Ejemplo n.º 1
0
    def test_taint_union_register_memory(self):
        """Check tainting union register U memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # !T U T
        untaintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # T U T
        taintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
Ejemplo n.º 2
0
    def test_taint_union_register_memory(self):
        """Check tainting union register U memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # !T U T
        untaintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # T U T
        taintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
Ejemplo n.º 3
0
    def test_taint_assignement_register_immediate(self):
        """Check tainting assignment register <- immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Ejemplo n.º 4
0
    def test_taint_assignement_register_immediate(self):
        """Check tainting assignment register <- immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Ejemplo n.º 5
0
    def test_known_issues(self):
        """Check tainting result after processing."""
        setArchitecture(ARCH.X86)

        taintRegister(REG.EAX)
        inst = Instruction()
        # lea eax,[esi+eax*1]
        inst.setOpcodes("\x8D\x04\x06")
        processing(inst)

        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.EBX))
Ejemplo n.º 6
0
    def test_known_issues(self):
        """Check tainting result after processing."""
        setArchitecture(ARCH.X86)

        taintRegister(REG.EAX)
        inst = Instruction()
        # lea eax,[esi+eax*1]
        inst.setOpcodes("\x8D\x04\x06")
        processing(inst)

        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.EBX))
Ejemplo n.º 7
0
    def test_taint_union_register_immediate(self):
        """Check tainting union register U immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterImmediate(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintUnionRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Ejemplo n.º 8
0
    def test_taint_union_register_immediate(self):
        """Check tainting union register U immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterImmediate(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintUnionRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Ejemplo n.º 9
0
    def test_taint_get_tainted_registers(self):
        """Get tainted registers"""
        setArchitecture(ARCH.X86_64)

        r = getTaintedRegisters()
        self.assertTrue(len(r) == 0)

        taintRegister(REG.EAX)
        taintRegister(REG.AX)
        taintRegister(REG.RBX)
        taintRegister(REG.CL)
        taintRegister(REG.DI)

        r = getTaintedRegisters()
        self.assertTrue(REG.RAX in r)
        self.assertTrue(REG.RBX in r)
        self.assertTrue(REG.RCX in r)
        self.assertTrue(REG.RDI in r)
Ejemplo n.º 10
0
    def test_taint_get_tainted_registers(self):
        """Get tainted registers"""
        setArchitecture(ARCH.X86_64)

        r = getTaintedRegisters()
        self.assertTrue(len(r) == 0)

        taintRegister(REG.EAX)
        taintRegister(REG.AX)
        taintRegister(REG.RBX)
        taintRegister(REG.CL)
        taintRegister(REG.DI)

        r = getTaintedRegisters()
        self.assertTrue(REG.RAX in r)
        self.assertTrue(REG.RBX in r)
        self.assertTrue(REG.RCX in r)
        self.assertTrue(REG.RDI in r)
Ejemplo n.º 11
0
    def test_taint_register(self):
        """Check over tainting register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.AH)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertTrue(isRegisterTainted(REG.AX))

        untaintRegister(REG.AH)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.AX))
Ejemplo n.º 12
0
    def test_taint_assignement_register_memory(self):
        """Check tainting assignment register <- memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintMemory(MemoryAccess(0x2000, 8))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 8)))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x3000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))
Ejemplo n.º 13
0
    def test_taint_assignement_register_memory(self):
        """Check tainting assignment register <- memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintMemory(MemoryAccess(0x2000, 8))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 8)))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x3000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))
Ejemplo n.º 14
0
    def test_taint_register(self):
        """Check over tainting register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.AH)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertTrue(isRegisterTainted(REG.AX))

        untaintRegister(REG.AH)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.AX))
Ejemplo n.º 15
0
    def test_taint_union_register_register(self):
        """Check tainting union register U register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))

        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        untaintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))
Ejemplo n.º 16
0
    def test_taint_union_register_register(self):
        """Check tainting union register U register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))

        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        untaintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))
Ejemplo n.º 17
0
    def test_taint_assignement_register_register(self):
        """Check tainting assignment register <- register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        self.assertFalse(isRegisterTainted(REG.RBX))
        taintRegister(REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RBX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
Ejemplo n.º 18
0
    def test_taint_assignement_register_register(self):
        """Check tainting assignment register <- register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        self.assertFalse(isRegisterTainted(REG.RBX))
        taintRegister(REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RBX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
Ejemplo n.º 19
0
    def test_taint_union_memory_register(self):
        """Check tainting union memory U register."""
        setArchitecture(ARCH.X86_64)

        taintMemory(MemoryAccess(0x2000, 4))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        untaintMemory(MemoryAccess(0x2000, 4))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.RAX)
        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertTrue(isRegisterTainted(REG.RAX))
Ejemplo n.º 20
0
    def test_taint_union_memory_register(self):
        """Check tainting union memory U register."""
        setArchitecture(ARCH.X86_64)

        taintMemory(MemoryAccess(0x2000, 4))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        untaintMemory(MemoryAccess(0x2000, 4))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.RAX)
        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertTrue(isRegisterTainted(REG.RAX))