def test_identify_with_many_opportunities(self): '''CrossdiskRenameMutator should find one opportunity in a trace with one stat-like call ''' trace_data = '''2503 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e05000 2503 set_thread_area({entry_number:-1, base_addr:0xb7e05700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 (entry_number:6) 2503 mprotect(0xb7fb6000, 8192, PROT_READ) = 0 2503 rename("test/test.txt", "test/test2.txt") = 0 2503 mprotect(0x8049000, 4096, PROT_READ) = 0 2503 mprotect(0xb7ffe000, 4096, PROT_READ) = 0 2503 munmap(0xb7fbc000, 100584) = 0 2503 rename("test/test.txt", "test/test2.txt") = 0 ''' trace_file = tempfile.NamedTemporaryFile() trace_file.write(trace_data) trace_file.flush() syscalls = Trace.Trace( trace_file.name, DEFAULT_CONFIG_PATH + 'syscall_definitions.pickle').syscalls trace_file.close() mut = CrossdiskRenameMutator() lines = mut.identify_lines(syscalls) self.assertEqual(len(lines), 2)
def test_sigreturn(self): strace_path = get_test_data_path("signals.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) sigreturn_call = t.syscalls[2] assert sigreturn_call.args[0].value == "{mask=[]}" assert sigreturn_call.ret == (26827, None)
def test_identify_with_many_opportunities(self): '''FsyncNoSpaceMutator should find one opportunity in a trace with one stat-like call ''' trace_data = r'''5414 munmap(0xb7fbc000, 100584) = 0 5414 fstat64(1, {st_dev=makedev(0, 21), st_ino=13, st_mode=S_IFCHR|0620, st_nlink=1, st_uid=1000, st_gid=5, st_blksize=1024, st_blocks=0, st_rdev=makedev(136, 10), st_atime=2019/06/06-10:29:52.005720855, st_mtime=2019/06/06-10:29:52.005720855, st_ctime=2019/06/05-19:12:41.005720855}) = 0 5414 brk(NULL) = 0x804b000 5414 brk(0x806c000) = 0x806c000 5414 write(1, "Fsync please!\n", 14) = 14 5414 fsync(0) = 0 5414 fsync(0) = 0 5414 fsync(0) = 0 ''' trace_file = tempfile.NamedTemporaryFile() trace_file.write(trace_data) trace_file.flush() syscalls = Trace.Trace( trace_file.name, DEFAULT_CONFIG_PATH + 'syscall_definitions.pickle').syscalls trace_file.close() mut = FsyncNoSpaceMutator() lines = mut.identify_lines(syscalls) self.assertEqual(len(lines), 3)
def test_get_euid(self): strace_path = get_test_data_path("execve.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) geteuid_call = t.syscalls[2] assert geteuid_call.ret == (0, None)
def test_identify_with_many_opportunities(self): '''UnusualFiletypeMutator should find one opportunity in a trace with one stat-like call ''' trace_data = '''28725 close(1) = 0 28725 lstat64(".data.txt.TziqM5", {st_dev=makedev(8, 1), st_ino=50795, st_mode=S_IFREG|0600, st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=8, st_size=13, st_atime=2018/05/06-16:29:03.502410913, st_mtime=2018/05/06-16:29:03.502410913, st_ctime=2018/05/06-16:29:03.502410913}) = 0 28725 lstat64(".data.txt.TziqM5", {st_dev=makedev(8, 1), st_ino=50795, st_mode=S_IFREG|0600, st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=8, st_size=13, st_atime=2018/05/06-16:29:03.502410913, st_mtime=2018/05/06-16:29:03.502410913, st_ctime=2018/05/06-16:29:03.502410913}) = 0 28725 lstat64(".data.txt.TziqM5", {st_dev=makedev(8, 1), st_ino=50795, st_mode=S_IFREG|0600, st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=8, st_size=13, st_atime=2018/05/06-16:29:03.502410913, st_mtime=2018/05/06-16:29:03.502410913, st_ctime=2018/05/06-16:29:03.502410913}) = 0 28725 utimensat(AT_FDCWD, ".data.txt.TziqM5", [UTIME_NOW, {1525649303, 124679220}], AT_SYMLINK_NOFOLLOW) = 0 28725 chmod(".data.txt.TziqM5", 0664) = 0 28725 rename(".data.txt.TziqM5", "data.txt") = 0 28725 _newselect(5, [0], [4], [0], {60, 0}) = 1 (out [4], left {59, 999997}) 28725 write(4, "\4\0\0k\1\0\0\0", 8) = 8 28725 _newselect(1, [0], [], [0], {60, 0}) = 1 (in [0], left {59, 999998}) 28725 read(0, "\1\0\0\7\0", 32768) = 5 28725 munmap(0xb7b36000, 266240) = 0 28725 munmap(0xb7bc8000, 135168) = 0''' trace_file = tempfile.NamedTemporaryFile() trace_file.write(trace_data) trace_file.flush() syscalls = Trace.Trace( trace_file.name, DEFAULT_CONFIG_PATH + 'syscall_definitions.pickle').syscalls trace_file.close() mut = UnusualFiletypeMutator() lines = mut.identify_lines(syscalls) self.assertEqual(len(lines), 3)
