angr 9.2.87__py3-none-manylinux2014_x86_64.whl → 9.2.89__py3-none-manylinux2014_x86_64.whl

tests/analyses/test_cdg.py

@@ -1,165 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import networkx
-
-import angr
-from angr.analyses.cdg import TemporaryNode
-from angr.utils.graph import compute_dominance_frontier
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestCdg(unittest.TestCase):
-    def test_graph_0(self):
-        # This graph comes from Fig.1 of paper An Efficient Method of Computing Static Single Assignment Form by Ron
-        # Cytron, etc.
-
-        # Create a project with a random binary - it will not be used anyways
-        p = angr.Project(
-            os.path.join(test_location, "x86_64", "datadep_test"),
-            load_options={"auto_load_libs": False},
-            use_sim_procedures=True,
-        )
-
-        # Create the CDG analysis
-        cfg = p.analyses.CFGEmulated(no_construct=True)
-
-        # Create our mock control flow graph
-        g = networkx.DiGraph()
-        edges = [
-            ("Entry", 1),
-            (1, 2),
-            (2, 3),
-            (2, 7),
-            (3, 4),
-            (3, 5),
-            (4, 6),
-            (5, 6),
-            (6, 8),
-            (7, 8),
-            (8, 9),
-            (9, 10),
-            (9, 11),
-            (11, 9),
-            (10, 11),
-            (11, 12),
-            (12, 2),
-            (12, "Exit"),
-            ("Entry", "Exit"),
-        ]
-
-        for src, dst in edges:
-            # Create a TemporaryNode for each node
-            n1 = TemporaryNode(src)
-            n2 = TemporaryNode(dst)
-            g.add_edge(n1, n2)
-
-        # Manually set the CFG
-        cfg.model.graph = g
-        cfg.model._nodes = {}
-        cfg._edge_map = {}
-        cfg._loop_back_edges = []
-        cfg._overlapped_loop_headers = []
-
-        # Call _construct()
-        cdg = p.analyses.CDG(cfg=cfg, no_construct=True)
-        cdg._entry = TemporaryNode("Entry")
-        cdg._construct()
-
-        standard_result = {
-            "Entry": {1, 2, 8, 9, 11, 12},
-            1: set(),
-            2: {3, 6, 7},
-            3: {4, 5},
-            4: set(),
-            5: set(),
-            6: set(),
-            7: set(),
-            8: set(),
-            9: {10},
-            10: set(),
-            11: {9, 11},
-            12: {2, 8, 9, 11, 12},
-        }
-
-        for node, cd_nodes in standard_result.items():
-            # Each node in set `cd_nodes` is control dependent on `node`
-            for n in cd_nodes:
-                assert cdg.graph.has_edge(TemporaryNode(node), TemporaryNode(n))
-            assert len(cdg.graph.out_edges(TemporaryNode(node))) == len(cd_nodes)
-
-    def test_dominance_frontiers(self):
-        # This graph comes from Fig.1 of paper An Efficient Method of Computing Static Single Assignment Form by Ron
-        # Cytron, etc.
-
-        # Create our mock control flow graph
-        g = networkx.DiGraph()
-        g.add_edge("Entry", 1)
-        g.add_edge(1, 2)
-        g.add_edge(2, 3)
-        g.add_edge(2, 7)
-        g.add_edge(3, 4)
-        g.add_edge(3, 5)
-        g.add_edge(4, 6)
-        g.add_edge(5, 6)
-        g.add_edge(6, 8)
-        g.add_edge(7, 8)
-        g.add_edge(8, 9)
-        g.add_edge(9, 10)
-        g.add_edge(9, 11)
-        g.add_edge(11, 9)
-        g.add_edge(10, 11)
-        g.add_edge(11, 12)
-        g.add_edge(12, 2)
-        g.add_edge(12, "Exit")
-        g.add_edge("Entry", "Exit")
-
-        # Create the mock post-dom graph
-        postdom = networkx.DiGraph()
-        postdom.add_edge("Entry", 1)
-        postdom.add_edge(1, 2)
-        postdom.add_edge(2, 3)
-        postdom.add_edge(3, 4)
-        postdom.add_edge(3, 5)
-        postdom.add_edge(3, 6)
-        postdom.add_edge(2, 7)
-        postdom.add_edge(2, 8)
-        postdom.add_edge(8, 9)
-        postdom.add_edge(9, 10)
-        postdom.add_edge(9, 11)
-        postdom.add_edge(11, 12)
-        postdom.add_edge("Entry", "Exit")
-
-        # Call df_construct()
-        df = compute_dominance_frontier(g, postdom)
-
-        standard_df = {
-            1: {"Exit"},
-            2: {"Exit", 2},
-            3: {8},
-            4: {6},
-            5: {6},
-            6: {8},
-            7: {8},
-            8: {"Exit", 2},
-            9: {"Exit", 2, 9},
-            10: {11},
-            11: {"Exit", 2, 9},
-            12: {"Exit", 2},
-            "Entry": set(),
-            "Exit": set(),
-        }
-        assert df == standard_df
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_cfb.py

