def type_saftey_checker_tests():
print("\nRunning type safety checker tests")
print("\ttest/random_method1_cropped.smali")
fh = open("test/random_method1_cropped.smali", "r")
method_text = fh.readlines()
n = len(method_text)
smd = SmaliMethodDef.SmaliMethodDef(method_text, None)
cfg = ControlFlowGraph.ControlFlowGraph(smd.raw_text)
tsc = TypeSafetyChecker.TypeSafetyChecker(smd.signature, cfg)
#print("Actual:", str(tsc.most_recent_type_map))
assert (str(tsc.most_recent_type_map) ==
"{p0: Lunknownclass;, p1: Landroid/view/View;}")
counter = 0
while (cfg.nodes_left_to_visit()):
node = cfg[counter]
if (not node["visited"]):
node["visited"] = True
smali_code_unit_collection = SmaliMethodDef.SmaliCodeIterator(
node["text"])
is_first_line = True
for unit in smali_code_unit_collection:
tsc.type_update(unit, is_first_line, counter)
#print("map after update:", tsc.node_type_list[-1])
is_first_line = False
node["type_list"] = tsc.node_type_list
counter += 1
#print(tsc.node_type_list)
#print("list of hashmaps length: " + str(len(tsc.node_type_list)))
#print("most recent: " + str(tsc.most_recent_type_map))
#cfg.show()
assert (len(tsc.node_type_list) == n) # one for each line
assert (tsc.node_type_list[-1] == tsc.most_recent_type_map)
print(tsc.most_recent_type_map)
assert (
str(tsc.most_recent_type_map) ==
"{p0: Lunknownclass;, p1: Landroid/view/View;, v0: 32-bit, v5: ?, v6: 64-bit, v7: 64-bit-2}"
)
#print("method code length: " + str(len(smd.tsc.text)))
assert (len(smd.raw_text) == n)
assert (len(tsc.node_type_list) == n)
#print(cfg.node_counter)
assert (cfg.node_counter == 4)
print("passed!")
def type_safety_checker_control_flow_test_edge_case_2():
print("\nRunning control flow test 2")
fh = open("./test/zza_method.smali", "r")
method_list = fh.readlines()
fh.close()
smd = SmaliMethodDef.SmaliMethodDef(method_list, None)
print("Looks like it didnt crash!, congragulations!!!")
def types_from_parameters_test():
print("\nTesting types_from_parameters...")
print("\ttest/random_method1.smali")
fh = open("./test/random_method1.smali", "r")
method_text = fh.readlines()
smd = SmaliMethodDef.SmaliMethodDef(method_text, None)
cfg = ControlFlowGraph.ControlFlowGraph(smd.raw_text)
tsc = TypeSafetyChecker.TypeSafetyChecker(smd.signature, cfg)
#print(tsc.most_recent_type_map)
# test that type map is valid (from parameters)
assert (str(tsc.most_recent_type_map) ==
"{p0: Lunknownclass;, p1: Landroid/view/View;}")
# test that parameter_type_map is signature and tsc.most_recent_type_map are separate instances
smd.signature.parameter_type_map["p1"] = "something else!"
#print(tsc.most_recent_type_map)
assert (str(tsc.most_recent_type_map) ==
"{p0: Lunknownclass;, p1: Landroid/view/View;}")
code_unit = [" cmp-long v10, v4, v27\n"]
new_map = tsc._type_update_instruction(code_unit, False, 0)
#print(new_map)
assert (new_map["v10"] == "32-bit")
assert (new_map["v4"] == "64-bit")
assert (new_map["v5"] == "64-bit-2")
code_unit = [" move-object v0, p0\n"]
new_map = tsc._type_update_instruction(code_unit, False, 0)
#print(new_map)
assert (new_map["v0"] == "Lunknownclass;")
print("passed!")
def type_safety_checker_small_constructor_test():
print("\nRunning small constructor test")
fh = open("./test/small_constructor_method.smali", "r")
method_list = fh.readlines()
smd = SmaliMethodDef.SmaliMethodDef(method_list, None)
#print(smd.get_num_registers())
assert (smd.get_num_registers() == 1)
print("passed!")
def type_safety_checker_action_bar_try_catch_leaks():
print("\nRunning action bar test")
fh = open("./test/setActionBarUp_method.smali", "r")
method_list = fh.readlines()
fh.close()
smd = SmaliMethodDef.SmaliMethodDef(method_list, None)
# not crashing is enough for this test apparently
print("passed!")
def type_safety_checker_empty_method_test():
print("\nRunning empty method test")
fh = open("./test/empty_method.smali", "r")
method_text = fh.readlines()
fh.close()
smd = SmaliMethodDef.SmaliMethodDef(method_text, None)
#print("regs: " + str(smd.get_num_registers()))
assert (smd.get_num_registers() == 1) # "this"
assert (smd.signature.is_abstract)
print("passed!")
def comparison_count_test1():
print("\nRunning comparison count test")
print("\ttest/random_method1.smali")
fh = open("./test/random_method1.smali", "r")
method_text = fh.readlines()
smd = SmaliMethodDef.SmaliMethodDef(method_text, None)
#print("count: " + str(smd.get_num_comparison_instructions()))
assert (smd.get_num_comparison_instructions() == 1)
print("passed!")
