angr 9.2.87__py3-none-manylinux2014_x86_64.whl → 9.2.89__py3-none-manylinux2014_x86_64.whl

tests/knowledge_plugins/test_patches.py

@@ -1,48 +0,0 @@
-#!/usr/bin/env python3
-# pylint:disable=no-self-use
-__package__ = __package__ or "tests.knowledge_plugins"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class PatchTests(unittest.TestCase):
-    """
-    Basic PatchManager tests
-    """
-
-    def test_patch_vulnerable_fauxware_amd64(self):
-        binpath = os.path.join(test_location, "x86_64", "vulns", "vulnerable_fauxware")
-        proj = angr.Project(binpath, auto_load_libs=False)
-
-        proj.kb.patches.add_patch(0x40094C, b"\x0a")
-        patched = proj.kb.patches.apply_patches_to_binary()
-
-        # manual patch
-        with open(binpath, "rb") as f:
-            binary_data = f.read()
-        binary_data = binary_data[:0x94C] + b"\x0a" + binary_data[0x94D:]
-
-        assert patched == binary_data
-
-    def test_block_factory_returns_patched_bytes(self):
-        binpath = os.path.join(test_location, "x86_64", "fauxware")
-        proj = angr.Project(binpath, auto_load_libs=False)
-
-        addr = 0x4007D3
-        patch_bytes = proj.arch.keystone.asm("inc rax; leave; ret", addr, as_bytes=True)[0]
-        proj.kb.patches.add_patch(addr, patch_bytes)
-
-        b = proj.factory.block(addr)
-        assert b.bytes == patch_bytes
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/misc/test_hookset.py

@@ -1,57 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-import unittest
-
-import angr
-
-
-class TestHookSet(unittest.TestCase):
-    def test_hookset(self):
-        class Foo:
-            def run(self):
-                return self.blah()
-
-            def blah(self):  # pylint:disable=no-self-use
-                return ["foo"]
-
-            def install_hooks(self, tech):
-                angr.misc.HookSet.install_hooks(self, blah=tech.blah)
-
-            def remove_hooks(self, tech):
-                angr.misc.HookSet.remove_hooks(self, blah=tech.blah)
-
-        class Bar:
-            def blah(self, foo):  # pylint:disable=no-self-use
-                return ["bar"] + foo.blah()
-
-        class Baz:
-            def blah(self, foo):  # pylint:disable=no-self-use
-                return ["baz"] + foo.blah()
-
-        class Coward:
-            def blah(self, foo):  # pylint:disable=no-self-use,unused-argument
-                return ["coward"]
-
-        foo = Foo()
-        assert foo.run() == ["foo"]
-
-        bar = Bar()
-        baz = Baz()
-        foo.install_hooks(bar)
-        foo.install_hooks(baz)
-        assert foo.run() == ["baz", "bar", "foo"]
-
-        foo.remove_hooks(bar)
-        foo.remove_hooks(baz)
-        assert foo.run() == ["foo"]
-
-        coward = Coward()
-        foo.install_hooks(coward)
-        assert foo.run() == ["coward"]
-
-        foo.remove_hooks(coward)
-        assert foo.run() == ["foo"]
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/perf/perf_cfgemulated.py

@@ -1,19 +0,0 @@
-import os
-import time
-
-import angr
-
-test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../../binaries")
-p = angr.Project(os.path.join(test_location, "tests", "x86_64", "true"), auto_load_libs=False)
-funcs = list(p.analyses.CFGFast().functions.keys())
-
-
-def main():
-    p.analyses.CFGEmulated(starts=funcs, call_depth=0)
-
-
-if __name__ == "__main__":
-    tstart = time.time()
-    main()
-    tend = time.time()
-    print("Elapsed: %f sec" % (tend - tstart))

tests/perf/perf_cfgfast.py

@@ -1,18 +0,0 @@
-import os
-import time
-
-import angr
-
-test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../../binaries")
-p = angr.Project(os.path.join(test_location, "tests", "x86_64", "libc.so.6"), auto_load_libs=False)
-
-
-def main():
-    p.analyses.CFGFast()
-
-
-if __name__ == "__main__":
-    tstart = time.time()
-    main()
-    tend = time.time()
-    print("Elapsed: %f sec" % (tend - tstart))

