def run(self):
# FIXME --dry-run
if self.web_subcommand:
self.start_webserver()
elif self.run_subcommand:
self.handle_user_consent()
start_time = time.time()
self.prepare()
print("Running the pre-analysis..")
prem = PreAnalysisManager(self.card, self.gp)
prem_results = prem.run()
start_report = {
"start-time": start_time,
# set end-time and duration, so that the analysis can be viewed mid run
"end-time": "",
"duration": "",
"message": self.message,
"card": self.card.get_report(),
"pre-analysis-results": prem_results,
}
with MongoConnection(database=self.database,
host=self.db_host,
port=self.db_port) as con:
self.report_id = con.col.insert_one(start_report).inserted_id
print("Running the analysis..")
anam = AnalysisManager(self.card,
self.gp,
self.config,
update_attack=self.add_attack_to_db)
anam_results = anam.run()
print("Running the post-analysis..")
end_time = time.time()
end_report = {
"end-time": end_time,
"duration": end_time - start_time,
}
with MongoConnection(database=self.database,
host=self.db_host,
port=self.db_port) as con:
con.col.update_one({"_id": self.report_id},
{"$set": end_report})
# self.save_record()
if self.start_web:
self.start_webserver()
elif self.list_subcommand:
self.print_attack_list()
elif self.attack_validator_subcommand:
self.validate_attacks()
def card_form_template(form):
"""
Render all attacks for given ATR, which does not equal given card.
This could be potentially misleading in the results.
"""
atr = request.form["card-atr"]
with MongoConnection(**db_config) as con:
card = con.col.find_one({"card.atr": atr}, projection=["card"])
with MongoConnection(**db_config) as con:
runs = con.col.find({"card.atr": atr})
return render_template("atr-body.j2", form=form, card=card, runs=runs, marks=marks)
def get_stage_data(analysis_id, attack_name, stage_index, stage_name):
with MongoConnection(**db_config) as con:
analysis = con.col.find_one({"_id": ObjectId(analysis_id)})
stage = analysis["analysis-results"][attack_name]["results"][int(stage_index)]
sdk_version = analysis["analysis-results"][attack_name]["sdk_version"]
# return jsonify(stage)
return render_template(
"stage.j2", stage=stage, attack_name=attack_name, sdk_version=sdk_version
)
def add_attack_to_db(self, attack_name, attack_results):
"""
Adds the attack results to the database
"""
key = "analysis-results.%s" % attack_name
value = attack_results
with MongoConnection(database=self.database,
host=self.db_host,
port=self.db_port) as con:
con.col.update_one({"_id": self.report_id}, {"$set": {key: value}})
def attack_form_template(form):
name = request.form["attack-attack_name"].strip()
with MongoConnection(**db_config) as con:
field = "analysis-results.%s" % name
sieve = {
"analysis-results.%s" % name: {"$exists": True},
"card": {"$exists": True},
}
runs = con.col.find(sieve, projection=[field, "card"])
return render_template("attacks.j2", form=form, runs=runs, marks=marks)
def index():
form = MainForm()
form.run.analysis.choices = get_analysis_choices()
form.card.atr.choices = get_card_atr_choices()
form.attack.attack_name.choices = get_attack_choices()
if request.method == "POST":
# handle run form
return form_handler_template(form=form)
else:
with MongoConnection(**db_config) as con:
analysis = con.col.find_one(sort=[("start-time", pymongo.DESCENDING)])
return render_template("base.j2", analysis=analysis, form=form, marks=marks)
def get_analysis_choices() -> List[Tuple[str, str]]:
with MongoConnection(**db_config) as con:
all_attack_ids = con.col.find(projection=["_id"],
sort=[("start-time", pymongo.ASCENDING)])
choices = []
for index, attack in enumerate(all_attack_ids):
_id = attack["_id"]
label = str(index) + ": " + add_whitespace_id(str(_id))
choices.append((str(_id), label))
# choices = [(str(x["_id"]), str(i + 1)) for i, x in enumerate(all_attack_ids)]
# we will reverse the order to show the newest analysis runs on top
return choices[::-1]
def get_attack_choices() -> List[Tuple[str, str]]:
"""
Probably quite slow and ineffient method of getting all the attacks.
"""
with MongoConnection(**db_config) as con:
runs = con.col.find(projection=["analysis-results"])
attacks = []
for run in runs:
try:
attacks.extend(list(run["analysis-results"].keys()))
except (AttributeError, KeyError):
continue
attacks = sorted(set(attacks))
choices = [(a, a) for a in attacks]
return choices
def get_card_atr_choices() -> List[Tuple[str, str]]:
with MongoConnection(**db_config) as con:
records = con.col.find(projection=["card"])
choices = []
for record in records:
try:
atr = record["card"]["atr"]
except KeyError:
continue
if isinstance(atr, list):
# FIXME remove on fresh database, where 'atr's are string
atr = " ".join(["{:02X}".format(byte) for byte in atr])
label = convert_atr(atr)
choices.append((atr, label))
choices = list(set(choices))
choices.sort(key=lambda x: x[1])
return choices
def run_form_template(form):
attack_id = request.form["run-analysis"]
with MongoConnection(**db_config) as con:
run = con.col.find_one({"_id": ObjectId(attack_id)})
return render_template("runs.j2", analysis=run, form=form, marks=marks)
