pwntools 1.0.1 → 1.1.0

data/test/shellcraft/linux/syscalls/open_test.rb

@@ -0,0 +1,86 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class OpenTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.open('/etc/passwd'))
+  /* push "/etc/passwd\x00" */
+  push 0x1010101 ^ 0x647773
+  xor dword ptr [rsp], 0x1010101
+  mov rax, 0x7361702f6374652f
+  push rax
+  /* call open("rsp", "O_RDONLY", 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* (O_RDONLY) */
+  cdq /* rdx=0 */
+  syscall
+      EOS
+
+      assert_equal(<<-'EOS', @shellcraft.open('/etc/passwd', 0x40, 0o750)) # O_CREAT = 0x40
+  /* push "/etc/passwd\x00" */
+  push 0x1010101 ^ 0x647773
+  xor dword ptr [rsp], 0x1010101
+  mov rax, 0x7361702f6374652f
+  push rax
+  /* call open("rsp", 64, 488) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  push 0x40
+  pop rsi
+  xor edx, edx
+  mov dx, 0x1e8
+  syscall
+      EOS
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.open('/etc/passwd'))
+  /* push "/etc/passwd\x00" */
+  push 0x1010101
+  xor dword ptr [esp], 0x1657672 /* 0x1010101 ^ 0x647773 */
+  push 0x7361702f
+  push 0x6374652f
+  /* call open("esp", "O_RDONLY", 0) */
+  push 5 /* (SYS_open) */
+  pop eax
+  mov ebx, esp
+  xor ecx, ecx /* (O_RDONLY) */
+  cdq /* edx=0 */
+  int 0x80
+      EOS
+
+      assert_equal(<<-'EOS', @shellcraft.open('/etc/passwd', 'O_CREAT', 0o750))
+  /* push "/etc/passwd\x00" */
+  push 0x1010101
+  xor dword ptr [esp], 0x1657672 /* 0x1010101 ^ 0x647773 */
+  push 0x7361702f
+  push 0x6374652f
+  /* call open("esp", "O_CREAT", 488) */
+  push 5 /* (SYS_open) */
+  pop eax
+  mov ebx, esp
+  push 0x40 /* (O_CREAT) */
+  pop ecx
+  xor edx, edx
+  mov dx, 0x1e8
+  int 0x80
+      EOS
+    end
+  end
+end

data/test/shellcraft/shellcraft_test.rb

@@ -15,14 +15,15 @@ class ShellcraftTest < MiniTest::Test
   def test_respond
     context.local(arch: 'amd64') do
       # Check respond_to_missing? is well defined
-      assert @shellcraft.respond_to?(:mov)
-      assert @shellcraft.method(:sh)
+      assert(@shellcraft.respond_to?(:mov))
+      assert(@shellcraft.method(:sh))
     end
-    refute @shellcraft.respond_to?(:linux)
+    refute(@shellcraft.respond_to?(:linux))
     assert_raises(NoMethodError) { @shellcraft.meow }
 
     context.local(arch: 'arm') do
-      refute @shellcraft.respond_to?(:mov)
+      err = assert_raises(::Pwnlib::Errors::UnsupportedArchError) { @shellcraft.respond_to?(:mov) }
+      assert_equal("Can't use shellcraft under architecture \"arm\".", err.message)
     end
   end
 end

data/test/test_helper.rb

@@ -1,9 +1,8 @@
-require 'codeclimate-test-reporter'
 require 'rainbow'
 require 'simplecov'
 
 SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
-  [SimpleCov::Formatter::HTMLFormatter, CodeClimate::TestReporter::Formatter]
+  [SimpleCov::Formatter::HTMLFormatter]
 )
 SimpleCov.start do
   add_filter '/test/'
@@ -20,5 +19,26 @@ module MiniTest
       # Default to disable coloring for easier testing.
       Rainbow.enabled = false
     end
+
+    # Methods for hooking logger,
+    # require 'pwnlib/logger' before using these methods.
+
+    def log_null(&block)
+      File.open(File::NULL, 'w') { |f| log_hook(f, &block) }
+    end
+
+    def log_stdout(&block)
+      log_hook($stdout, &block)
+    end
+
+    def log_hook(obj)
+      old = ::Pwnlib::Logger.log.instance_variable_get(:@logdev)
+      ::Pwnlib::Logger.log.instance_variable_set(:@logdev, obj)
+      begin
+        yield
+      ensure
+        ::Pwnlib::Logger.log.instance_variable_set(:@logdev, old)
+      end
+    end
   end
 end