tests/perf/perf_concrete_execution.py

@@ -1,41 +0,0 @@
-# Performance tests on concrete code execution without invoking Unicorn engine
-# uses a stripped-down SimEngine to only test the essential pieces
-# TODO also use a stripped-down memory
-
-import os
-import time
-
-import angr
-import claripy
-
-# attempt to turn off claripy debug mode
-if hasattr(claripy, "set_debug"):
-    claripy.set_debug(False)
-
-test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../../binaries")
-
-
-class SkinnyEngine(
-    angr.engines.SimEngineFailure, angr.engines.SimEngineSyscall, angr.engines.HooksMixin, angr.engines.HeavyVEXMixin
-):
-    pass
-
-
-arch = "x86_64"
-b = angr.Project(os.path.join(test_location, "tests", arch, "perf_tight_loops"), auto_load_libs=False)
-state = b.factory.full_init_state(
-    plugins={"registers": angr.state_plugins.SimLightRegisters()}, remove_options={angr.sim_options.COPY_STATES}
-)
-engine = SkinnyEngine(b)
-
-
-def main():
-    simgr = b.factory.simgr(state)
-    simgr.explore(engine=engine)
-
-
-if __name__ == "__main__":
-    tstart = time.time()
-    main()
-    tend = time.time()
-    print("Elapsed: %f sec" % (tend - tstart))

tests/perf/perf_siminspect_nop.py

@@ -1,36 +0,0 @@
-import os
-import time
-
-import angr
-
-
-class InspectorEngine(
-    angr.engines.SimEngineFailure,
-    angr.engines.SimEngineSyscall,
-    angr.engines.HooksMixin,
-    angr.engines.SimInspectMixin,
-    angr.engines.HeavyVEXMixin,
-):
-    pass
-
-
-arch = "x86_64"
-test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../../binaries")
-b = angr.Project(os.path.join(test_location, "tests", arch, "perf_tight_loops"), auto_load_libs=False)
-state = b.factory.full_init_state(
-    plugins={"registers": angr.state_plugins.SimLightRegisters()}, remove_options={angr.sim_options.COPY_STATES}
-)
-state.supports_inspect = True  # force enable inspect without adding any breakpoints
-engine = InspectorEngine(b)
-
-
-def main():
-    simgr = b.factory.simgr(state)
-    simgr.explore(engine=engine)
-
-
-if __name__ == "__main__":
-    tstart = time.time()
-    main()
-    tend = time.time()
-    print("Elapsed: %f sec" % (tend - tstart))

tests/perf/perf_state_copy.py

@@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-
-import os
-import time
-
-import angr
-import claripy
-
-bvs = claripy.BVS("foo", 8)
-
-test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../../binaries")
-state = angr.Project(
-    os.path.join(test_location, "tests", "x86_64", "fauxware"), main_opts={"base_addr": 0x400000}, auto_load_libs=True
-).factory.full_init_state(add_options={angr.options.REVERSE_MEMORY_NAME_MAP})
-
-
-def cycle(s):
-    s = s.copy()
-    s.memory.store(0x400000, bvs)
-    return s
-
-
-def main():
-    s = cycle(state)
-    for _ in range(20000):
-        s = cycle(s)
-
-
-if __name__ == "__main__":
-    tstart = time.time()
-    main()
-    tend = time.time()
-    print("Elapsed: %f sec" % (tend - tstart))

tests/perf/perf_unicorn_0.py

@@ -1,27 +0,0 @@
-import os
-import time
-
-import angr
-from angr import options as so
-
-test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../../binaries")
-p = angr.Project(os.path.join(test_location, "tests", "x86_64", "perf_unicorn_0"))
-s_unicorn = p.factory.entry_state(
-    add_options=so.unicorn | {so.STRICT_PAGE_ACCESS}, remove_options={so.LAZY_SOLVES}
-)  # unicorn
-
-
-def main():
-    sm_unicorn = p.factory.simulation_manager(s_unicorn)
-    sm_unicorn.run()
-
-
-if __name__ == "__main__":
-    import logging
-
-    logging.getLogger("angr.state_plugins.unicorn_engine").setLevel("DEBUG")
-    logging.getLogger("angr.engines.unicorn").setLevel("DEBUG")
-    tstart = time.time()
-    main()
-    tend = time.time()
-    print("Elapsed: %f sec" % (tend - tstart))

