Пример #1
0
def add_test_or_crash(args):
    p = subprocess.Popen([shellphish_qemu.qemu_path('cgc-base'), args.cb],
                         stdin=subprocess.PIPE)
    p.poll()
    test = ""

    if args.batch:
        test = sys.stdin.read()
        p.communicate(test)
    else:
        try:
            while p.returncode is None:
                r, _, _ = select([sys.stdin], [], [], 0.05)
                if r is not None:
                    b = sys.stdin.read(1)
                    test += b
                    p.stdin.write(b)

                p.poll()
        except KeyboardInterrupt:
            p.returncode = 0
        except IOError:
            p.returncode = 1

    if p.returncode == 0:
        print "Finished test, inserting now..."
        cs = CS.select().where(CS.name == args.cs)

        # first we have to make a fake job
        job = Job.create(cs=cs,
                         completed_at=datetime.datetime.now(),
                         worker="garbage")

        Test.create(cs=cs, job=job, blob=test)
        print "Test inserted!"
    else:
        print "Found a crash, inserting now..."

        qc = QuickCrash(args.cb, test)
        print "appears to be of type " + qc.kind

        print "cs = " + args.cs
        cs = CS.select().where(CS.name == args.cs)

        # first we have to make a fake job
        job = Job.create(cs=cs,
                         completed_at=datetime.datetime.now(),
                         worker="garbage")

        Crash.create(cs=cs, job=job, blob=test, kind=qc.kind)
        print "Crash inserted!"
Пример #2
0
def upload_cbns(args):
    cs = CS.select().where(CS.name == args.cs)

    patch_type, _ = PT.get_or_create(name="manual",
                                     functionality_risk=1.0,
                                     exploitability=0.0)

    cbns = []
    for patched_file in args.patched_files:
        with open(patched_file) as f:
            content = f.read()
        try:
            cbn = CBN.create(cs=cs,
                             blob=content,
                             name=patched_file,
                             patch_type=patch_type)
        except peewee.IntegrityError:
            print "CBN already exists. Fetching."
            cbn = CBN.select().where(CBN.name == args.patched_file,
                                     CBN.cs == cs, CBN.blob == content)
        cbns.append(cbn)

    if args.field:
        ids = IDSRule.get_or_create(cs=target_cs, rules='')
        CSSubmissionCable.get_or_create(cs=target_cs,
                                        cbns=cbns,
                                        ids=ids,
                                        round=Round.current_round())

    if args.eF is not None and args.eT is not None and args.eM is not None and cbn.patch_type is not None:
        perf_score = {
            'score': {
                'ref': {
                    'task_clock': 1.0,
                    'rss': 1.0,
                    'flt': 1.0,
                    'file_size': 1.0
                },
                'rep': {
                    'task_clock': args.eT,
                    'file_size': args.size_overhead,
                    'rss': args.eM,
                    'flt': args.eM,
                }
            }
        }
        PS.create(cs=cs,
                  perf_score=perf_score,
                  patch_type=cbn.patch_type,
                  has_failed_polls=args.eF != 0,
                  failed_polls=args.eF)
    if args.pT is not None and args.pM is not None and args.pS is not None:
        csf.poll_feedback = PF.create(cs=cs,
                                      round_id=Round.current_round().id,
                                      success=args.pS,
                                      time_overhead=args.pT,
                                      memory_overhead=args.pM,
                                      size_overhead=args.size_overhead)
        csf.save()
Пример #3
0
def insert_test(args):
    cs = CS.select().where(CS.name == args.cs)
    test = args.test.read()

    # first we have to make a fake job
    job = Job.create(cs=cs,
                     completed_at=datetime.datetime.now(),
                     worker="garbage")

    Test.create(cs=cs, job=job, blob=test)
Пример #4
0
    def test_get_or_create(self):
        assert_equals(len(ChallengeSet.select()), 0)
        r1 = Round.create(num=0)
        cs1, _ = ChallengeSet.get_or_create(name="foo")
        cs2, _ = ChallengeSet.get_or_create(name="foo")
        cs3, _ = ChallengeSet.get_or_create(name="bar")

        for cs in [cs1, cs2, cs3]:
            cs.rounds = [r1.id]

        assert_equals(len(ChallengeSet.select()), 2)
        assert_equals(cs2.id, cs1.id)
        assert_not_equals(cs3.id, cs1.id)

        cs3.delete_instance(recursive=True)
        cs2.delete_instance(recursive=True)
        cs1.delete_instance(recursive=True)
        r1.delete_instance(recursive=True)
        ChallengeSet._meta.database.commit()
Пример #5
0
def insert_crash(args):
    cs = CS.select().where(CS.name == args.cs)
    test = args.crash.read()
    kind = args.crash_kind

    # first we have to make a fake job
    job = Job.create(cs=cs,
                     completed_at=datetime.datetime.now(),
                     worker="garbage")

    Crash.create(cs=cs, kind=kind, job=job, blob=test)
Пример #6
0
def field_cbns(args):
    cs = CS.select().where(CS.name == args.cs)
    # i know i could use one query for this, but then we might get duplicate CBNs and more than we want
    cbns = [
        CBN.get(CBN.cs == cs, CBN.sha256 == sha) for sha in args.patched_shas
    ]
    ids, _ = IDSRule.get_or_create(cs=cs, rules='')
    CSSubmissionCable.get_or_create(cs=cs,
                                    cbns=cbns,
                                    ids=ids,
                                    round=Round.current_round())
Пример #7
0
def create_round(args):
    if not len(args.challenge_sets):
        fielded = [cs.name for cs in CS.fielded_in_round()]
    else:
        fielded = args.challenge_sets
    new_round = Round.create(
        num=args.number if args.number is not None else Round.current_round() +
        1)

    for f in fielded:
        cs = CS.select().where(CS.name == f).get()
        CSF.create(cs=cs, team=Team.get_our(), available_round=new_round)
Пример #8
0
    def single_cb_challenge_sets(self, round_=None):
        """Return the list of single-cb challenge sets that are active in a round.

        :keyword round_: The round number for which the binaries should be
                         returned (default: current round).
        """
        csids = [
            cbn.cs.id for cbn in self.cbns(round_) if not cbn.cs.is_multi_cbn
        ]
        if csids:
            return ChallengeSet.select().where(ChallengeSet.id << csids)
        else:
            return []
Пример #9
0
def list_patches(args):
    wanted_fields = (CBN.name, CBN.size, CBN.sha256, CBN.patch_type,
                     CBN.is_blacklisted)
    q = CBN.select(*wanted_fields)

    if args.cs is not None:
        cs = CS.select().where(CS.name == args.cs)
        for patch in q.where(CBN.cs == cs):
            print format_patch(patch)
    else:
        for cs in CS.fielded_in_round():
            print "CS {}:".format(cs.name)
            for patch in q.where(CBN.cs == cs):
                print format_patch(patch)
            print ""
Пример #10
0
def upload_exploit(args):
    cs = CS.select().where(CS.name == args.cs)
    exploit = args.exploit.read()
    source = args.source.read() if args.source is not None else None

    # first we have to make a fake job
    job = Job.create(cs=cs,
                     completed_at=datetime.datetime.now(),
                     worker="garbage")

    # now actually add the exploit
    Exploit.create(cs=cs,
                   job=job,
                   blob=exploit,
                   pov_type=args.type,
                   method=args.method,
                   reliability=args.reliability,
                   c_code=source)