def get_cases(long_descriptions=False):
cases = []
cases.append(
TransformFunction("ComboEvasion-null-001", None, evasions.http.null))
cases.append(
TransformFunction(
"ComboEvasion-combo-001", None,
evasions.html.entity_encoding_attributes_hex,
evasions.html.external_resource_internal_script,
evasions.html.bom_declared_utf_7_variant_5_encoded_as_utf_7_5_i,
evasions.http.status_code_3xx.parameterize(statuscode=305),
evasions.http.contentencoding_gzip,
evasions.http.encode_gzip_compression_max,
evasions.http.transferencoding_chunked,
evasions.http.encode_chunked_equisize_leadingzeros.parameterize(
chunksize=32, leadingzeros=10)))
simple_index = len(cases)
# description cleanup
if not long_descriptions:
TransformFunction.cleanup_descriptions(cases, simple_index)
return OrderedDict([(c.name, c) for c in cases])
def get_cases(long_descriptions=False):
cases = []
cases.append(
TransformFunction("ComboEvasion-null-001", None, evasions.http.null))
cases.append(
TransformFunction(
"ComboEvasion-combo-011", None,
evasions.html.entity_encoding_attributes_dec,
evasions.html.insert_slash_after_opening_tag_names,
evasions.html.bom_declared_utf_16be_encoded_as_utf_16_be,
evasions.http.status_code_4xx.parameterize(statuscode=414),
evasions.http.contentencoding_deflate,
evasions.http.encode_deflate_compression_max,
evasions.http.transferencoding_chunked,
evasions.http.encode_chunked_varysize_leadingzeros.parameterize(
min_chunksize=16, max_chunksize=64, leadingzeros=15)))
simple_index = len(cases)
# description cleanup
if not long_descriptions:
TransformFunction.cleanup_descriptions(cases, simple_index)
return OrderedDict([(c.name, c) for c in cases])
def get_cases(long_descriptions=False):
cases = []
cases.append(
TransformFunction("HtmlEvasion-null-001", None, evasions.html.null))
cases.append(
TransformFunction(
"HtmlEvasion-html-005", None,
evasions.html.move_body_to_nested_div_with_children.parameterize(
N=500, M=500000)))
cases.append(
TransformFunction("HtmlEvasion-html-009", None,
evasions.html.insert_slash_after_opening_tag_names))
cases.append(
TransformFunction("HtmlEvasion-html-016", None,
evasions.html.entity_encoding_attributes_dec))
cases.append(
TransformFunction(
"HtmlEvasion-html-315", None,
evasions.html.bom_declared_utf_16be_encoded_as_utf_16_be))
cases.append(
TransformFunction(
"HtmlEvasion-html-551", None,
evasions.html.entity_encoding_attributes_dec,
evasions.html.external_resource_internal_script,
evasions.html.insert_slash_after_opening_tag_names,
evasions.html.bom_declared_utf_16be_encoded_as_utf_16_be))
simple_index = len(cases)
# description cleanup
if not long_descriptions:
TransformFunction.cleanup_descriptions(cases, simple_index)
return OrderedDict([(c.name, c) for c in cases])
def get_cases(long_descriptions=False):
cases = []
cases.append(TransformFunction("HtmlEvasion-null-001", None, evasions.html.null))
cases.append(TransformFunction("HtmlEvasion-html-002", None, evasions.html.pad_body_with_div.parameterize(N=500000)))
cases.append(TransformFunction("HtmlEvasion-html-010", None, evasions.html.insert_many_slash_after_html_opening_tag_name))
cases.append(TransformFunction("HtmlEvasion-html-015", None, evasions.html.entity_encoding_attributes_hex))
cases.append(TransformFunction("HtmlEvasion-html-020", None, evasions.html.external_resource_internal_script))
cases.append(TransformFunction("HtmlEvasion-html-326", None, evasions.html.bom_declared_utf_7_variant_5_encoded_as_utf_7_5_i))
cases.append(TransformFunction("HtmlEvasion-html-550", None, evasions.html.entity_encoding_attributes_hex, evasions.html.external_resource_internal_script, evasions.html.bom_declared_utf_7_variant_5_encoded_as_utf_7_5_i))
simple_index = len(cases)
# description cleanup
if not long_descriptions:
TransformFunction.cleanup_descriptions(cases, simple_index)
return OrderedDict([(c.name, c) for c in cases])
def CodeTransformCases(test_cases,
diverage_stack,
diverage_count_stack,
test_case_basename=case_basename):
# assumes that remove_vbscript_comments has already been applied
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.rename_variables))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.reorder_functions))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.vbscript_whitespace))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.linesplit))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.stringsplit))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
def get_cases(long_descriptions=False):
cases = []
cases.append(
TransformFunction("HttpEvasion-null-001", None, evasions.http.null))
cases.append(
TransformFunction("HttpEvasion-http-011", None,
evasions.http.contentencoding_deflate,
evasions.http.encode_deflate_compression_none))
cases.append(