@@ -1,37 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-from unittest import TestCase, main
-import os.path
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-# pylint: disable=no-self-use
-class CFBlanketTests(TestCase):
-    """
-    Test CFBlanket analysis
-    """
-
-    def test_on_object_added_callback(self):
-        my_callback_artifacts = {}
-
-        def my_callback(addr, obj):
-            my_callback_artifacts[addr] = obj
-
-        p = angr.Project(os.path.join(test_location, "x86_64", "fauxware"), load_options={"auto_load_libs": False})
-        cfb = p.analyses.CFB(on_object_added=my_callback)
-
-        addr = 0x1_00000000
-        obj = "my object"
-        cfb.add_obj(addr, obj)
-        assert addr in my_callback_artifacts and my_callback_artifacts[addr] == obj
-
-
-if __name__ == "__main__":
-    main()

tests/analyses/test_class_identifier.py

@@ -1,46 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestClassIdentifier(unittest.TestCase):
-    def test_class_identification_x86_64(self):
-        p = angr.Project(os.path.join(test_location, "x86_64", "cpp_classes"), auto_load_libs=False)
-        class_identifier_analysis = p.analyses.ClassIdentifier()
-        classes_found = class_identifier_analysis.classes
-        class_labels = []
-        vtable_ptr_c = [0x403CB0, 0x403CD8]
-
-        for class_str in classes_found:
-            class_labels.append(class_str)
-
-        assert "A" in class_labels
-        assert "B" in class_labels
-        assert "C" in class_labels
-
-        for vtable_ptr in classes_found["C"].vtable_ptrs:
-            assert vtable_ptr in vtable_ptr_c
-
-        for func_addr in classes_found["C"].function_members:
-            assert func_addr in [0x401262, 0x401490, 0x4014CB, 0x401512]
-
-        for func_addr in classes_found["B"].function_members:
-            assert func_addr in [0x4011EA, 0x401226, 0x4014D6]
-
-        for func_addr in classes_found["A"].function_members:
-            assert func_addr in [0x401418, 0x401454, 0x4014F4]
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_clinic.py

@@ -1,30 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-import angr.analyses.decompiler
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestClinic(unittest.TestCase):
-    def test_smoketest(self):
-        binary_path = os.path.join(test_location, "x86_64", "all")
-        proj = angr.Project(binary_path, auto_load_libs=False, load_debug_info=True)
-
-        cfg = proj.analyses.CFG(normalize=True)
-        main_func = cfg.kb.functions["main"]
-
-        proj.analyses.Clinic(main_func)
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_codetagging.py

@@ -1,32 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-from angr.analyses.code_tagging import CodeTags
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestCodetagging(unittest.TestCase):
-    def test_hasxor(self):
-        p = angr.Project(os.path.join(test_location, "x86_64", "HashTest"), auto_load_libs=False)
-        cfg = p.analyses.CFG()
-
-        ct_rshash = p.analyses.CodeTagging(cfg.kb.functions["RSHash"])
-        assert CodeTags.HAS_XOR not in ct_rshash.tags
-        ct_jshash = p.analyses.CodeTagging(cfg.kb.functions["JSHash"])
-        assert CodeTags.HAS_XOR in ct_jshash.tags
-        assert CodeTags.HAS_BITSHIFTS in ct_jshash.tags
-        ct_elfhash = p.analyses.CodeTagging(cfg.kb.functions["ELFHash"])
-        assert CodeTags.HAS_BITSHIFTS in ct_elfhash.tags
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_constantpropagation.py

