Exemple #1
0
    def test_taint_union_register_register(self):
        """Check tainting union register U register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))

        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        untaintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))
Exemple #2
0
    def test_taint_union_register_register(self):
        """Check tainting union register U register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))

        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        taintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.RBX))

        untaintRegister(REG.RAX)
        untaintRegister(REG.RBX)
        taintUnionRegisterRegister(REG.RAX, REG.RBX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.RBX))
Exemple #3
0
    def test_taint_assignement_register_immediate(self):
        """Check tainting assignment register <- immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Exemple #4
0
    def test_taint_assignement_register_immediate(self):
        """Check tainting assignment register <- immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Exemple #5
0
    def test_known_issues(self):
        """Check tainting result after processing."""
        setArchitecture(ARCH.X86)

        taintRegister(REG.EAX)
        inst = Instruction()
        # lea eax,[esi+eax*1]
        inst.setOpcodes("\x8D\x04\x06")
        processing(inst)

        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.EBX))
Exemple #6
0
    def test_known_issues(self):
        """Check tainting result after processing."""
        setArchitecture(ARCH.X86)

        taintRegister(REG.EAX)
        inst = Instruction()
        # lea eax,[esi+eax*1]
        inst.setOpcodes("\x8D\x04\x06")
        processing(inst)

        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.EBX))
Exemple #7
0
    def test_taint_union_register_immediate(self):
        """Check tainting union register U immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterImmediate(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintUnionRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Exemple #8
0
    def test_taint_union_register_immediate(self):
        """Check tainting union register U immediate."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterImmediate(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintUnionRegisterImmediate(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
Exemple #9
0
    def test_taint_union_register_memory(self):
        """Check tainting union register U memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # !T U T
        untaintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # T U T
        taintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
Exemple #10
0
    def test_taint_union_register_memory(self):
        """Check tainting union register U memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # !T U T
        untaintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        # T U T
        taintRegister(REG.RAX)
        taintMemory(MemoryAccess(0x2000, 4))
        taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
Exemple #11
0
    def test_taint_assignement_register_memory(self):
        """Check tainting assignment register <- memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintMemory(MemoryAccess(0x2000, 8))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 8)))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x3000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))
Exemple #12
0
    def test_taint_assignement_register_memory(self):
        """Check tainting assignment register <- memory."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintMemory(MemoryAccess(0x2000, 8))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 8)))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x3000, 8))
        self.assertFalse(isRegisterTainted(REG.RAX))
Exemple #13
0
    def test_taint_register(self):
        """Check over tainting register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.AH)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertTrue(isRegisterTainted(REG.AX))

        untaintRegister(REG.AH)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.AX))
Exemple #14
0
    def test_taint_register(self):
        """Check over tainting register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))
        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.AH)
        self.assertTrue(isRegisterTainted(REG.RAX))
        self.assertTrue(isRegisterTainted(REG.EAX))
        self.assertTrue(isRegisterTainted(REG.AX))

        untaintRegister(REG.AH)
        self.assertFalse(isRegisterTainted(REG.RAX))
        self.assertFalse(isRegisterTainted(REG.EAX))
        self.assertFalse(isRegisterTainted(REG.AX))
Exemple #15
0
    def test_taint_union_memory_register(self):
        """Check tainting union memory U register."""
        setArchitecture(ARCH.X86_64)

        taintMemory(MemoryAccess(0x2000, 4))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        untaintMemory(MemoryAccess(0x2000, 4))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.RAX)
        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertTrue(isRegisterTainted(REG.RAX))
Exemple #16
0
    def test_taint_union_memory_register(self):
        """Check tainting union memory U register."""
        setArchitecture(ARCH.X86_64)

        taintMemory(MemoryAccess(0x2000, 4))
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        untaintMemory(MemoryAccess(0x2000, 4))
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertFalse(isRegisterTainted(REG.RAX))

        taintRegister(REG.RAX)
        taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
        self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
        self.assertTrue(isRegisterTainted(REG.RAX))
Exemple #17
0
    def test_taint_assignement_register_register(self):
        """Check tainting assignment register <- register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        self.assertFalse(isRegisterTainted(REG.RBX))
        taintRegister(REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RBX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))
Exemple #18
0
    def test_taint_assignement_register_register(self):
        """Check tainting assignment register <- register."""
        setArchitecture(ARCH.X86_64)

        self.assertFalse(isRegisterTainted(REG.RAX))
        taintRegister(REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertTrue(isRegisterTainted(REG.RAX))

        untaintRegister(REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))
        taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
        self.assertFalse(isRegisterTainted(REG.RAX))

        self.assertFalse(isRegisterTainted(REG.RBX))
        taintRegister(REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RBX))

        taintAssignmentRegisterRegister(REG.RAX, REG.RBX)
        self.assertTrue(isRegisterTainted(REG.RAX))