TransformFunction("HttpEvasion-http-012", None,
evasions.http.contentencoding_deflate,
evasions.http.encode_deflate_compression_min))
cases.append(
TransformFunction("HttpEvasion-http-013", None,
evasions.http.contentencoding_deflate,
evasions.http.encode_deflate_compression_some))
cases.append(
TransformFunction("HttpEvasion-http-014", None,
evasions.http.contentencoding_deflate,
evasions.http.encode_deflate_compression_max))
cases.append(
TransformFunction(
"HttpEvasion-http-015", None,
evasions.http.transferencoding_chunked,
evasions.http.encode_chunked_varysize.parameterize(
min_chunksize=16, max_chunksize=64)))
cases.append(
TransformFunction(
"HttpEvasion-http-016", None,
evasions.http.transferencoding_chunked,
evasions.http.encode_chunked_varysize_leadingzeros.parameterize(
min_chunksize=16, max_chunksize=64, leadingzeros=15)))
cases.append(
TransformFunction(
"HttpEvasion-http-017", None,
evasions.http.status_code_4xx.parameterize(statuscode=414)))
cases.append(
TransformFunction(
"HttpEvasion-http-501", None,
evasions.http.status_code_4xx.parameterize(statuscode=414),
evasions.http.contentencoding_deflate,
evasions.http.encode_deflate_compression_max,
evasions.http.transferencoding_chunked,
evasions.http.encode_chunked_varysize_leadingzeros.parameterize(
min_chunksize=16, max_chunksize=64, leadingzeros=15)))
simple_index = len(cases)
# description cleanup
if not long_descriptions:
TransformFunction.cleanup_descriptions(cases, simple_index)
return OrderedDict([(c.name, c) for c in cases])
def get_cases(long_descriptions=False):
cases = []
cases.append(TransformFunction("HttpEvasion-null-001", None, evasions.http.null))
cases.append(TransformFunction("HttpEvasion-http-001", None, evasions.http.contentencoding_gzip, evasions.http.encode_gzip_compression_none))
cases.append(TransformFunction("HttpEvasion-http-002", None, evasions.http.contentencoding_gzip, evasions.http.encode_gzip_compression_min))
cases.append(TransformFunction("HttpEvasion-http-003", None, evasions.http.contentencoding_gzip, evasions.http.encode_gzip_compression_some))
cases.append(TransformFunction("HttpEvasion-http-004", None, evasions.http.contentencoding_gzip, evasions.http.encode_gzip_compression_max))
cases.append(TransformFunction("HttpEvasion-http-005", None, evasions.http.transferencoding_chunked, evasions.http.encode_chunked_equisize.parameterize(chunksize=32)))
cases.append(TransformFunction("HttpEvasion-http-006", None, evasions.http.transferencoding_chunked, evasions.http.encode_chunked_equisize_leadingzeros.parameterize(chunksize=32, leadingzeros=10)))
cases.append(TransformFunction("HttpEvasion-http-007", None, evasions.http.status_code_3xx.parameterize(statuscode=305)))
cases.append(TransformFunction("HttpEvasion-http-500", None,
evasions.http.status_code_3xx.parameterize(statuscode=305),
evasions.http.contentencoding_gzip,
evasions.http.encode_gzip_compression_max,
evasions.http.transferencoding_chunked,
evasions.http.encode_chunked_equisize_leadingzeros.parameterize(chunksize=32, leadingzeros=10)))
simple_index = len(cases)
# description cleanup
if not long_descriptions:
TransformFunction.cleanup_descriptions(cases, simple_index)
return OrderedDict([(c.name, c) for c in cases])
def get_cases(long_descriptions=False):
case_basename = "ContentEvasion-content-"
diverage_stack = deque()
diverage_count_stack = deque()
cases = []
# singles/minimums
cases.append(
TransformFunction("ContentEvasion-null-001", None,
evasions.cve_2019_0752.null))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_html_comments))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_vbscript_comments))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_html_tag))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_xuacompatible_value))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_Expires))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_div_container_id))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_div_content_id))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_div_content_string))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_container_width))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_content_width))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.change_trigger_to_scrollTop))
cases.append(
TransformFunction(
case_basename + "{:03d}".format(len(cases)), None, evasions.
cve_2019_0752.replace_div_html_with_javascript_createelement))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.set_vbscript_tag_language))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_xuacompatible))
cases.append(
TransformFunction(
case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.