tests/perf/perf_unicorn_1.py

@@ -1,23 +0,0 @@
-import os
-import time
-
-import angr
-from angr import options as so
-
-test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../../binaries")
-p = angr.Project(os.path.join(test_location, "tests", "x86_64", "perf_unicorn_1"))
-s_unicorn = p.factory.entry_state(
-    add_options=so.unicorn | {so.STRICT_PAGE_ACCESS}, remove_options={so.LAZY_SOLVES}
-)  # unicorn
-
-
-def main():
-    sm_unicorn = p.factory.simulation_manager(s_unicorn)
-    sm_unicorn.run()
-
-
-if __name__ == "__main__":
-    tstart = time.time()
-    main()
-    tend = time.time()
-    print("Elapsed: %f sec" % (tend - tstart))

tests/procedures/glibc/test_ctype_locale.py

@@ -1,164 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.procedures.glibc"  # pylint:disable=redefined-builtin
-
-import os
-import subprocess
-import unittest
-
-import angr
-
-from ...common import bin_location, skip_if_not_linux
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestCtypeLocale(unittest.TestCase):
-    @skip_if_not_linux
-    def test_ctype_b_loc(self):
-        """
-        test_ctype_locale.test_ctype_b_loc
-
-        const unsigned short * * __ctype_b_loc (void);
-
-        Description
-
-        The __ctype_b_loc() function shall return a pointer into an array of
-        characters in the current locale that contains characteristics for each
-        character in the current character set. The array shall contain a total
-        of 384 characters, and can be indexed with any signed or unsigned char
-        (i.e. with an index value between -128 and 255). If the application is
-        multithreaded, the array shall be local to the current thread.
-
-        This interface is not in the source standard; it is only in the binary
-        standard.
-        """
-
-        # Just load a binary so that we can do the initialization steps from
-        # libc_start_main
-        bin_path = os.path.join(test_location, "x86_64", "ctype_b_loc")
-
-        def ctype_b_loc(state, arguments):
-            return angr.SIM_PROCEDURES["glibc"]["__ctype_b_loc"]().execute(state, arguments=arguments)
-
-        b = angr.Project(bin_path, auto_load_libs=False)
-        p = b.factory.full_init_state()
-        pg = b.factory.simulation_manager(p)
-
-        # Find main located at 0x400596 to let libc_start_main do its thing
-        main = pg.explore(find=0x400596)
-
-        state = main.found[0]
-        b_loc_array_ptr = ctype_b_loc(state, []).ret_expr
-        table_ptr = state.memory.load(b_loc_array_ptr, state.arch.bytes, endness=state.arch.memory_endness)
-
-        result = b""
-        for i in range(-128, 256):
-            result += b"%d->0x%x\n" % (i, state.mem[table_ptr + i * 2].short.unsigned.concrete)
-
-        # Check output of compiled C program that uses ctype_b_loc()
-        output = subprocess.check_output(bin_path, shell=True)
-        assert result == output
-
-    @skip_if_not_linux
-    def test_ctype_tolower_loc(self):
-        """
-        test_ctype_locale.test_ctype_tolower_loc
-
-        int32_t * * __ctype_tolower_loc(void);
-
-        Description:
-        The __ctype_tolower_loc() function shall return a pointer into an array of
-        characters in the current locale that contains lower case equivalents for
-        each character in the current character set. The array shall contain a total
-        of 384 characters, and can be indexed with any signed or unsigned char (i.e.
-        with an index value between -128 and 255). If the application is
-        multithreaded, the array shall be local to the current thread.
-
-        This interface is not in the source standard; it is only in the binary
-        standard.
-
-        Return Value:
-        The __ctype_tolower_loc() function shall return a pointer to the array of
-        characters to be used for the ctype() family of functions (see <ctype.h>).
-        """
-
-        # Just load a binary so that we can do the initialization steps from
-        # libc_start_main
-        bin_path = os.path.join(test_location, "x86_64", "ctype_tolower_loc")
-
-        def ctype_tolower_loc(state, arguments):
-            return angr.SIM_PROCEDURES["glibc"]["__ctype_tolower_loc"]().execute(state, arguments=arguments)
-
-        b = angr.Project(bin_path, auto_load_libs=False)
-        p = b.factory.full_init_state()
-        pg = b.factory.simulation_manager(p)
-
-        # Find main located at 0x400596 to let libc_start_main do its thing
-        main = pg.explore(find=0x400596)
-
-        state = main.found[0]
-        tolower_loc_array_ptr = ctype_tolower_loc(state, []).ret_expr
-        table_ptr = state.memory.load(tolower_loc_array_ptr, state.arch.bytes, endness=state.arch.memory_endness)
-
-        result = b""
-        for i in range(-128, 256):
-            result += b"%d->0x%x\n" % (i, state.mem[table_ptr + i * 4].int.unsigned.concrete)
-
-        # Check output of compiled C program that uses ctype_tolower_loc()
-        output = subprocess.check_output(bin_path, shell=True)
-        assert result == output
-
-    @skip_if_not_linux
-    def test_ctype_toupper_loc(self):
-        """
-        test_ctype_locale.test_ctype_toupper_loc
-
-        int32_t * * __ctype_toupper_loc(void);
-
-        Description:
-        The __ctype_toupper_loc() function shall return a pointer into an array of
-        characters in the current locale that contains upper case equivalents for
-        each character in the current character set. The array shall contain a total
-        of 384 characters, and can be indexed with any signed or unsigned char (i.e.
-        with an index value between -128 and 255). If the application is
-        multithreaded, the array shall be local to the current thread.
-
-        This interface is not in the source standard; it is only in the binary
-        standard.
-
-        Return Value:
-        The __ctype_toupper_loc() function shall return a pointer to the array of
-        characters to be used for the ctype() family of functions (see <ctype.h>).
-        """
-
-        # Just load a binary so that we can do the initialization steps from
-        # libc_start_main
-        bin_path = os.path.join(test_location, "x86_64", "ctype_toupper_loc")
-
-        def ctype_toupper_loc(state, arguments):
-            return angr.SIM_PROCEDURES["glibc"]["__ctype_toupper_loc"]().execute(state, arguments=arguments)
-
-        b = angr.Project(bin_path, auto_load_libs=False)
-        p = b.factory.full_init_state()
-        pg = b.factory.simulation_manager(p)
-
-        # Find main located at 0x400596 to let libc_start_main do its thing
-        main = pg.explore(find=0x400596)
-
-        state = main.found[0]
-        toupper_loc_array_ptr = ctype_toupper_loc(state, []).ret_expr
-        table_ptr = state.memory.load(toupper_loc_array_ptr, state.arch.bytes, endness=state.arch.memory_endness)
-
-        result = b""
-        for i in range(-128, 256):
-            result += b"%d->0x%x\n" % (i, state.mem[table_ptr + i * 4].int.unsigned.concrete)
-
-        # Check output of compiled C program that uses ctype_toupper_loc()
-        output = subprocess.check_output(bin_path, shell=True)
-        assert result == output
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/libc/test_fgets.py