def test_brk(self): strace_path = get_test_data_path("misc.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) brk_call = t.syscalls[0] assert brk_call.args[0].value == "NULL" assert brk_call.ret == ("0x56221d7d1000", None)
def test_tid_addr(self): strace_path = get_test_data_path("misc.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) set_tid_addr_call = t.syscalls[1] assert set_tid_addr_call.args[0].value == "7f75b62c36d0" assert set_tid_addr_call.ret == (29898, None)
def test_access(self): strace_path = get_test_data_path("execve.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) bad_access_call = t.syscalls[6] assert bad_access_call.args[0].value == "/etc/ld.so.preload" assert bad_access_call.args[1].value == ["R_OK"] assert bad_access_call.ret == (-1, "ENOENT")
def test_robust_list(self): strace_path = get_test_data_path("misc.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) set_robust_list_call = t.syscalls[2] assert set_robust_list_call.args[0].value == "0x7f75b62c36e0" assert set_robust_list_call.args[1].value == "24" assert set_robust_list_call.ret == (0, None)
def test_statfs(self): strace_path = get_test_data_path("fstat.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) statfs_call = t.syscalls[3] assert statfs_call.args[0].value == "/sys/fs/selinux" assert statfs_call.args[1].value == "0x7ffffab26f40" assert statfs_call.ret == (-1, "ENOENT")
def test_munmap(self): strace_path = get_test_data_path("memory.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) munmap_call = t.syscalls[2] assert munmap_call.args[0].value == "0x7fcf9d4b0000" assert munmap_call.args[1].value == "75070" assert munmap_call.ret == (0, None)
def test_listen(self): strace_path = get_test_data_path("socket.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) listen_call = t.syscalls[11] assert listen_call.args[0].value == 7 assert listen_call.args[1].value == 5 assert listen_call.ret == (0, None)
def openat(self): strace_path = get_test_data_path("openclose.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) openat_call = t.syscalls[4] assert openat_call.args[0].value == "AT_FDCWD" assert openat_call.args[1].value == "/etc/ld.so.cache" assert openat_call.ret == (7, None)
def test_getdents64(self): # Note: empty function strace_path = get_test_data_path("directory.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) getdents64_call = t.syscalls[7] assert getdents64_call.args[0].value == 7 assert getdents64_call.args[1].value == "[]" assert getdents64_call.args[2].value == 32768 assert getdents64_call.ret == (0, None)
def test_close(self): strace_path = get_test_data_path("openclose.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) close_call = t.syscalls[3] assert close_call.name == "close" assert close_call.args[0].value == 3 assert close_call.ret == (0, None)
def test_lseek(self): strace_path = get_test_data_path("execve.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) lseek_call = t.syscalls[3] assert lseek_call.args[0].value == 3 assert lseek_call.args[1].value == "0" assert lseek_call.args[2].value == ["SEEK_SET"] assert lseek_call.ret == (0, None)
def test_mprotect(self): strace_path = get_test_data_path("memory.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) mprotect_call = t.syscalls[0] assert mprotect_call.args[0].value == "0x7f3366ab3000" assert mprotect_call.args[1].value == "12288" assert mprotect_call.args[2].value == ["PROT_READ"] assert mprotect_call.ret == (0, None)
def test_pread64(self): strace_path = get_test_data_path("misc.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) prlimit64_call = t.syscalls[6] assert prlimit64_call.args[0].value == 3 assert prlimit64_call.args[2].value == "784" assert prlimit64_call.args[3].value == "64" assert prlimit64_call.ret == (784, None)
def test_lstat(self): strace_path = get_test_data_path("fstat.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) lstat_call = t.syscalls[2] assert lstat_call.args[0].value == "/proc/self/task" assert lstat_call.args[1].value[0] == "st_dev=makedev(0, 0x16)" assert lstat_call.args[1].value[5] == "st_gid=0" assert lstat_call.ret == (0, None)