remove_vbscript_open_tag_andreplace_with_document_write_js))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_ar1_size))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_ar2))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_addressOfGremlin))
cases.append(
TransformFunction(
case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_gremlin_existence_check))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.change_dictionary_entry))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.change_exists_string))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_on_error))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_cleanup))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_vtable_address))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_pld_address))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_pld_address,
evasions.cve_2019_0752.winexecToSystem,
evasions.cve_2019_0752.remove_powershell_comment))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_pld_address,
evasions.cve_2019_0752.winexecToSystem,
evasions.cve_2019_0752.remove_powershell_comment,
evasions.cve_2019_0752.obfuscate_cmd_commandline))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_pld_address,
evasions.cve_2019_0752.change_path_traversal))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.change_powershell_comment_Bs))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.replace_pld_address,
evasions.cve_2019_0752.change_path_traversal,
evasions.cve_2019_0752.remove_powershell_comment))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_vbscript_comments,
evasions.cve_2019_0752.rename_variables))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_vbscript_comments,
evasions.cve_2019_0752.reorder_functions))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_vbscript_comments,
evasions.cve_2019_0752.vbscript_whitespace))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_vbscript_comments,
evasions.cve_2019_0752.linesplit))
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_vbscript_comments,
evasions.cve_2019_0752.stringsplit))
# test_cases.append(TransformFunction(test_case_basename + "{:03d}".format(len(test_cases)), None, remove_vbscript_comments, maths))
simple_index = len(cases)
# helper for later
def CodeTransformCases(test_cases,
diverage_stack,
diverage_count_stack,
test_case_basename=case_basename):
# assumes that remove_vbscript_comments has already been applied
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.rename_variables))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.reorder_functions))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.vbscript_whitespace))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.linesplit))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.stringsplit))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
# test_cases.append(TransformFunction(test_case_basename + "{:03d}".format(len(test_cases)), None, diverage_stack[-1], maths))
# diverage_stack.append(test_cases[-1])
# diverage_count_stack[-1] += 1
def vbscriptCases(test_cases,
diverage_stack,
diverage_count_stack,
test_case_basename=case_basename):
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.replace_ar1_size))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.remove_ar2))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_addressOfGremlin))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.remove_gremlin_existence_check))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_dictionary_entry))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_exists_string))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.remove_on_error))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.remove_cleanup))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_pld_address))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
diverage_count_stack.append(0)
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_powershell_comment_Bs))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
CodeTransformCases(test_cases, diverage_stack, diverage_count_stack,
test_case_basename)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
diverage_count_stack.append(0)
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.winexecToSystem,
evasions.cve_2019_0752.remove_powershell_comment))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.winexecToSystem,
evasions.cve_2019_0752.remove_powershell_comment,
evasions.cve_2019_0752.obfuscate_cmd_commandline))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
CodeTransformCases(test_cases, diverage_stack, diverage_count_stack,
test_case_basename)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_vtable_address))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_path_traversal))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.remove_powershell_comment))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
