def check(self, event1, event2): """Check if the event pair causes toctou racing""" s1 = syscalls.event_to_syscall(event1) s2 = syscalls.event_to_syscall(event2) if not (s1 and s1): return False for callback in self.callbacks: ret = callback(s1, s2) if ret is not None: return ret return False
def generate(self, event1, event2): """Generate string to run in the attacker""" s1 = syscalls.event_to_syscall(event1) s2 = syscalls.event_to_syscall(event2) if not (s1 and s1): return False attack_strings = list() for attacker in self.attackers: string = attacker.generate(s1, s2) if string != "": attack_strings.append(string) return '\n'.join(attack_strings)
def need_bookmark(self, event, before=False, after=False): if before: syscall = syscalls.event_to_syscall(event) path = syscalls.get_resource_path(syscall) if path is not None: event.path = path return True return False
def after_replay(self, graph, event): if event.is_a(scribe.EventSyscallExtra): if hasattr(event, 'cwd'): event.proc.cwd = event.cwd else: event.cwd = event.proc.cwd if hasattr(event, 'root'): event.proc.root = event.root else: event.root = event.proc.root syscall = syscalls.event_to_syscall(event) path = syscalls.get_resource_path(syscall) if path is not None: event.path = os.path.join(event.cwd, path)
def skip_parent_dir_race(resource, node1, node2): if resource.type not in [scribe.SCRIBE_RES_TYPE_INODE, scribe.SCRIBE_RES_TYPE_FILES_STRUCT]: return False for node in [node1, node2]: if not node: return False if not hasattr(node, 'path'): syscall = syscalls.event_to_syscall(node) node.path = syscalls.get_resource_path(syscall) if not node.path or not os.path.isabs(node.path): return False if node1 and node2 and \ os.path.commonprefix([node1.path, node2.path]) not in \ [node1.path, node2.path]: return True