def type_safety_weather_app_test():
print("\nRunning weather app test")
method_text = '''.method private static native _getDirectBufferPointer(Ljava/nio/Buffer;)J
.end method'''
method_list = method_text.split("\n")
print("Building SMD")
smd = SmaliMethodDef.SmaliMethodDef(method_list, None)
print("Instrumenting")
smd.instrument()
print("passed!")
def type_safety_checker_leaks_test():
print("\nRunning type safety checker leaks test")
method_text = open("./test/edge_case_method1.smali", "r").readlines()
mock_class = SmaliClassDef.MockSmaliClassDef()
smd = SmaliMethodDef.SmaliMethodDef(method_text, mock_class)
#print(smd.get_num_registers())
assert (smd.get_num_registers() == 20)
#print(Instrumenter.MAX_DESIRED_NUM_REGISTERS)
assert (Instrumenter.MAX_DESIRED_NUM_REGISTERS == 4)
smd.grow_locals(Instrumenter.MAX_DESIRED_NUM_REGISTERS)
smd.instrument()
print("passed!")
def find_index_of_method(smali_code, method_name):
# It is possible that there are multiple methods
# with the same name, but different parameters
# (method overloading)
# this is
result = []
idx = 1 # line numbers start counting at 1 (not 0)
for line in smali_code:
if (line.strip().startswith(".method")):
sig = SmaliMethodDef.SmaliMethodSignature(line, "Lunknownclass;")
#print(sig.name, " == ", method_name)
if (sig.name == method_name):
result.append(idx)
idx += 1
return result
def type_safety_checker_control_flow_test():
print("\nRunning control flow test")
fh = open("./test/control_flow_test.smali", "r")
method_text = fh.readlines()
fh.close()
smd = SmaliMethodDef.SmaliMethodDef(method_text, None)
#print("Looks like it didnt crash!, congragulations!!!")
cfg = ControlFlowGraph.ControlFlowGraph(method_text)
assert (cfg.node_counter == 50)
fh = open("./test/control_flow_test_adjlist_soln.txt", "r")
adjlist_soln = fh.readline()
fh.close()
adjlist_result = str(list(cfg.generate_adjlist()))
assert (adjlist_result == adjlist_soln)
def type_safety_checker_aget2_test():
print("\nRunning aget2 test")
fh = open("test/diffPartial_method.smali", "r")
method_list = fh.readlines()
fh.close()
#print("Building SMD")
mock_class = SmaliClassDef.MockSmaliClassDef()
smd = SmaliMethodDef.SmaliMethodDef(method_list, mock_class)
mock_class.methods.append(smd)
#print(smd)
#print("Instrumenting")
assert (Instrumenter.MAX_DESIRED_NUM_REGISTERS == 4)
smd.grow_locals(Instrumenter.MAX_DESIRED_NUM_REGISTERS)
mock_class.write_to_file("test/diffPartial_method_grown.smali")
smd.instrument()
print("passed!")
def grow_locals_test_1():
print("\nRunning grow locals test")
print("\ttest/random_method1.smali")
fh = open("./test/random_method1.smali", "r")
method_list = fh.readlines()
fh.close()
smd = SmaliMethodDef.SmaliMethodDef(method_list, None)
smd.grow_locals(3)
#print(smd)
smd.write_to_file(str(smd.get_name()) + ".smali")
test_line = " invoke-virtual {v1}, Ljava/lang/Object;->toString()Ljava/lang/String;\n"
result_line = smd.dereference_p_to_v_numbers(test_line)
assert (result_line == test_line)
test_line = " invoke-virtual {p0}, Ljava/lang/Object;->toString()Ljava/lang/String;\n"
result_line = smd.dereference_p_to_v_numbers(test_line)
#print(result_line)
assert (
result_line ==
" invoke-virtual {v9}, Ljava/lang/Object;->toString()Ljava/lang/String;\n"
)
test_line = " invoke-virtual {p0, p1, p2}, Ljava/lang/Object;->toString()Ljava/lang/String;\n"
result_line = smd.dereference_p_to_v_numbers(test_line)
#print(result_line)
assert (
result_line ==
" invoke-virtual {v9, v10, v11}, Ljava/lang/Object;->toString()Ljava/lang/String;\n"
)
method_text = '''.method public leakPasswd(Landroid/view/View;J)V
.locals 3
.param p1, "v" # Landroid/view/View;
.param p2, "x" # Long (64-bits, "wide")
.param p3, "x"
.line 181
const-string p2, "p2"
const-string p3, "p3"
invoke-virtual {p0, v0}, Ledu/fandm/enovak/leaks/Main;->findViewById(I)Landroid/view/View;
move-result-object v2
return v2
.end_method'''
method_list = method_text.split("\n")
smd = SmaliMethodDef.SmaliMethodDef(method_list, None)
smd.convert_all_lines_p_to_v_numbers()
#print(smd.raw_text)
ans = smd.dereference_p_to_v_numbers(
"invoke-virtual/range {v2 .. p2}, Landroid/support/v4/app/FragmentManagerNonConfig;->getFragments()Ljava/util/List;"
)
assert (
ans ==
"invoke-virtual/range {v2 .. v5}, Landroid/support/v4/app/FragmentManagerNonConfig;->getFragments()Ljava/util/List;"
)
print("passed!")