def setup_vpn(logger):
logger.log_debug('Write setup-vpn.sh to /etc')
if logging_subprocess.call("cp files/setup-vpn.sh /etc/setup-vpn.sh", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Add to rc.local')
try:
f = open('/etc/rc.local', 'w')
f.write('bash /etc/setup-vpn.sh\nexit 0')
f.close()
except:
logger.logger.error(sys.exc_info()[0])
return False
logger.log_debug('Execute setup-vpn.sh')
if logging_subprocess.call("bash /etc/setup-vpn.sh", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Ufw default forward policy')
for line in fileinput.input("/etc/default/ufw", inplace=True):
print line.replace('DEFAULT_FORWARD_POLICY="DROP"', 'DEFAULT_FORWARD_POLICY="ACCEPT"'),
if logging_subprocess.call("service ufw restart", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Copy CLI')
if logging_subprocess.call("chmod +x files/instavpn && cp files/instavpn /usr/bin/instavpn", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
return True
def setup_vpn(logger):
logger.log_debug('Write setup-vpn.sh to /etc')
if logging_subprocess.call("cp files/setup-vpn.sh /etc/setup-vpn.sh", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Add to rc.local')
try:
f = open('/etc/rc.local', 'w')
f.write('bash /etc/setup-vpn.sh\nexit 0')
f.close()
except:
logger.logger.error(sys.exc_info()[0])
return False
logger.log_debug('Execute setup-vpn.sh')
if logging_subprocess.call("bash /etc/setup-vpn.sh", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Copy CLI')
if logging_subprocess.call("chmod +x files/instavpn && cp files/instavpn /usr/bin/instavpn", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
return True
def install_packages(logger):
logger.log_debug('Update package lists')
if logging_subprocess.call("apt-get update", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Update packages')
if logging_subprocess.call("apt-get -y upgrade", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Install node.js')
if logging_subprocess.call("apt-get install -y nodejs-legacy npm build-essential libssl-dev", logger.logger,
stdout_log_level=logging.DEBUG, stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Install vnstat')
if logging_subprocess.call("apt-get install -y vnstat vnstati", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Install VPN server packages')
if logging_subprocess.call("DEBIAN_FRONTEND=noninteractive apt-get install -q -y openswan xl2tpd ppp lsof",
logger.logger,
stdout_log_level=logging.DEBUG, stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
return True
def bringdown(self):
with open(self.exports_path, 'r+') as f:
lines = f.readlines()
f.seek(0)
f.truncate()
for line in lines:
if self.export != line:
f.write(line)
else:
self.logger.info("Removing export: {0}".format(line))
self.logger.info("Updating NFS exports")
logging_subprocess.call(['export', '-a'], self.logger, shell=True)
def webui(logger):
logger.log_debug('Generate random password')
char_set = string.ascii_lowercase + string.ascii_uppercase + string.digits
with open('web/server/credentials.json', 'r+') as f:
json_data = json.loads(f.read())
json_data['admin']['password'] = ''.join(random.sample(char_set * 16, 16))
f.seek(0)
f.write(json.dumps(json_data))
f.truncate()
logger.log_debug('Copy web UI directory')
if logging_subprocess.call("cp -rf web/ /opt/instavpn", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Install node_modules')
if logging_subprocess.call("cd /opt/instavpn && npm install", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Copy upstart script')
if logging_subprocess.call("cp files/instavpn.conf /etc/init", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Add vnstati to cron')
if logging_subprocess.call('crontab -l | { cat; echo "* * * * * vnstati -s -i eth0 -o /opt/instavpn/public/images/vnstat.png"; } | crontab -', logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('Start service')
if logging_subprocess.call("start instavpn", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
return True
def cp_configs(logger):
logger.log_debug('xl2tpd.conf')
if logging_subprocess.call("cp files/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('options.xl2tpd')
if logging_subprocess.call("cp files/options.xl2tpd /etc/ppp/options.xl2tpd", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
logger.log_debug('ipsec.conf.template')
if logging_subprocess.call("cp files/ipsec.conf.template /etc/ipsec.conf.template", logger.logger,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
return True
def run_command(cmd):
return not (logging_subprocess.call(cmd,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG,
shell=True))
def test_custom_stderr_log_level(self):
logging_subprocess.call(
[sys.executable, "-c", 'import sys; sys.stderr.write("foo\\n")'],
self.logger,
stderr_log_level=logging.WARNING)
self.assertIn('WARNING-foo', self.buffer.getvalue())
def test_custom_stdout_log_level(self):
logging_subprocess.call([sys.executable, "-c", "print 'foo'"],
self.logger,
stdout_log_level=logging.INFO)
