert socket_call.args[2].value == ["IPPROTO_IP"]
assert socket_call.ret == (3, None)
def test_recv(self):
strace_path = get_test_data_path("recv.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
recv_call = t.syscalls[0]
# 20645 recv(6, 0xb7199058, 4096, 0) = -1 EAGAIN
assert recv_call.args[0].value == 6
assert recv_call.args[1].value == "0xb7199058"
assert recv_call.args[2].value == "4096"
assert recv_call.args[3].value == ["0"]
assert recv_call.ret == (-1, "EAGAIN")
def test_ioctl(self): # Note-incorrect parsing
strace_path = get_test_data_path("misc.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
ioctl_call = t.syscalls[5]
assert ioctl_call.args[0].value == 1
assert ioctl_call.args[1].value == "TIOCGWINSZ"
assert ioctl_call.args[2].value == "{ws_row=16"
assert ioctl_call.args[3].value == "ws_col=109"
assert ioctl_call.args[4].value == "ws_xpixel=0"
assert ioctl_call.ret == (0, None)
def test_unlink(self):
strace_path = get_test_data_path("link.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
unlink_call = t.syscalls[2]
assert unlink_call.args[0].value == "al/sic/newest1.txt"
assert unlink_call.ret == (0, None)
bad_unlink_call = t.syscalls[3]
assert bad_unlink_call.args[0].value == "al/sic/newest2.txt"
assert bad_unlink_call.ret == (-1, "ENOENT")
def test_rmdir(self):
strace_path = get_test_data_path("directory.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
rmdir_call = t.syscalls[2]
assert rmdir_call.args[0].value == "al/ma/new-dir1"
assert rmdir_call.ret == (0, None)
bad_rmdir_call = t.syscalls[3]
assert bad_rmdir_call.args[0].value == "al/ma/new-dir1"
assert bad_rmdir_call.ret == (-1, "ENOENT")
def test_execve(self):
strace_path = get_test_data_path("execve.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
execve_call = t.syscalls[0]
assert execve_call.args[0].value == "/bin/ps"
assert execve_call.args[1].value == '["ps"]'
assert execve_call.args[2].value == "NULL"
assert execve_call.ret == (0, None)
def test_mmap(self):
strace_path = get_test_data_path("memory.strace")
syscall_definitions = get_test_data_path("syscall_definitions.pickle")
t = Trace.Trace(strace_path, syscall_definitions)
mmap_call = t.syscalls[1]
assert mmap_call.args[0].value == "NULL"
assert mmap_call.args[1].value == "2036952"
assert mmap_call.args[2].value == ["PROT_READ"]
assert mmap_call.args[4].value == 7
assert mmap_call.args[5].value == "0"
assert mmap_call.ret == ("0x7fc88349b000", None)