diverage_count_stack.append(0)
CodeTransformCases(test_cases, diverage_stack, diverage_count_stack,
test_case_basename)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
# frankensteins
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
evasions.cve_2019_0752.remove_html_comments,
evasions.cve_2019_0752.remove_vbscript_comments))
diverage_stack.append(cases[-1])
diverage_count_stack.append(0)
CodeTransformCases(cases, diverage_stack, diverage_count_stack)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.remove_html_tag)
) # incompatibale with vbscript_whitespace in some cases?
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_xuacompatible_value))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.remove_Expires))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_div_container_id))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_div_content_id))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_div_content_string))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_container_width))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_content_width))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_trigger_to_scrollTop))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(
case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.
replace_div_html_with_javascript_createelement))
diverage_stack.append(cases[-1])
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.set_vbscript_tag_language))
diverage_stack.append(cases[-1])
diverage_count_stack.append(0)
CodeTransformCases(cases, diverage_stack, diverage_count_stack)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
diverage_count_stack.append(0)
vbscriptCases(cases, diverage_stack, diverage_count_stack)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
diverage_count_stack.append(0)
cases.append(
TransformFunction(
case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.
remove_vbscript_open_tag_andreplace_with_document_write_js))
diverage_stack.append(cases[-1])
diverage_count_stack[-1] += 1
cases.append(
TransformFunction(case_basename + "{:03d}".format(len(cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.remove_xuacompatible))
diverage_stack.append(cases[-1])
diverage_count_stack[-1] += 1
vbscriptCases(cases, diverage_stack, diverage_count_stack, case_basename)
# description cleanup
if not long_descriptions:
TransformFunction.cleanup_descriptions(cases, simple_index)
return OrderedDict([(c.name, c) for c in cases])
def vbscriptCases(test_cases,
diverage_stack,
diverage_count_stack,
test_case_basename=case_basename):
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.replace_ar1_size))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.remove_ar2))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_addressOfGremlin))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.remove_gremlin_existence_check))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_dictionary_entry))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_exists_string))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.remove_on_error))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.remove_cleanup))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_pld_address))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
diverage_count_stack.append(0)
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_powershell_comment_Bs))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
CodeTransformCases(test_cases, diverage_stack, diverage_count_stack,
test_case_basename)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
diverage_count_stack.append(0)
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.winexecToSystem,
evasions.cve_2019_0752.remove_powershell_comment))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1], evasions.cve_2019_0752.winexecToSystem,
evasions.cve_2019_0752.remove_powershell_comment,
evasions.cve_2019_0752.obfuscate_cmd_commandline))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
CodeTransformCases(test_cases, diverage_stack, diverage_count_stack,
test_case_basename)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.replace_vtable_address))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.change_path_traversal))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
test_cases.append(
TransformFunction(
test_case_basename + "{:03d}".format(len(test_cases)), None,
diverage_stack[-1],
evasions.cve_2019_0752.remove_powershell_comment))
diverage_stack.append(test_cases[-1])
diverage_count_stack[-1] += 1
diverage_count_stack.append(0)
CodeTransformCases(test_cases, diverage_stack, diverage_count_stack,
test_case_basename)
for i in range(diverage_count_stack.pop()):
diverage_stack.pop()