angr 9.2.87__py3-none-manylinux2014_x86_64.whl → 9.2.89__py3-none-manylinux2014_x86_64.whl

tests/procedures/libc/test_strtol.py

@@ -1,78 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.procedures.libc"  # pylint:disable=redefined-builtin
-
-import os
-import subprocess
-import sys
-import unittest
-
-import angr
-
-from ...common import slow_test, bin_location  # pylint:disable=import-error,wrong-import-position
-
-
-class TestStrtol(unittest.TestCase):
-    # pylint: disable=no-self-use
-
-    @slow_test
-    @unittest.skipUnless(sys.platform.startswith("linux"), "linux-only")
-    def test_strtol(self, threads=None):
-        test_bin = os.path.join(bin_location, "tests", "x86_64", "strtol_test")
-        # disabling auto_load_libs increases the execution time of the test case.
-        b = angr.Project(test_bin, auto_load_libs=True)
-
-        initial_state = b.factory.entry_state(remove_options={angr.options.LAZY_SOLVES})
-        pg = b.factory.simulation_manager(thing=initial_state, threads=threads)
-
-        # find the end of main
-        expected_outputs = {
-            b"base 8 worked\n",
-            b"base +8 worked\n",
-            b"0x worked\n",
-            b"+0x worked\n",
-            b"base +10 worked\n",
-            b"base 10 worked\n",
-            b"base -8 worked\n",
-            b"-0x worked\n",
-            b"base -10 worked\n",
-            b"Nope\n",
-        }
-        pg.explore(find=0x400804, num_find=len(expected_outputs))
-        assert len(pg.found) == len(expected_outputs)
-
-        # check the outputs
-        pipe = subprocess.PIPE
-        for f in pg.found:
-            test_input = f.posix.dumps(0)
-            test_output = f.posix.dumps(1)
-            expected_outputs.remove(test_output)
-
-            # check the output works as expected
-            with subprocess.Popen(test_bin, stdout=pipe, stderr=pipe, stdin=pipe) as p:
-                ret = p.communicate(test_input)[0]
-            assert ret == test_output
-
-        # check that all of the outputs were seen
-        assert len(expected_outputs) == 0
-
-    def test_strtol_long_string(self):
-        # convert a 11-digit long string to a number.
-        # there was an off-by-one error before.
-
-        b = angr.load_shellcode(b"\x90\x90", "AMD64")
-        state = b.factory.blank_state()
-        state.memory.store(0x500000, b"98831114236\x00")
-
-        state.libc.max_strtol_len = 11
-
-        strtol = angr.SIM_LIBRARIES["libc.so.6"].get("strtol", arch=b.arch)
-        strtol.state = state.copy()
-        ret = strtol.run(0x500000, 0, 0)
-
-        assert strtol.state.satisfiable()
-        assert len(strtol.state.solver.eval_upto(ret, 2)) == 1
-        assert strtol.state.solver.eval_one(ret) == 98831114236
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/linux_kernel/test_lseek.py