@@ -1,53 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.procedures.libc"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ...common import bin_location
-
-TARGET_APP = os.path.join(bin_location, "tests", "x86_64", "fgets")
-
-p = angr.Project(TARGET_APP, auto_load_libs=False)
-
-find_normal = p.loader.find_symbol("find_normal").rebased_addr
-find_exact = p.loader.find_symbol("find_exact").rebased_addr
-find_eof = p.loader.find_symbol("find_eof").rebased_addr
-find_impossible = p.loader.find_symbol("find_impossible").rebased_addr
-
-
-class TestFgets(unittest.TestCase):
-    def _testfind(self, addr, failmsg):
-        e = p.factory.entry_state()
-        e.options.add(angr.sim_options.SHORT_READS)
-        e.options.add(angr.sim_options.SYMBOL_FILL_UNCONSTRAINED_MEMORY)
-        s = p.factory.simgr(e)
-        r = s.explore(find=addr)
-        assert len(r.found) > 0, failmsg
-        return r.found[0].posix.dumps(0)
-
-    def _testnotfind(self, addr, failmsg):
-        e = p.factory.entry_state()
-        e.options.add(angr.sim_options.SHORT_READS)
-        e.options.add(angr.sim_options.SYMBOL_FILL_UNCONSTRAINED_MEMORY)
-        s = p.factory.simgr(e)
-        r = s.explore(find=addr)
-        assert len(r.found) == 0, failmsg
-
-    def test_normal(self):
-        answer = self._testfind(find_normal, "Normal Failure!")
-        assert answer == b"normal\n"
-
-    def test_exact(self):
-        answer = self._testfind(find_exact, "Exact Failure!")
-        assert answer.endswith(b"0123456789")
-
-    def test_impossible(self):
-        self._testnotfind(find_impossible, "Impossible Failure!")
-
-
-if __name__ == "__main__":
-    unittest.main()