self.assertIn('INFO-foo', self.buffer.getvalue())
def test_log_stderr(self):
logging_subprocess.call(
[sys.executable, "-c", 'import sys; sys.stderr.write("foo\\n")'],
self.logger)
self.assertIn('ERROR-foo', self.buffer.getvalue())
def isEquivalent(self, anml):
"""Uses CPAChecker to try to find a counterexample quickly"""
super(CpaBmcSeqMat, self).isEquivalent(anml)
query_number = self.getStats()['equivalence_queries']
logger.info("Checking if equivalent [%d]", query_number)
#use the query_number to store the equivalence logs
cur_dir = self.log_dir + "/equivalent-{}".format(str(query_number))
try:
os.makedirs(cur_dir)
except OSError as exception:
if exception.errno != errno.EEXIST:
raise
logger.warning("logging dir '{}' already exists!".format(cur_dir))
anml.exportToFile(os.path.join(cur_dir, "candidate.mnrl"))
logger.debug("{} states in candidate before minimization".format(
len(anml.nodes)))
logger.info("Minimizing candidate automaton")
deadstate.removeDeadStates(anml)
logger.info("{} states in candidate".format(len(anml.nodes)))
# first, we need to get the regular expression from the state machine
br = brzozowski.Machine(anml)
# logger.debug("Adj:\n{}", "\n".join([" ; ".join([str(a) for a in row]) for row in br.A]))
# logger.debug("B:\n{}", " ; ".join([str(b) for b in br.B]))
try:
#regex = (br.brzozowski().simplify())
# figure out our remaining time limit
now = time.time()
running_limit = int(self.time_limit - (now - self.start_time))
with timeout.timeout(running_limit):
regex = str(br.brzozowski())
logger.info("The machine represents: %s", regex)
language_regex = "({})*".format(
lstar.LStar.list_to_charset(self.alphabet))
if self.null_terminated:
language_regex = "({0})(\\x00)".format(language_regex)
# if len(self.alphabet) == 1:
# language_regex = "\\x{:02x}".format(ord(self.alphabet[0]))
# else:
# language_regex = reduce(lambda s, a: "({})|(\\x{:02x})".format(s,ord(a)), self.alphabet[2:], "(\\x{:02x})|(\\x{:02x})".format(ord(self.alphabet[0]),ord(self.alphabet[1])) )
with chdir.ChDir(cur_dir):
kernel_equiv = "kernel_equiv.c"
shutil.copy(os.path.join(self.log_dir, self.kernel_file),
kernel_equiv)
with open(kernel_equiv, "a") as of:
print("extern int __VERIFIER_assume(int);", file=of)
print("extern int __VERIFIER_inregex(char*, char*);",
file=of)
print("extern int __VERIFIER_maxstrlen(char*, int);",
file=of)
print("extern int __VERIFIER_minstrlen(char*, int);",
file=of)
print("int __cpa_equiv(char* input) {", file=of)
if len(self.alphabet) < 256 or self.null_terminated:
print(
" __VERIFIER_assume(__VERIFIER_inregex(input, \"{0}\"));"
.format(language_regex),
file=of)
if self.max_inp_length >= 0:
print(
" __VERIFIER_assume(__VERIFIER_maxstrlen(input, {}));"
.format(self.max_inp_length),
file=of)
if self.min_inp_length >= 0:
print(
" __VERIFIER_assume(__VERIFIER_minstrlen(input, {}));"
.format(self.min_inp_length),
file=of)
print(" int retval = {0}(input);".format(
self.kernel_function),
file=of)
print(" if (retval) {", file=of)
print(
" __VERIFIER_assume(!__VERIFIER_inregex(input, \"{0}\"));"
.format(regex),
file=of)
print(" goto ERROR;", file=of)
print(" } else {", file=of)
print(
" __VERIFIER_assume(__VERIFIER_inregex(input, \"{0}\"));"
.format(regex),
file=of)
print(" goto ERROR;", file=of)
print(" }", file=of)
print(" ERROR: return retval;", file=of)
print("}", file=of)
# figure out our remaining time limit
now = time.time()
running_limit = int(self.time_limit - (now - self.start_time))
logger.info(
"{} seconds left in time budget".format(running_limit))
if running_limit < 0 and self.time_limit != 0:
logger.info("Out of time")
return (True, None)
cpa_invocation = [
self.cpachecker, "-stack", "1000m", "-bmc-incremental",
"-setprop", "solver.solver=z3", "-setprop",
"solver.z3.stringSolver=seq", "-setprop",
"cpa.predicate.handlePointerAliasing=false", "-setprop",
"analysis.entryFunction=__cpa_equiv", "-setprop",
"counterexample.export.model=Counterexample.%d.assignment.txt",
"-setprop",
"counterexample.export.formula=Counterexample.%d.smt2",
"-setprop", "limits.time.cpu={}s".format(
running_limit if self.time_limit != 0 else "-1n"),
"-preprocess",
os.path.abspath(kernel_equiv)
]
logger.debug("calling: {}".format(" ".join(cpa_invocation)))
lsubprocess.call(cpa_invocation, logger)
result = self._check_verification_status(
os.path.abspath("./output"))
if result == "FALSE":
cex = self._extract_counter_example(
os.path.abspath("./output"))
logger.info("Suggested CPAChecker cex (hex): {}".format(
"".join("{:02x}".format(ord(c)) for c in cex)))
logger.info("Found counterexample, running another loop.")
return (False, cex)
elif result == "UNKNOWN":
logger.warning(
"Counterexample check terminated without confidence")
elif result == "TRUE":
logger.info("Counterexample check terminated successfully")
else:
logger.warning("Unknown counterexample check result: %s",
result)
except timeout.TimeoutError:
logger.warning(
"Construction of RE terminted before completing. Approximate solution."
