def test_congruency_2(self):
'''
(set-logic ALL)
(declare-fun recv_input_4_1024 () String)
(assert (< ( str.indexof recv_input_4_1024 "\r\n\r\n" 0) 0))
(assert (<= 0 ( str.indexof recv_input_4_1024 " \r\n" 0)))
(assert (<= 0 ( str.indexof recv_input_4_1024 " \r\n" (+ ( str.indexof recv_input_4_1024 " \r\n" 0) 1))))
(assert (<= 0 ( str.indexof recv_input_4_1024 " \r\n" (+ ( str.indexof recv_input_4_1024 " \r\n" (+ ( str.indexof recv_input_4_1024 " \r\n" 0) 1)) 1))))
(assert (= "GET"
( str.substr
( str.substr
recv_input_4_1024
(+
( str.indexof recv_input_4_1024 " \r\n" (+ ( str.indexof recv_input_4_1024 " \r\n" 0) 1))
1)
( str.indexof
recv_input_4_1024
" \r\n"
(+ ( str.indexof recv_input_4_1024 " \r\n" (+ ( str.indexof recv_input_4_1024 " \r\n" 0) 1)) 1)
)
)
10
1014)))
(check-sat)
'''
recv_input = claripy.StringS('recv_input', 1024)
constraints = []
def field_sep_idx(s, start_idx=0):
return claripy.StrIndexOf(s, claripy.StringV(' \r\n'), start_idx,
32)
constraints.append(
claripy.StrIndexOf(recv_input, claripy.StringV('\r\n\r\n'), 0, 32)
< 0)
sep_idx_1 = field_sep_idx(recv_input)
sep_idx_2 = field_sep_idx(recv_input, start_idx=sep_idx_1 + 1)
sep_idx_3 = field_sep_idx(recv_input, start_idx=sep_idx_2 + 1)
sep_idx_4 = field_sep_idx(recv_input, start_idx=sep_idx_3 + 1)
constraints.append(sep_idx_1 >= 0)
constraints.append(sep_idx_2 >= 0)
constraints.append(sep_idx_3 >= 0)
sub_start = sep_idx_2 + 1
sub_end = sep_idx_3
sub_str = claripy.StrSubstr(recv_input, sub_start, sub_end)
constraints.append(
claripy.StrSubstr(sub_str, 10, 1014) == claripy.StringV("GET"))
results = self._collect_generic_solver_test_data((recv_input, ),
constraints)
self._generic_consistency_check(results)
self._generic_congruency_check(results['solvers'], results)
def test_index_of_simplification(self):
str_concrete = claripy.StringV("concrete")
solver = self.get_solver()
res = claripy.StrIndexOf(str_concrete, claripy.StringV("rete"), 0, 32)
target_idx = 4 if KEEP_TEST_PERFORMANT else 100
solver.add(res == target_idx)
self.assertTrue(solver.satisfiable())
self.assertEqual(tuple(), tuple(solver.constraints))
self.assertEqual((target_idx, ), solver.eval(res, 2))
def test_congruency_1(self):
recv_input = claripy.StringS('recv_input', 1024)
constraints = []
constraints.append(0 <= claripy.StrIndexOf(
recv_input, claripy.StringV("\r\n\r\n"), 0, 32))
results = self._collect_generic_solver_test_data((recv_input, ),
constraints)
self._generic_consistency_check(results)
self._generic_congruency_check(results['solvers'], results)
def test_index_of_simplification(self):
correct_script = '''(set-logic ALL)
(check-sat)
'''
str_concrete = claripy.StringV("concrete")
solver = self.get_solver()
res = claripy.StrIndexOf(str_concrete, claripy.StringV("rete"), 0, 32)
solver.add(res == 4)
script = solver.get_smtlib_script_satisfiability()
self.assertEqual(correct_script, script)
def test_index_of(self):
str_symb = claripy.StringS("symb_suffix", 4, explicit_name=True)
res = claripy.StrIndexOf(str_symb, claripy.StringV("an"), 0, 32)
solver = self.get_solver()
target_idx = 4 if KEEP_TEST_PERFORMANT else 100
solver.add(res == target_idx)
self.assertTrue(solver.satisfiable())
solutions = solver.eval(str_symb, 4 if KEEP_TEST_PERFORMANT else 100)
for sol in solutions:
self.assertEqual('an', sol[target_idx:target_idx + 2])
self.assertEqual((target_idx, ), solver.eval(res, 2))
def test_index_of(self):
correct_script = '''(set-logic ALL)
(declare-fun {0}symb_suffix () String)
(assert ( str.indexof {0}symb_suffix "an" 0 ))
(check-sat)
'''.format(String.STRING_TYPE_IDENTIFIER)
str_symb = claripy.StringS("symb_suffix", 4, explicit_name=True)
res = claripy.StrIndexOf(str_symb, claripy.StringV("an"), 0, 32)
solver = self.get_solver()
solver.add(res)
script = solver.get_smtlib_script_satisfiability()
# with open("dump_suffix.smt2", "w") as dump_f:
# dump_f.write(script)
self.assertEqual(correct_script, script)
def test_index_of_symbolic_start_idx(self):
str_symb = claripy.StringS("symb_index_of", 4, explicit_name=True)
start_idx = claripy.BVS("symb_start_idx", 32, explicit_name=True)
solver = self.get_solver()
solver.add(start_idx > 32)
solver.add(start_idx < 35)
res = claripy.StrIndexOf(str_symb, claripy.StringV("an"), start_idx,
32)
solver.add(res != -1)
solver.add(res < 38)
self.assertTrue(solver.satisfiable())
self.assertEqual({33, 34, 35, 36, 37}, set(solver.eval(res, 10)))
strs = solver.eval(str_symb, 10 if KEEP_TEST_PERFORMANT else 100)
for s in strs:
self.assertTrue(32 < s.index('an') < 38)
def test_index_of_symbolic_start_idx(self):
correct_script = '''(set-logic ALL)
(declare-fun {0}symb_index_of () String)
(declare-fun symb_start_idx () Int)
(assert (let ((.def_0 (< 32 symb_start_idx))) .def_0))
(assert (let ((.def_0 (< symb_start_idx 35))) .def_0))
(assert (let ((.def_0 (= ( str.indexof {0}symb_index_of "an" symb_start_idx ) 33))) .def_0))
(check-sat)
'''.format(String.STRING_TYPE_IDENTIFIER)
str_symb = claripy.StringS("symb_index_of", 4, explicit_name=True)
start_idx = claripy.BVS("symb_start_idx", 32, explicit_name=True)
solver = self.get_solver()
solver.add(start_idx > 32)
solver.add(start_idx < 35)
res = claripy.StrIndexOf(str_symb, claripy.StringV("an"), start_idx,
32)
solver.add(res == 33)
script = solver.get_smtlib_script_satisfiability()
# with open("dump_suffix.smt2", "w") as dump_f:
# dump_f.write(script)
self.assertEqual(correct_script, script)
def field_sep_idx(s, start_idx=0):
return claripy.StrIndexOf(s, claripy.StringV(' \r\n'), start_idx,
32)