@@ -1,174 +0,0 @@
-#!/usr/bin/env python3
-import unittest
-
-from angr import SIM_PROCEDURES
-from angr import SimState, SimPosixError, SimFile
-
-
-FAKE_ADDR = 0x100000
-
-
-def lseek(state, arguments):
-    return SIM_PROCEDURES["linux_kernel"]["lseek"]().execute(state, arguments=arguments)
-
-
-# Taken from unistd.h
-SEEK_SET = 0  # Seek from beginning of file.
-SEEK_CUR = 1  # Seek from current position.
-SEEK_END = 2  # Seek from end of file.
-# GNU Extensions
-SEEK_DATA = 3  # Seek to next data.
-SEEK_HOLE = 4  # Seek to next hole.
-
-
-class TestLseek(unittest.TestCase):
-    def test_lseek_set(self):
-        state = SimState(arch="AMD64", mode="symbolic")
-
-        # This could be any number above 2 really
-        fd = 3
-
-        # Create a file
-        state.fs.insert("/tmp/qwer", SimFile(name="qwer", size=100))
-        assert fd == state.posix.open(b"/tmp/qwer", 2)
-
-        # Part 1
-
-        # Seek to the top of the file
-        current_pos = lseek(state, [fd, 0, SEEK_SET]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # We should be at the start
-        assert current_pos == 0
-
-        # Part 2
-
-        # Seek to the top of the file
-        current_pos = lseek(state, [fd, 8, SEEK_SET]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # We should be at the start
-        assert current_pos == 8
-
-        # Part 3
-
-        # Seek to the top of the file
-        current_pos = lseek(state, [fd, 3, SEEK_SET]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # We should be at the start
-        assert current_pos == 3
-
-    def test_lseek_cur(self):
-        state = SimState(arch="AMD64", mode="symbolic")
-
-        # This could be any number above 2 really
-        fd = 3
-
-        # Create a file
-        state.fs.insert("/tmp/qwer", SimFile(name="qwer", size=100))
-        assert fd == state.posix.open(b"/tmp/qwer", 2)
-
-        # Part 1
-
-        # Add 12
-        current_pos = lseek(state, [fd, 12, SEEK_CUR]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # We should be at the start
-        assert current_pos == 12
-
-        # Part 2
-
-        # Remove 3
-        current_pos = lseek(state, [fd, -3, SEEK_CUR]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # We should be at the start
-        assert current_pos == 9
-
-    def test_lseek_end(self):
-        state = SimState(arch="AMD64", mode="symbolic")
-
-        fd = 3
-
-        # Create a file
-        state.fs.insert("/tmp/qwer", SimFile(name="qwer", size=16))
-        assert fd == state.posix.open(b"/tmp/qwer", 2)
-
-        # Part 1
-
-        # Add 5
-        current_pos = lseek(state, [fd, 0, SEEK_END]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # We should be at the end + offset
-        assert current_pos == 16
-
-        # Part 2
-
-        # Minus 6. End of file never actually changed
-        current_pos = lseek(state, [fd, -6, SEEK_END]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # We should be at the end + offset
-        assert current_pos == 10
-
-    def test_lseek_unseekable(self):
-        state = SimState(arch="AMD64", mode="symbolic")
-
-        # Illegal seek
-        current_pos = lseek(state, [0, 0, SEEK_SET]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # Assert we have a negative return value
-        assert current_pos & (1 << 63) != 0
-
-        # Illegal seek
-        current_pos = lseek(state, [1, 0, SEEK_SET]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # Assert we have a negative return value
-        assert current_pos & (1 << 63) != 0
-
-        # Illegal seek
-        current_pos = lseek(state, [2, 0, SEEK_SET]).ret_expr
-        current_pos = state.solver.eval(current_pos)
-
-        # Assert we have a negative return value
-        assert current_pos & (1 << 63) != 0
-
-    def test_lseek_symbolic_whence(self):
-        with self.assertRaises(SimPosixError):
-            # symbolic whence is currently not possible
-            state = SimState(arch="AMD64", mode="symbolic")
-
-            # This could be any number above 2 really
-            fd = 3
-
-            # Create a file
-            assert fd == state.posix.open(b"/tmp/qwer", 1)
-
-            whence = state.solver.BVS("whence", 64)
-
-            # This should cause the exception
-            lseek(state, [fd, 0, whence])
-
-    def test_lseek_symbolic_seek(self):
-        # symbolic seek is currently not possible
-        state = SimState(arch="AMD64", mode="symbolic")
-
-        # This could be any number above 2 really
-        fd = 3
-
-        # Create a file
-        assert fd == state.posix.open(b"/tmp/qwer", 1)
-
-        seek = state.solver.BVS("seek", 64)
-
-        # This should NOT cause an exception
-        lseek(state, [fd, seek, SEEK_SET])
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/posix/test_chroot.py

@@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-# pylint:disable=missing-class-docstring,no-self-use
-__package__ = __package__ or "tests.procedures.posix"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-from angr.state_plugins.posix import Flags
-
-from ...common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestChroot(unittest.TestCase):
-    def test_chroot(self):
-        project = angr.Project(os.path.join(test_location, "x86_64", "chroot_test"))
-        initial_state = project.factory.entry_state()
-
-        simgr = project.factory.simgr(initial_state)
-
-        simgr.run()
-
-        # Try and read the files stat size from new chrooted dir
-        fd = simgr.deadended[0].posix.open("/test.txt", Flags.O_RDONLY)
-        stat = simgr.deadended[0].posix.fstat(fd)
-        print(f"File's Stat Size: {stat.st_size}")
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/posix/test_getenv.py