)
#c = raw_input("Provide counterexample [Leave empty for equivalent]: ").strip()
return (True, None)
def test_custom_stdout_log_level(self):
logging_subprocess.call([sys.executable, "-c",
"print 'foo'"], self.logger,
stdout_log_level=logging.INFO)
self.assertIn('INFO-foo', self.buffer.getvalue())
def test_log_stderr(self):
logging_subprocess.call([sys.executable, "-c",
'import sys; sys.stderr.write("foo\\n")'],
self.logger)
self.assertIn('ERROR-foo', self.buffer.getvalue())
def test_log_stdout(self):
logging_subprocess.call([sys.executable, "-c",
"print 'foo'"], self.logger)
self.assertIn('DEBUG-foo', self.buffer.getvalue())
def test_custom_stderr_log_level(self):
logging_subprocess.call([sys.executable, "-c",
'import sys; sys.stderr.write("foo\\n")'],
self.logger,
stderr_log_level=logging.WARNING)
self.assertIn('WARNING-foo', self.buffer.getvalue())
def setup_sysctl(logger):
if logging_subprocess.call("sh files/sysctl.sh", logger.logger, stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG, shell=True) != 0:
return False
return True
def test_log_stdout(self):
logging_subprocess.call([sys.executable, "-c", "print 'foo'"],
self.logger)
self.assertIn('DEBUG-foo', self.buffer.getvalue())
def run_command(cmd):
return not (logging_subprocess.call(cmd,
stdout_log_level=logging.DEBUG,
stderr_log_level=logging.DEBUG,
shell=True))
def __init__(self,
src_dir,
cpachecker_executable,
alphabet,
loggingdir,
time_limit,
kernel_file="kernel.c",
kernel_function="kernel",
min_inp_length=1,
max_inp_length=-1,
return_bool=False,
null_terminated=False):
"""src_dir should contain the kernel"""
super(CpaBmcSeqMat, self).__init__()
print(src_dir)
self.log_dir = os.path.abspath(loggingdir)
self.src_dir = os.path.abspath(src_dir)
self.kernel_file = kernel_file
self.kernel_function = kernel_function
self.min_inp_length = min_inp_length
self.max_inp_length = max_inp_length
self.null_terminated = null_terminated
self.cpachecker = os.path.abspath(cpachecker_executable)
self.time_limit = time_limit
self.start_time = time.time()
logger.info("Logging dir: %s", self.log_dir)
self.alphabet = alphabet
logger.debug("The alphabet is: %s", self.alphabet)
# compile a kernel
logger.info("Compiling Kernel")
#copy the kernel
shutil.copy(os.path.join(self.src_dir, self.kernel_file), self.log_dir)
with chdir.ChDir(self.log_dir) as tdir:
# kernel_wrapper = "kernel_wrapper.c"
#
# with open(kernel_wrapper, "w") as f:
# print('#include "{}"'.format(self.kernel_file), file=f)
# print('int main(int argc, char *argv[]) {', file=f)
# print('if(argc == 2)', file=f)
# print('{', file=f)
# print(' if({}(argv[1]))'.format(self.kernel_function), file=f)
# print(' {', file=f)
# print(' //printf("true\\n");', file=f)
# print(' return 0;', file=f)
# print(' } else {', file=f)
# print(' //printf("false\\n");', file=f)
# print(' return 1;', file=f)
# print(' }', file=f)
# print('} else {', file=f)
# print(' //printf("just pass in the string\\n");', file=f)
# print(' return 10;', file=f)
# print('}', file=f)
# print('}', file=f)
#
# gcc_command = ["gcc", "-iquote{}".format(self.src_dir), "-o", "kernel", kernel_wrapper]
gcc_command = [
"gcc", "-iquote{}".format(self.src_dir), "-fPIC", "-shared",
"-o", "kernel.so", self.kernel_file
]
lsubprocess.call(gcc_command, logger)
#raw_input("check kernel!")
self.so = ctypes.cdll.LoadLibrary(os.path.abspath("kernel.so"))
self.c_kernel = getattr(self.so, self.kernel_function)
self.c_kernel.argtypes = [ctypes.c_char_p]
self.c_kernel.restype = ctypes.c_bool if return_bool else ctypes.c_int