def test_taint_union_register_memory(self):
"""Check tainting union register U memory."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
# !T U T
untaintRegister(REG.RAX)
taintMemory(MemoryAccess(0x2000, 4))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
# T U T
taintRegister(REG.RAX)
taintMemory(MemoryAccess(0x2000, 4))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
def test_taint_union_register_memory(self):
"""Check tainting union register U memory."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
# !T U T
untaintRegister(REG.RAX)
taintMemory(MemoryAccess(0x2000, 4))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
# T U T
taintRegister(REG.RAX)
taintMemory(MemoryAccess(0x2000, 4))
taintUnionRegisterMemory(REG.RAX, MemoryAccess(0x2000, 4))
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
def test_taint_assignement_register_immediate(self):
"""Check tainting assignment register <- immediate."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterImmediate(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
def test_taint_assignement_register_immediate(self):
"""Check tainting assignment register <- immediate."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterImmediate(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
def test_known_issues(self):
"""Check tainting result after processing."""
setArchitecture(ARCH.X86)
taintRegister(REG.EAX)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcodes("\x8D\x04\x06")
processing(inst)
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.EBX))
def test_known_issues(self):
"""Check tainting result after processing."""
setArchitecture(ARCH.X86)
taintRegister(REG.EAX)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcodes("\x8D\x04\x06")
processing(inst)
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.EBX))
def test_taint_union_register_immediate(self):
"""Check tainting union register U immediate."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintUnionRegisterImmediate(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintUnionRegisterImmediate(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
def test_taint_union_register_immediate(self):
"""Check tainting union register U immediate."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintUnionRegisterImmediate(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintUnionRegisterImmediate(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
def test_taint_get_tainted_registers(self):
"""Get tainted registers"""
setArchitecture(ARCH.X86_64)
r = getTaintedRegisters()
self.assertTrue(len(r) == 0)
taintRegister(REG.EAX)
taintRegister(REG.AX)
taintRegister(REG.RBX)
taintRegister(REG.CL)
taintRegister(REG.DI)
r = getTaintedRegisters()
self.assertTrue(REG.RAX in r)
self.assertTrue(REG.RBX in r)
self.assertTrue(REG.RCX in r)
self.assertTrue(REG.RDI in r)
def test_taint_get_tainted_registers(self):
"""Get tainted registers"""
setArchitecture(ARCH.X86_64)
r = getTaintedRegisters()
self.assertTrue(len(r) == 0)
taintRegister(REG.EAX)
taintRegister(REG.AX)
taintRegister(REG.RBX)
taintRegister(REG.CL)
taintRegister(REG.DI)
r = getTaintedRegisters()
self.assertTrue(REG.RAX in r)
self.assertTrue(REG.RBX in r)
self.assertTrue(REG.RCX in r)
self.assertTrue(REG.RDI in r)
def test_taint_register(self):
"""Check over tainting register."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.AH)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertTrue(isRegisterTainted(REG.AX))
untaintRegister(REG.AH)
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.AX))
def test_taint_assignement_register_memory(self):
"""Check tainting assignment register <- memory."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
self.assertFalse(isRegisterTainted(REG.RAX))
taintMemory(MemoryAccess(0x2000, 8))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 8)))
taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x3000, 8))
self.assertFalse(isRegisterTainted(REG.RAX))
def test_taint_assignement_register_memory(self):
"""Check tainting assignment register <- memory."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
self.assertFalse(isRegisterTainted(REG.RAX))
taintMemory(MemoryAccess(0x2000, 8))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 8)))
taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x2000, 8))
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterMemory(REG.RAX, MemoryAccess(0x3000, 8))
self.assertFalse(isRegisterTainted(REG.RAX))
def test_taint_register(self):
"""Check over tainting register."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.AH)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertTrue(isRegisterTainted(REG.AX))
untaintRegister(REG.AH)
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.AX))
def test_taint_union_register_register(self):
"""Check tainting union register U register."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.RBX))
taintRegister(REG.RBX)
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isRegisterTainted(REG.RBX))
untaintRegister(REG.RAX)
taintRegister(REG.RBX)
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isRegisterTainted(REG.RBX))
untaintRegister(REG.RAX)
untaintRegister(REG.RBX)
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.RBX))
def test_taint_union_register_register(self):
"""Check tainting union register U register."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.RBX))
taintRegister(REG.RBX)
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isRegisterTainted(REG.RBX))
untaintRegister(REG.RAX)
taintRegister(REG.RBX)
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
self.assertTrue(isRegisterTainted(REG.RBX))
untaintRegister(REG.RAX)
untaintRegister(REG.RBX)
taintUnionRegisterRegister(REG.RAX, REG.RBX)
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.RBX))
def test_taint_assignement_register_register(self):
"""Check tainting assignment register <- register."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.RBX))
taintRegister(REG.RBX)
self.assertTrue(isRegisterTainted(REG.RBX))
taintAssignmentRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
def test_taint_assignement_register_register(self):
"""Check tainting assignment register <- register."""
setArchitecture(ARCH.X86_64)
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
self.assertTrue(isRegisterTainted(REG.RAX))
untaintRegister(REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
taintAssignmentRegisterRegister(REG.RAX, REG.RAX)
self.assertFalse(isRegisterTainted(REG.RAX))
self.assertFalse(isRegisterTainted(REG.RBX))
taintRegister(REG.RBX)
self.assertTrue(isRegisterTainted(REG.RBX))
taintAssignmentRegisterRegister(REG.RAX, REG.RBX)
self.assertTrue(isRegisterTainted(REG.RAX))
def test_taint_union_memory_register(self):
"""Check tainting union memory U register."""
setArchitecture(ARCH.X86_64)
taintMemory(MemoryAccess(0x2000, 4))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertFalse(isRegisterTainted(REG.RAX))
untaintMemory(MemoryAccess(0x2000, 4))
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertFalse(isRegisterTainted(REG.RAX))
taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertTrue(isRegisterTainted(REG.RAX))
def test_taint_union_memory_register(self):
"""Check tainting union memory U register."""
setArchitecture(ARCH.X86_64)
taintMemory(MemoryAccess(0x2000, 4))
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertFalse(isRegisterTainted(REG.RAX))
untaintMemory(MemoryAccess(0x2000, 4))
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertFalse(isRegisterTainted(REG.RAX))
taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
self.assertFalse(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertFalse(isRegisterTainted(REG.RAX))
taintRegister(REG.RAX)
taintUnionMemoryRegister(MemoryAccess(0x2000, 4), REG.RAX)
self.assertTrue(isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertTrue(isRegisterTainted(REG.RAX))