data/test/timer_test.rb

@@ -12,12 +12,30 @@ class TimerTest < MiniTest::Test
     refute(t.started?)
     refute(t.active?)
     assert_equal('DARKHH QQ', t.countdown(0.1) { 'DARKHH QQ' })
+
     exception = assert_raises(RuntimeError) { t.countdown(0.1) { t.countdown(0.1) {} } }
     assert_equal('Nested countdown not permitted', exception.message)
+
     t.timeout = 0.514
-    exception = assert_raises(RuntimeError) { t.countdown(0.1) { t.timeout = :forever } }
+    exception = assert_raises(RuntimeError) do
+      t.countdown(0.1) { t.timeout = :forever }
+    end
     assert_equal("Can't change timeout when countdown", exception.message)
+
     t.countdown(0.1) { assert(t.started?) }
     t.countdown(0.1) { assert(t.active?) }
+
+    assert_raises(::Pwnlib::Errors::TimeoutError) do
+      t.countdown(0.1) { sleep(0.2) }
+    end
+  end
+
+  # Check #115 fixed
+  def test_nested_countdown_false_positve_115
+    t = Timer.new
+    assert_raises(::Pwnlib::Errors::TimeoutError) do
+      t.countdown(0.01) { sleep(0.02) }
+    end
+    t.countdown(0.01) {}
   end
 end

data/test/tubes/process_test.rb

@@ -0,0 +1,99 @@
+# encoding: ASCII-8BIT
+
+require 'socket'
+require 'tty-platform'
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/errors'
+require 'pwnlib/tubes/process'
+
+class ProcessTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    skip 'Skip on Windows' if TTY::Platform.new.windows?
+  end
+
+  def test_io
+    cat = ::Pwnlib::Tubes::Process.new('cat')
+    cat.puts('HAHA')
+    assert_equal("HAHA\n", cat.gets)
+    assert_raises(::Pwnlib::Errors::TimeoutError) { cat.gets(timeout: 0.1) }
+    cat.puts('HAHA2')
+    assert_equal("HAHA2\n", cat.gets)
+  end
+
+  def test_env
+    data = ::Pwnlib::Tubes::Process.new('env').read
+    assert_match('PATH=', data)
+    data = ::Pwnlib::Tubes::Process.new('env', env: { 'FOO' => 'BAR' }).read
+    assert_equal("FOO=BAR\n", data)
+  end
+
+  def test_aslr
+    skip 'Only tested on linux' unless TTY::Platform.new.linux?
+    map1 = ::Pwnlib::Tubes::Process.new('cat /proc/self/maps', aslr: false).read
+    map2 = ::Pwnlib::Tubes::Process.new(['cat', '/proc/self/maps'], aslr: false).read
+    assert_match('/bin/cat', map1) # make sure it read something
+    assert_equal(map1, map2)
+  end
+
+  def test_eof
+    ls = ::Pwnlib::Tubes::Process.new(['ls', '-la'])
+    assert_match(/total/, ls.gets)
+    assert_raises(::Pwnlib::Errors::EndOfTubeError) { ls.write('anything') }
+    assert_raises(::Pwnlib::Errors::EndOfTubeError) { loop { ls.gets } }
+  end
+
+  def test_shutdown
+    cat = ::Pwnlib::Tubes::Process.new('cat')
+    assert_raises(::Pwnlib::Errors::TimeoutError) { cat.recvn(1, timeout: 0.1) }
+    cat.shutdown(:write) # This should cause `cat` dead
+    assert_raises(::Pwnlib::Errors::EndOfTubeError) { cat.recvn(1, timeout: 0.1) }
+    cat.shutdown
+
+    cat = ::Pwnlib::Tubes::Process.new('cat')
+    cat.shutdown(:read)
+    assert_raises(::Pwnlib::Errors::EndOfTubeError) { cat.recvn(1) }
+    cat.shutdown
+    assert_raises(ArgumentError) { cat.shutdown(:zz) }
+  end
+
+  def test_kill
+    cat = ::Pwnlib::Tubes::Process.new('cat')
+    cat.kill
+    assert_raises(::Pwnlib::Errors::EndOfTubeError) { cat.recvn(1) }
+  end
+
+  def test_tty
+    tty_test = proc do |*args, raw: true|
+      in_, out = args.map { |v| v ? :pty : :pipe }
+      process = ::Pwnlib::Tubes::Process.new('ruby -e "p [STDIN.tty?, STDOUT.tty?]"',
+                                             in: in_, out: out, raw: raw)
+      process.gets
+    end
+    assert_equal("[false, false]\n", tty_test.call(false, false))
+    assert_equal("[true, false]\n", tty_test.call(true, false))
+    assert_equal("[false, true]\n", tty_test.call(false, true))
+    assert_equal("[false, true]\r\n", tty_test.call(false, true, raw: false))
+
+    cat = ::Pwnlib::Tubes::Process.new('cat', in: :pty, out: :pty, raw: false)
+    cat.puts('Hi')
+    # In cooked mode, tty should echo the input, so we can gets twice.
+    assert_equal("Hi\r\n", cat.gets)
+    assert_equal("Hi\r\n", cat.gets)
+    cat.close
+  end
+
+  def test_interact
+    ls = ::Pwnlib::Tubes::Process.new('ls Gemfile*')
+    saved = $stdin
+    # prevents stdin being closed
+    $stdin = UDPSocket.new
+    assert_output("Gemfile\nGemfile.lock\n") { context.local(log_level: :fatal) { ls.interact } }
+    $stdin.close
+    $stdin = saved
+  end
+end

