def run_exploit(exploit_dir, container_name, timeout, log=None):
log = print_and_log("[*] Running exploit", log)
script = os.path.join(base_dir(), "launch_exploit.sh")
cmdline = \
"%s %s %s %d %d" % \
(script, container_name, SERVICE_IP, SERVICE_PORT, timeout)
output, err, e = run_command(cmdline, exploit_dir)
if log is not None:
try:
log = log.decode('utf_8', 'ignore')
output = output.decode('utf-8', 'ignore')
log = log + output
except UnicodeDecodeError:
pass
if e != 0:
log = print_and_log("[*] Failed to run exploit", log)
log = print_and_log(err, log)
log = print_and_log("==========================", log)
return None, log
# Exploit prints out the flag string at the end.
tokens = filter(None, output.split('\n')) # Filter out empty strings
flag_candidate = filter(None, tokens)[-1] # Read the last line
return flag_candidate, log
def start_service(service_dir, branch, container_name, flag_str, log=None):
log= print_and_log("[*] Starting service from %s (branch '%s')" % \
(service_dir, branch), log)
checkout(service_dir, branch)
# Update flag file
flag_path = os.path.join(service_dir, "flag") # Assumption in template
if not os.path.isfile(flag_path):
log = print_and_log("[*] 'flag' file not found in %s" % service_dir,
log)
return False, log
with open(flag_path, "w") as flag_file:
flag_file.write(flag_str)
# Run the service
script = os.path.join(base_dir(), "setup_service.sh")
cmdline = \
"%s %s %d %d" % (script, container_name, SERVICE_PORT, SERVICE_PORT)
output, err, e = run_command(cmdline, service_dir)
if e != 0:
log = print_and_log("[*] Failed to start service", log)
log = print_and_log(err, log)
log = print_and_log("==========================", log)
return False, log
if log is not None:
log = log + output
log = print_and_log("[*] Started service successfully", log)
return True, log
def setUpClass(self):
self._postgresql = testing.postgresql.Postgresql()
connection_string = self._postgresql.url()
self._engine = create_engine(connection_string)
self._folder = os.path.join(utils.base_dir(), "tests", "data", "large")
etl = Etl(self._postgresql.url(), self._folder)
etl.run(batch_size=200)
def create_dockerfile(problem_info, repo_dir_path):
with open(os.path.join(base_dir(), 'dockerfile.template'), 'r') as f:
dockerfile = f.read()
base_image = problem_info['base_image']
required_packages = problem_info['required_packages']
flag_dst_path = problem_info['flag_dst_path']
bin_src_path = problem_info['bin_src_path']
bin_name = bin_src_path.split('/')[-1]
bin_dst_path = problem_info['bin_dst_path']
if problem_info['service_exe_type'] == 'xinetd':
exec_command = make_xinetd_exec_env(problem_info, repo_dir_path, \
bin_name)
elif problem_info['service_exe_type'] == 'stand-alone':
pass
else:
print '[*] Failed to make Dockerfile from %s' % repo_dir_path
return
s = Template(dockerfile)
dockerfile = s.substitute(base_image = base_image, \
required_packages = required_packages, \
flag_dst_path = flag_dst_path, \
bin_name = bin_name, \
bin_dst_path = bin_dst_path, \
exec_command = exec_command)
with open(os.path.join(repo_dir_path, 'Dockerfile'), 'w') as f:
f.write(dockerfile)
def setup(repo_name, container_name, service_port, host_port):
script = os.path.join(base_dir(), "setup_service.sh")
setup_cmd = '%s "%s" %d %d' % (script, container_name, service_port, host_port)
_, err, e = run_command(setup_cmd, repo_name)
if e != 0:
print("[*] Failed to launch %s" % container_name)
print(err)
sys.exit()
def exec_exploit(name, exploit_dir, ip, port, timeout):
docker_cleanup(name)
script = os.path.join(base_dir(), "launch_exploit.sh")
_, err, e = run_command('%s "%s" %s %d %d' % \
(script, name, ip, port, \
timeout), exploit_dir)
if e != 0:
print(err)
print('[*] Failed to execute the service.')
else:
print('[*] Service is up.')
def exec_service(name, service_dir, host_port, service_port):
docker_cleanup(name)
script = os.path.join(base_dir(), "setup_service.sh")
host_port = int(host_port)
service_port = int(service_port)
_, err, e = run_command('%s "%s" %d %d' % \
(script, name, host_port, service_port), service_dir)
if e != 0:
print(err)
print('[*] Failed to execute the service.')
else:
print('[*] Service is up.')
def create_xinetd_config(problem_info, repo_dir_path, bin_name):
with open(os.path.join(base_dir(), 'xinetd_conf.template'), 'r') as f:
service_conf = f.read()
service_conf_name = '%s_service_conf' % bin_name
bin_dst_path = problem_info['bin_dst_path']
bin_args = problem_info['bin_args']
port = problem_info['port']
s = Template(service_conf)
service_conf = s.substitute(service_conf_name = service_conf_name, \
bin_name = bin_name, \
bin_dst_path = bin_dst_path, \
bin_args = bin_args, \
port = port)
with open(os.path.join(repo_dir_path, service_conf_name), 'w') as f:
f.write(service_conf)
return service_conf_name
def run_exploit(exploit_dir, container_name, timeout, log=None):
log = print_and_log("[*] Running exploit", log)
script = os.path.join(base_dir(), "launch_exploit.sh")
cmdline = \
"%s %s %s %d %d" % \
(script, container_name, SERVICE_IP, SERVICE_PORT, timeout)
output, err, e = run_command(cmdline, exploit_dir)
if log is not None:
log = log + output
if e != 0:
log = print_and_log("[*] Failed to run exploit", log)
log = print_and_log(err, log)
log = print_and_log("==========================", log)
return None, log
# Exploit prints out the flag string at the end.
tokens = [_f for _f in output.split('\n')
if _f] # Filter out empty strings
flag_candidate = [_f for _f in tokens if _f][-1] # Read the last line
return flag_candidate, log
def list_branches(dir):
external_path = os.path.join(base_dir(), "list_branches.sh")
s, _, _ = run_command("%s \"%s\"" % (external_path, dir), os.getcwd())
branches = s.splitlines()
return branches
def filter_bc_list(args: Namespace):
if args.whitelist:
return filter(lambda x: base_dir(x) in args.whitelist, args.bc_list)
if args.blacklist:
return filter(lambda x: base_dir(x) not in args.blacklist, args.bc_list)
return args.bc_list
def step_archive(args: Namespace) -> int:
return call(
["tar", "czf", f"results{args.prev_steps}.tar.gz"]
+ sorted(set(base_dir(x) for x in args.bc_list)),
shell=False,
)