def main():
proj = angr.Project('./equal_arg_sleep.out', load_options={'auto_load_libs':False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8*sym_arg_size)
state = proj.factory.entry_state(args=['./equal_arg_sleep.out', arg0])
high_addrs = [0x401175, 0x401178]
ifa = analysis.InformationFlowAnalysis(proj=proj,state=state,start="main",high_addrs=high_addrs)
leaks = ifa.analyze()
assert len(leaks) == 1 and isinstance(leaks[0], timing.TimingProcedureCallLeak)
def main():
proj = angr.Project('implicit2.out', load_options={'auto_load_libs':False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8*sym_arg_size)
state = proj.factory.entry_state(args=['./implicit2.out', arg0])
high_addrs = [0x401155, 0x401158]
ifa = analysis.InformationFlowAnalysis(proj=proj,state=state,start="main",high_addrs=high_addrs)
leaks = ifa.analyze()
assert len(leaks) == 2 and isinstance(leaks[0], implicit.ImplicitLeak) and isinstance(leaks[1], implicit.ImplicitLeak)
return 0
def main():
proj = angr.Project('non_termination2.out', load_options={'auto_load_libs':False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8*sym_arg_size)
state = proj.factory.entry_state(args=['./non_termination2.out', arg0], add_options={angr.options.UNICORN})
high_addrs = [0x401155, 0x401158]
return #This example takes a long time to analyze due to the combinatorial explosion of the while() loops; we omit it
ifa = analysis.InformationFlowAnalysis(proj=proj,state=state,start="main",high_addrs=high_addrs,termination_args=analysis.TerminationArgs(bound=1000))
leaks = ifa.analyze()
assert len(leaks) > 0 and isinstance(leaks[0], termination.TerminationLeak)
return
def main():
proj = angr.Project('./simple_diff.out',
load_options={'auto_load_libs': False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8 * sym_arg_size)
state = proj.factory.entry_state(args=['./simple_diff.out', arg0])
high_addrs = [0x401155, 0x401158]
ifa = analysis.InformationFlowAnalysis(proj=proj,
state=state,
start="main",
high_addrs=high_addrs)
leaks = ifa.analyze(timing_args=analysis.TimingArgs([], epsilon=1))
assert len(leaks) == 1 and isinstance(leaks[0], timing.TimingEpsilonLeak)
def main():
proj = angr.Project('high_sleep_no_leak.out',
load_options={'auto_load_libs': False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8 * sym_arg_size)
state = proj.factory.entry_state(args=['./high_sleep_no_leak.out', arg0])
high_addrs = [0x401155, 0x401158]
ifa = analysis.InformationFlowAnalysis(proj=proj,
state=state,
start="main",
high_addrs=high_addrs)
leaks = ifa.analyze()
assert len(leaks) == 0
def main():
proj = angr.Project('flow_sensitivity.out',
load_options={'auto_load_libs': False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8 * sym_arg_size)
state = proj.factory.entry_state(args=['./flow_sensitivity.out', arg0])
high_addrs = [0x401155, 0x401158]
ifa = analysis.InformationFlowAnalysis(proj=proj,
state=state,
start="main",
high_addrs=high_addrs)
ifa.draw_everything()
return
def main():
proj = angr.Project('low_inf_loop_no_leak.out',
load_options={'auto_load_libs': False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8 * sym_arg_size)
state = proj.factory.entry_state(args=['./low_inf_loop_no_leak.out', arg0])
high_addrs = [0x40116c
] #Only initial branching information is high; loop is low
ifa = analysis.InformationFlowAnalysis(proj=proj,
state=state,
start="main",
high_addrs=high_addrs)
leaks = ifa.analyze()
assert len(leaks) == 0
return
def main():
proj = angr.Project('non_termination.out',
load_options={'auto_load_libs': False})
sym_arg_size = 15
arg0 = claripy.BVS('arg0', 8 * sym_arg_size)
state = proj.factory.entry_state(args=['./non_termination.out', arg0],
add_options={angr.options.UNICORN})
high_addrs = [0x401131, 0x401134]
ifa = analysis.InformationFlowAnalysis(proj=proj,
state=state,
start="main",
high_addrs=high_addrs)
leaks = ifa.analyze()
assert len(leaks) == 1 and isinstance(leaks[0],
termination.TerminationLeak)
return