@@ -1,88 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-from angr.analyses.propagator.vex_vars import VEXReg
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestConstantpropagation(unittest.TestCase):
-    def test_libc_x86(self):
-        # disabling auto_load_libs increases the execution time.
-        p = angr.Project(os.path.join(test_location, "i386", "libc-2.27-3ubuntu1.so.6"), auto_load_libs=True)
-        dl_addr = p.loader.find_symbol("_dl_addr").rebased_addr
-        cfg = p.analyses.CFGFast(regions=[(dl_addr, dl_addr + 4096)])
-        func = cfg.functions["_dl_addr"]
-
-        rtld_global_sym = p.loader.find_symbol("_rtld_global")
-        assert rtld_global_sym is not None
-        _rtld_global_addr = rtld_global_sym.rebased_addr
-
-        base_addr = 0x998F000
-        state = p.factory.blank_state()
-        for addr in range(0, 0 + 0x1000, p.arch.bytes):
-            state.memory.store(
-                _rtld_global_addr + addr, base_addr + addr, size=p.arch.bytes, endness=p.arch.memory_endness
-            )
-
-        prop = p.analyses.Propagator(func=func, base_state=state)
-        # import pprint
-        # pprint.pprint(prop.replacements)
-        assert len(prop.replacements) > 0
-
-    def test_lwip_udpecho_bm(self):
-        bin_path = os.path.join(test_location, "armel", "lwip_udpecho_bm.elf")
-        p = angr.Project(bin_path, auto_load_libs=False)
-        cfg = p.analyses.CFG(data_references=True)
-
-        func = cfg.functions[0x23C9]
-        state = p.factory.blank_state()
-        prop = p.analyses.Propagator(func=func, base_state=state)
-
-        assert len(prop.replacements) > 0
-
-    def test_register_propagation_across_calls(self):
-        call_targets = [
-            "syscall",
-            "call _0",  # Resolved
-            "call rdi",  # TOP
-            "call qword ptr [0xBAD]",  # Unresolved
-        ]
-
-        for target in call_targets:
-            p = angr.load_shellcode(
-                f"""
-            _0:
-                mov rcx, 0x12345678
-                mov rbp, 0xFEDCBA90
-            _11:
-                {target}
-                mov rax, rcx
-                mov rdi, rbp
-                ret
-            """,
-                "AMD64",
-            )
-            cfg = p.analyses.CFG()
-            prop = p.analyses.Propagator(func=cfg.functions[0], only_consts=True)
-            regs_replaced = {
-                p.arch.register_names[var.offset]: val
-                for codeloc, replacements in prop.replacements.items()
-                if codeloc.block_addr >= 0x11
-                for var, val in replacements.items()
-                if isinstance(var, VEXReg)
-            }
-            assert "rax" not in regs_replaced  # caller saved
-            assert regs_replaced["rdi"].concrete_value == 0xFEDCBA90  # callee saved
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_ddg.py

@@ -1,95 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import logging
-import time
-import unittest
-
-import angr
-from angr.code_location import CodeLocation
-from angr.sim_variable import SimRegisterVariable
-
-from ..common import bin_location
-
-
-l = logging.getLogger("angr.tests.test_ddg")
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestDDG(unittest.TestCase):
-    def perform_one(self, binary_path):
-        proj = angr.Project(
-            binary_path,
-            load_options={"auto_load_libs": False},
-            use_sim_procedures=True,
-            default_analysis_mode="symbolic",
-        )
-        start = time.time()
-        cfg = proj.analyses.CFGEmulated(
-            context_sensitivity_level=2,
-            keep_state=True,
-            state_add_options=angr.sim_options.refs,  # refs are necessary for DDG to work
-        )
-        end = time.time()
-        duration = end - start
-        l.info("CFG generated in %f seconds.", duration)
-
-        ddg = proj.analyses.DDG(cfg, start=cfg.functions["main"].addr)
-        # There should be at least 400 nodes
-        assert len(ddg.graph) >= 400
-
-        # Memory dependency 1
-
-        """
-        00 | ------ IMark(0x400667, 3, 0) ------
-        01 | t15 = GET:I64(rbp)
-        02 | t14 = Add64(t15,0xfffffffffffffffc)
-        03 | t17 = LDle:I32(t14)
-        04 | t45 = 32Uto64(t17)
-        05 | t16 = t45
-        06 | PUT(rip) = 0x000000000040066a
-        ...
-        15 | ------ IMark(0x40066d, 4, 0) ------
-        16 | t24 = Add64(t15,0xfffffffffffffffc)
-        17 | t7 = LDle:I32(t24)
-        18 | t5 = Add32(t7,0x00000001)
-        19 | STle(t24) = t5
-        20 | PUT(rip) = 0x0000000000400671
-        """
-
-        cl1 = CodeLocation(0x400667, ins_addr=0x400667, stmt_idx=3)
-        in_edges = ddg.graph.in_edges([cl1], data=True)
-        # Where the memory address comes from
-        memaddr_src = CodeLocation(0x400667, ins_addr=0x400667, stmt_idx=2)
-        # Where the data comes from
-        data_src_0 = CodeLocation(0x40064C, ins_addr=0x40065E, stmt_idx=26)
-        data_src_1 = CodeLocation(0x400667, ins_addr=0x40066D, stmt_idx=19)
-        assert len(in_edges) == 3
-        assert (data_src_0, cl1) in [(src, dst) for src, dst, _ in in_edges]
-        assert (data_src_1, cl1) in [(src, dst) for src, dst, _ in in_edges]
-        assert (
-            memaddr_src,
-            cl1,
-            {"data": 14, "type": "tmp", "subtype": ("mem_addr",)},
-        ) in in_edges
-
-        instr_view = ddg.view[0x400721]
-        assert instr_view is not None
-        definitions: list = instr_view.definitions
-        var = None
-        for definition in definitions:
-            if isinstance(definition._variable.variable, SimRegisterVariable):
-                var = definition._variable.variable
-                break
-        assert var is not None
-        assert var.reg == 56
-
-    def test_ddg_0(self):
-        binary_path = os.path.join(test_location, "x86_64", "datadep_test")
-        self.perform_one(binary_path)
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_ddg_global_var_dependencies.py