def test_clone(self): strace_path = get_test_data_path("clone.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) clone_call = t.syscalls[0] assert clone_call.args[0].value == ["child_stack=NULL"] assert (clone_call.args[1].value == "flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD") assert clone_call.args[2].value == ["child_tidptr=0x7fdb04c07810"] assert clone_call.ret == (21677, None)
def test_getcwd(self): strace_path = get_test_data_path("directory.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) getcwd_call = t.syscalls[6] assert ( getcwd_call.args[0].value == '"/home/almazhan/Desktop/res_tandon/posix-omni-parser/testbins"') assert getcwd_call.args[1].value == "4096" assert getcwd_call.ret == (61, None)
def test_fstat(self): strace_path = get_test_data_path("fstat.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) fstat_call = t.syscalls[0] assert fstat_call.name == "fstat" assert fstat_call.args[0].value == 3 assert fstat_call.args[1].value[0] == "st_dev=makedev(0, 4)" assert fstat_call.args[1].value[5] == "st_gid=0"
def test_prlimit64(self): # Note-incorrect parsing strace_path = get_test_data_path("memory.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) prlimit64_call = t.syscalls[3] assert prlimit64_call.args[0].value == 0 assert prlimit64_call.args[1].value == ["RLIMIT_STACK"] assert prlimit64_call.args[2].value == "NULL" assert prlimit64_call.args[3].value == "{rlim_cur=8192*1024" assert prlimit64_call.ret == (0, None)
def test_socket(self): strace_path = get_test_data_path("socket.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) socket_call = t.syscalls[0] assert socket_call.name == "socket" assert socket_call.args[0].value == ["PF_INET"] assert socket_call.args[1].value == ["SOCK_STREAM"] assert socket_call.args[2].value == ["IPPROTO_IP"] assert socket_call.ret == (3, None)
def test_recv(self): strace_path = get_test_data_path("recv.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) recv_call = t.syscalls[0] # 20645 recv(6, 0xb7199058, 4096, 0) = -1 EAGAIN assert recv_call.args[0].value == 6 assert recv_call.args[1].value == "0xb7199058" assert recv_call.args[2].value == "4096" assert recv_call.args[3].value == ["0"] assert recv_call.ret == (-1, "EAGAIN")
def test_ioctl(self): # Note-incorrect parsing strace_path = get_test_data_path("misc.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) ioctl_call = t.syscalls[5] assert ioctl_call.args[0].value == 1 assert ioctl_call.args[1].value == "TIOCGWINSZ" assert ioctl_call.args[2].value == "{ws_row=16" assert ioctl_call.args[3].value == "ws_col=109" assert ioctl_call.args[4].value == "ws_xpixel=0" assert ioctl_call.ret == (0, None)
def test_unlink(self): strace_path = get_test_data_path("link.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) unlink_call = t.syscalls[2] assert unlink_call.args[0].value == "al/sic/newest1.txt" assert unlink_call.ret == (0, None) bad_unlink_call = t.syscalls[3] assert bad_unlink_call.args[0].value == "al/sic/newest2.txt" assert bad_unlink_call.ret == (-1, "ENOENT")
def test_rmdir(self): strace_path = get_test_data_path("directory.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) rmdir_call = t.syscalls[2] assert rmdir_call.args[0].value == "al/ma/new-dir1" assert rmdir_call.ret == (0, None) bad_rmdir_call = t.syscalls[3] assert bad_rmdir_call.args[0].value == "al/ma/new-dir1" assert bad_rmdir_call.ret == (-1, "ENOENT")
def test_execve(self): strace_path = get_test_data_path("execve.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) execve_call = t.syscalls[0] assert execve_call.args[0].value == "/bin/ps" assert execve_call.args[1].value == '["ps"]' assert execve_call.args[2].value == "NULL" assert execve_call.ret == (0, None)
def test_mmap(self): strace_path = get_test_data_path("memory.strace") syscall_definitions = get_test_data_path("syscall_definitions.pickle") t = Trace.Trace(strace_path, syscall_definitions) mmap_call = t.syscalls[1] assert mmap_call.args[0].value == "NULL" assert mmap_call.args[1].value == "2036952" assert mmap_call.args[2].value == ["PROT_READ"] assert mmap_call.args[4].value == 7 assert mmap_call.args[5].value == "0" assert mmap_call.ret == ("0x7fc88349b000", None)