def test_carve(self):
s = 'redbluegreenyellowred'
r = drillresults.carve(s, 'red', 'red')
self.assertEqual('bluegreenyellow', r)
r = drillresults.carve(s, 'blue', 'yellow')
self.assertEqual('green', r)
def test_carve(self):
s = 'redbluegreenyellowred'
r = drillresults.carve(s, 'red', 'red')
self.assertEqual('bluegreenyellow', r)
r = drillresults.carve(s, 'blue', 'yellow')
self.assertEqual('green', r)
def get_fault_addr(self):
'''
Find the EFA
'''
faultaddr = carve(self.reporttext, 'access_address=', ':')
logger.debug('carved fault address: %s' % faultaddr)
return self.format_addr(faultaddr)
def get_fault_addr(self):
'''
Find the EFA
'''
faultaddr = carve(self.reporttext, 'access_address=', ':')
logger.debug('carved fault address: %s' % faultaddr)
return self.format_addr(faultaddr)
def _find_testcase_file(self):
# Tries a little harder than the base class to find a test case file to
# work with
# Check if the expected crasher file (fuzzed file) exists
current_dir = os.path.dirname(self.dbg_outfile)
if not os.path.isfile(self.testcase_file):
# It's not there, so try to extract the filename from the cdb
# commandline
commandline = carve(self.reporttext, "CommandLine: ", "\n")
args = commandline.split()
for arg in args:
if "sf_" in arg:
self.testcase_file = os.path.basename(arg)
if os.path.isfile(os.path.join(current_dir, self.testcase_file)):
self.testcase_file = os.path.join(
current_dir, self.testcase_file)
elif "-" in self.testcase_file:
# FOE 2.0 verify mode puts a '-<iteration>' part on the
# filename when invoking cdb, however the resulting file
# is really just 'sf_<hash>.<ext>'
fileparts = self.testcase_file.split('-')
m = re.search('\..+', fileparts[1])
# Recreate the original file name, minus the iteration
self.testcase_file = os.path.join(
current_dir, fileparts[0] + m.group(0))
TestCaseBundle._find_testcase_file(self)
def _find_testcase_file(self):
# Tries a little harder than the base class to find a test case file to
# work with
# Check if the expected crasher file (fuzzed file) exists
current_dir = os.path.dirname(self.dbg_outfile)
if not os.path.isfile(self.testcase_file):
# It's not there, so try to extract the filename from the cdb
# commandline
commandline = carve(self.reporttext, "CommandLine: ", "\n")
args = commandline.split()
for arg in args:
if "sf_" in arg:
self.testcase_file = os.path.basename(arg)
if os.path.isfile(
os.path.join(current_dir, self.testcase_file)):
self.testcase_file = os.path.join(
current_dir, self.testcase_file)
elif "-" in self.testcase_file:
# FOE 2.0 verify mode puts a '-<iteration>' part on the
# filename when invoking cdb, however the resulting file
# is really just 'sf_<hash>.<ext>'
fileparts = self.testcase_file.split('-')
m = re.search('\..+', fileparts[1])
# Recreate the original file name, minus the iteration
self.testcase_file = os.path.join(
current_dir, fileparts[0] + m.group(0))
TestCaseBundle._find_testcase_file(self)
def get_instr_addr(self):
'''
Find the address for the current (crashing) instruction
'''
instraddr = None
instraddr = carve(self.reporttext, 'instruction_address=', ':')
logger.debug('carved instruction address: %s' % instraddr)
return self.format_addr(instraddr)
def get_instr_addr(self):
'''
Find the address for the current (crashing) instruction
'''
instraddr = None
instraddr = carve(self.reporttext, 'instruction_address=', ':')
logger.debug('carved instruction address: %s' % instraddr)
return self.format_addr(instraddr)
def fix_efa_bug(self, instraddr, faultaddr):
'''
!exploitable often reports an incorrect EFA for 64-bit targets.