@@ -1,83 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-arches = {"x86_64"}
-
-
-class TestDdgGlobalVarDependencies(unittest.TestCase):
-    def test_ddg_global_var_dependencies(self):
-        for arch in arches:
-            self.run_ddg_global_var_dependencies(arch)
-
-    def run_ddg_global_var_dependencies(self, arch):
-        test_file = os.path.join(test_location, arch, "ddg_global_var_dependencies")
-        proj = angr.Project(test_file, auto_load_libs=False)
-        cfg = proj.analyses.CFGEmulated(
-            context_sensitivity_level=2,
-            keep_state=True,
-            state_add_options=angr.sim_options.refs,
-        )
-        ddg = proj.analyses.DDG(cfg)
-        main_func = cfg.functions.function(name="main")
-
-        target_block_addr = main_func.ret_sites[0].addr
-        target_block = proj.factory.block(addr=target_block_addr)
-        tgt_stmt_idx, tgt_stmt = self.get_target_stmt(proj, target_block)
-        assert tgt_stmt_idx is not None
-        buf_addr = tgt_stmt.data.addr.con.value
-        tgt_ddg_node = self.get_ddg_node(ddg, target_block_addr, tgt_stmt_idx)
-        assert tgt_ddg_node is not None
-
-        # Whether the target depends on the statement assigning 'b' to the global variable
-        has_correct_dependency = False
-        for pred in ddg.get_predecessors(tgt_ddg_node):
-            pred_block = proj.factory.block(addr=pred.block_addr)
-            stmt = pred_block.vex.statements[pred.stmt_idx]
-            has_correct_dependency |= self.check_dependency(stmt, buf_addr, ord("b"))
-
-            # If the target depends on the statement assigning 'a' to the global variable, it is underconstrained (
-            # this assignment should be overwritten by the 'b' assignment)
-            assert not self.check_dependency(
-                stmt, buf_addr, ord("a")
-            ), "Target statement has incorrect dependency (DDG is underconstrained)"
-        assert has_correct_dependency, "Target statement does not have correct dependency (DDG is overconstrained)"
-
-    def check_dependency(self, stmt, addr, const):
-        # Check if we are storing a constant to a variable with constant address
-        if stmt.tag == "Ist_Store" and stmt.addr.tag == "Iex_Const" and stmt.data.tag == "Iex_Const":
-            # Check if we are storing the specified constant to the specified variable address
-            if stmt.addr.con.value == addr and stmt.data.con.value == const:
-                return True
-
-        return False
-
-    def get_ddg_node(self, ddg, block_addr, stmt_idx):
-        for node in ddg.graph.nodes:
-            if node.block_addr == block_addr and node.stmt_idx == stmt_idx:
-                return node
-        return None
-
-    def get_target_stmt(self, proj, block):
-        for i, stmt in enumerate(block.vex.statements):
-            # We're looking for the instruction that loads a constant memory address into a temporary variable
-            if stmt.tag == "Ist_WrTmp" and stmt.data.tag == "Iex_Load" and stmt.data.addr.tag == "Iex_Const":
-                addr = stmt.data.addr.con.value
-                section = proj.loader.main_object.find_section_containing(addr)
-                # Confirm the memory address is in the uninitialized data section
-                if section.name == ".bss":
-                    return i, stmt
-        return None, None
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_ddg_memvar_addresses.py

@@ -1,40 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-arches = {"i386", "x86_64"}
-
-
-class TestDdgMemvarAddresses(unittest.TestCase):
-    def test_ddg_memvar_addresses(self):
-        for arch in arches:
-            self.run_ddg_memvar_addresses(arch)
-
-    def run_ddg_memvar_addresses(self, arch):
-        test_file = os.path.join(test_location, arch, "simple_data_dependence")
-        proj = angr.Project(test_file, auto_load_libs=False)
-        cfg = proj.analyses.CFGEmulated(
-            context_sensitivity_level=2,
-            keep_state=True,
-            state_add_options=angr.sim_options.refs,
-        )
-        ddg = proj.analyses.DDG(cfg)
-
-        for node in ddg._data_graph.nodes():
-            if isinstance(node.variable, angr.sim_variable.SimMemoryVariable):
-                assert (
-                    0 <= node.variable.addr < (1 << proj.arch.bits)
-                ), f"Program variable {node.variable} has an invalid address: {node.variable.addr}"
-
-
-if __name__ == "__main__":
-    unittest.main()