data/test/tubes/serialtube_test.rb

@@ -0,0 +1,165 @@
+# encoding: ASCII-8BIT
+
+require 'open3'
+
+require 'test_helper'
+
+require 'pwnlib/tubes/serialtube'
+
+module Pwnlib
+  module Tubes
+    class SerialTube
+      def break_encapsulation
+        @conn.close
+      end
+    end
+  end
+end
+
+class SerialTest < MiniTest::Test
+  include ::Pwnlib::Tubes
+
+  def skip_windows
+    skip 'Not test tube/serialtube on Windows' if TTY::Platform.new.windows?
+  end
+
+  def open_pair
+    Open3.popen3('socat -d -d pty,raw,echo=0 pty,raw,echo=0') do |_i, _o, stderr, thread|
+      devs = []
+      2.times do
+        devs << stderr.readline.chomp.split.last
+        # First pattern matches Linux, second is macOS
+        raise IOError, 'Could not create serial crosslink' if devs.last !~ %r{^(/dev/pts/[0-9]+|/dev/ttys[0-9]+)$}
+      end
+      # To ensure socat have finished setup
+      stderr.gets('starting data transfer loop')
+
+      serial = SerialTube.new devs[1], convert_newlines: false
+
+      begin
+        File.open devs[0], 'r+' do |file|
+          file.set_encoding 'default'.encoding
+          yield file, serial, thread
+        end
+      ensure
+        ::Process.kill('SIGTERM', thread.pid) if thread.alive?
+      end
+    end
+  end
+
+  def random_string(length)
+    Random.rand(36**length).to_s(36).rjust(length, '0')
+  end
+
+  def test_raise
+    skip_windows
+    open_pair do |_file, serial, thread|
+      ::Process.kill('SIGTERM', thread.pid)
+      # ensure the process has been killed
+      thread.value
+      assert_raises(Pwnlib::Errors::EndOfTubeError) { serial.puts('a') }
+    end
+    open_pair do |_file, serial|
+      serial.break_encapsulation
+      assert_raises(Pwnlib::Errors::EndOfTubeError) { serial.recv(1, timeout: 2) }
+    end
+  end
+
+  def test_recv
+    skip_windows
+    open_pair do |file, serial|
+      # recv, recvline
+      rs = random_string 24
+      file.puts rs
+      result = serial.recv 8, timeout: 1
+
+      assert_equal(rs[0...8], result)
+      result = serial.recv 8
+      assert_equal(rs[8...16], result)
+      result = serial.recvline.chomp
+      assert_equal(rs[16..-1], result)
+
+      assert_raises(Pwnlib::Errors::TimeoutError) { serial.recv(1, timeout: 0.2) }
+
+      # recvpred
+      rs = random_string 12
+      file.print rs
+      result = serial.recvpred do |data|
+        data[-6..-1] == rs[-6..-1]
+      end
+      assert_equal rs, result
+
+      assert_raises(Pwnlib::Errors::TimeoutError) { serial.recv(1, timeout: 0.2) }
+
+      # recvn
+      rs = random_string 6
+      file.print rs
+      result = ''
+      assert_raises(Pwnlib::Errors::TimeoutError) do
+        result = serial.recvn 120, timeout: 1
+      end
+      assert_empty result
+      file.print rs
+      result = serial.recvn 12
+      assert_equal rs * 2, result
+
+      assert_raises(Pwnlib::Errors::TimeoutError) { serial.recv(1, timeout: 0.2) }
+
+      # recvuntil
+      rs = random_string 12
+      file.print rs + '|'
+      result = serial.recvuntil('|').chomp('|')
+      assert_equal rs, result
+
+      assert_raises(Pwnlib::Errors::TimeoutError) { serial.recv(1, timeout: 0.2) }
+
+      # gets
+      rs = random_string 24
+      file.puts rs
+      result = serial.gets 12
+      assert_equal rs[0...12], result
+      result = serial.gets.chomp
+      assert_equal rs[12..-1], result
+
+      assert_raises(Pwnlib::Errors::TimeoutError) { serial.recv(1, timeout: 0.2) }
+    end
+  end
+
+  def test_send
+    skip_windows
+    open_pair do |file, serial|
+      # send, sendline
+      rs = random_string 24
+      # rubocop:disable Style/Send
+      # Justification: This isn't Object#send, false positive.
+      serial.send rs[0...12]
+      # rubocop:enable Style/Send
+      serial.sendline rs[12...24]
+      result = file.readline.chomp
+      assert_equal rs, result
+
+      # puts
+      r1 = random_string 4
+      r2 = random_string 4
+      r3 = random_string 4
+      serial.puts r1, r2, r3
+      result = ''
+      3.times do
+        result += file.readline.chomp
+      end
+      assert_equal r1 + r2 + r3, result
+    end
+  end
+
+  def test_close
+    skip_windows
+    open_pair do |_file, serial|
+      serial.close
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { serial.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { serial.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { serial.recv }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { serial.recv }
+      assert_raises(ArgumentError) { serial.close(:hh) }
+    end
+  end
+end