If we're dealing with a 64-bit target, we can second-guess the reported EFA
'''
instructionline = self.get_instr(instraddr)
if not instructionline or "=" not in instructionline:
# Nothing to fix
return faultaddr
if 'ds:' in instructionline:
# There's a target address in the msec file
if '??' in instructionline:
# The AV is on dereferencing where to call
ds = carve(instructionline, "ds:", "=")
else:
# The AV is on accessing the code location
ds = instructionline.split("=")[-1]
else:
# AV must be on current instruction
ds = instructionline.split(' ')[0]
if ds:
faultaddr = ds.replace('`', '')
return faultaddr
def fix_efa_bug(self, instraddr, faultaddr):
'''
!exploitable often reports an incorrect EFA for 64-bit targets.
If we're dealing with a 64-bit target, we can second-guess the reported EFA
'''
instructionline = self.get_instr(instraddr)
if not instructionline or "=" not in instructionline:
# Nothing to fix
return faultaddr
if 'ds:' in instructionline:
# There's a target address in the msec file
if '??' in instructionline:
# The AV is on dereferencing where to call
ds = carve(instructionline, "ds:", "=")
else:
# The AV is on accessing the code location
ds = instructionline.split("=")[-1]
else:
# AV must be on current instruction
ds = instructionline.split(' ')[0]
if ds:
faultaddr = ds.replace('`', '')
return faultaddr
def _get_shortdesc(self):
self.shortdesc = carve(self.reporttext, "Short description: ", " (")
if not self.shortdesc:
self.shortdesc = 'UNKNOWN'
logger.debug('Short Description: %s', self.shortdesc)
def _get_classification(self):
self.classification = carve(self.reporttext, "Classification: ", "\n")
if not self.classification:
self.classification = 'UNKNOWN'
logger.debug('Classification: %s', self.classification)
def _get_classification(self):
self.classification = carve(self.reporttext,
"Exploitability Classification: ", "\n")
logger.debug('Classification: %s', self.classification)
def _get_shortdesc(self):
self.shortdesc = carve(self.reporttext, "Short Description: ", "\n")
logger.debug('Short Description: %s', self.shortdesc)
def get_instr(self, instraddr):
currentinstr = carve(self.reporttext, "instruction_disassembly=", ":")
logger.debug('currentinstr: %s' % currentinstr)
return currentinstr
def get_instr(self, instraddr):
currentinstr = carve(self.reporttext, "instruction_disassembly=", ":")
logger.debug('currentinstr: %s' % currentinstr)
return currentinstr
def _get_shortdesc(self):
self.shortdesc = carve(self.reporttext, "exception=", ":")
logger.debug('Short Description: %s', self.shortdesc)
def _get_classification(self):
self.classification = carve(self.reporttext, "is_exploitable=", ":")
logger.debug('Classification: %s', self.classification)
def get_instr_addr(self):
instraddr = carve(self.reporttext, "Instruction Address:", "\n")
return self.format_addr(instraddr)
def _get_classification(self):
self.classification = carve(self.reporttext, "Classification: ", "\n")
if not self.classification:
self.classification = 'UNKNOWN'
logger.debug('Classification: %s', self.classification)
def _get_classification(self):
self.classification = carve(
self.reporttext, "Exploitability Classification: ", "\n")
logger.debug('Classification: %s', self.classification)
def _get_shortdesc(self):
self.shortdesc = carve(self.reporttext, "Short description: ", " (")
if not self.shortdesc:
self.shortdesc = 'UNKNOWN'
logger.debug('Short Description: %s', self.shortdesc)
def _get_classification(self):
self.classification = carve(self.reporttext, "is_exploitable=", ":")
logger.debug('Classification: %s', self.classification)
def get_instr_addr(self):
instraddr = carve(self.reporttext, "Instruction Address:", "\n")
return self.format_addr(instraddr)