data/test/tubes/sock_test.rb

@@ -9,46 +9,45 @@ require 'pwnlib/tubes/sock'
 class SockTest < MiniTest::Test
   include ::Pwnlib::Tubes
   ECHO_FILE = File.expand_path('../data/echo.rb', __dir__)
-  BIND_PORT = 31_337
 
   def popen_echo(data)
-    Open3.popen2("bundle exec ruby #{ECHO_FILE} #{BIND_PORT}") do |_i, o, _t|
-      o.gets
-      s = Sock.new('localhost', BIND_PORT)
+    Open3.popen2("ruby #{ECHO_FILE}") do |_i, o, _t|
+      port = o.gets.split.last.to_i
+      s = Sock.new('127.0.0.1', port)
       yield s, data, o
     end
   end
 
-  def test_io
+  def test_sock
     popen_echo('DARKHH') do |s, data, _o|
-      s.io.puts(data)
-      rs, = IO.select([s.io])
+      s.sock.puts(data)
+      rs, = IO.select([s.sock])
       refute_nil(rs)
-      assert_equal(data, s.io.readpartial(data.size))
+      assert_equal(data, s.sock.readpartial(data.size))
     end
   end
 
-  def test_sock
+  def test_eof
     popen_echo('DARKHH') do |s, data, o|
       s.puts(data)
       assert_equal(data + "\n", s.gets)
       o.gets
       s.puts(514)
       sleep(0.1) # Wait for connection reset
-      assert_raises(EOFError) { s.puts(514) }
-      assert_raises(EOFError) { s.puts(514) }
-      assert_raises(EOFError) { s.recv }
-      assert_raises(EOFError) { s.recv }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.recv }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.recv }
     end
   end
 
   def test_close
     popen_echo('DARKHH') do |s, _data, _o|
       s.close
-      assert_raises(EOFError) { s.puts(514) }
-      assert_raises(EOFError) { s.puts(514) }
-      assert_raises(EOFError) { s.recv }
-      assert_raises(EOFError) { s.recv }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.recv }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.recv }
       assert_raises(ArgumentError) { s.close(:hh) }
     end
 
@@ -57,10 +56,10 @@ class SockTest < MiniTest::Test
       3.times { s.close(:recv) }
       3.times { s.close(:send) }
       3.times { s.close(:write) }
-      assert_raises(EOFError) { s.puts(514) }
-      assert_raises(EOFError) { s.puts(514) }
-      assert_raises(EOFError) { s.recv }
-      assert_raises(EOFError) { s.recv }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.puts(514) }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.recv }
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { s.recv }
       3.times { s.close }
       assert_raises(ArgumentError) { s.close(:shik) }
     end