@@ -1,78 +0,0 @@
-#!/usr/bin/env python3
-# Disable some pylint warnings: no-self-use, missing-docstring
-# pylint: disable=R0201, C0111
-__package__ = __package__ or "tests.procedures.posix"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import claripy
-
-import angr
-
-from ...common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestRunEcho(unittest.TestCase):
-    flag = "this_is_a_string!"
-
-    def test_run_getenv_with_env(self):
-        env = {"PATH": "/home/angr/", "TEST_ENV1": "this_is_a_string!", "JAVA_HOME": "jdk-install-dir"}
-        TEST_name = ["TEST_ENV1", "TEST_ENV2"]
-        p = angr.Project(os.path.join(test_location, "x86_64", "test_getenv"))
-        s = p.factory.entry_state(env=env)
-        simgr = p.factory.simulation_manager(s)
-        simgr.explore()
-
-        assert len(simgr.deadended) == 1
-
-        output_lines = simgr.deadended[0].posix.dumps(1).decode().splitlines(keepends=False)
-        expect_output = (
-            [f"# {k}={v}" for k, v in env.items()]
-            + ["{k}: {v}".format(k=k, v=env.get(k, "__NULL__")) for k in TEST_name]
-            + ["!! Bingo " + self.flag]
-        )
-
-        output_lines.sort()
-        expect_output.sort()
-
-        assert output_lines == expect_output
-
-    def test_run_getenv_without_env(self):
-        p = angr.Project(os.path.join(test_location, "x86_64", "test_getenv"))
-        s = p.factory.entry_state()
-        simgr = p.factory.simulation_manager(s)
-        simgr.explore()
-
-        assert len(simgr.deadended) == 2
-
-        bingo_count = 0
-        for s in simgr.deadended:
-            bingo_count += int(b"Bingo" in s.posix.dumps(1))
-
-        assert bingo_count == 1
-
-    def test_run_getenv_with_symbolic_env(self):
-        flag = claripy.Concat(*[claripy.BVS("flag_%d" % i, 8) for i in range(30)])
-        env = {"PATH": "/home/angr/", "TEST_ENV1": flag, "JAVA_HOME": "jdk-install-dir"}
-        p = angr.Project(os.path.join(test_location, "x86_64", "test_getenv"))
-        s = p.factory.entry_state(env=env)
-        simgr = p.factory.simulation_manager(s)
-        simgr.explore()
-
-        assert len(simgr.deadended) == 2
-
-        solved_flag = []
-        for s in simgr.deadended:
-            if b"Bingo" in s.posix.dumps(1):
-                solved_flag.append(s.solver.eval(flag, cast_to=bytes).strip(b"\x00"))
-
-        assert len(solved_flag) == 1
-        assert solved_flag[0].decode() == self.flag
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/posix/test_pwrite_pread.py

@@ -1,57 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use,line-too-long
-
-import unittest
-
-from angr import SimState, SimFile, SIM_PROCEDURES
-
-
-class TestPwrite(unittest.TestCase):
-    def test_pwrite(self):
-        pwrite = SIM_PROCEDURES["posix"]["pwrite64"]()
-
-        state = SimState(arch="AMD64", mode="symbolic")
-        simfile = SimFile("concrete_file", content="hello world!\n")
-        state.fs.insert("test", simfile)
-        fd = state.posix.open(b"test", 1)
-
-        buf_addr = 0xD0000000
-        state.memory.store(buf_addr, b"test!")
-        pwrite.execute(state, arguments=[fd, buf_addr, 5, 6])
-
-        simfd = state.posix.get_fd(fd)
-        simfd.seek(0)
-        res = 0xC0000000
-        simfd.read(res, 13)
-        data = state.solver.eval(state.mem[res].string.resolved, cast_to=bytes)
-
-        assert data == b"hello test!!\n"
-
-        state.posix.close(fd)
-
-
-class TestPread(unittest.TestCase):
-    def test_pread(self):
-        pwrite = SIM_PROCEDURES["posix"]["pread64"]()
-
-        state = SimState(arch="AMD64", mode="symbolic")
-        simfile = SimFile("concrete_file", content="hello world!\n")
-        state.fs.insert("test", simfile)
-        fd = state.posix.open(b"test", 1)
-
-        buf1_addr = 0xD0000000
-        buf2_addr = 0xD0001000
-        pwrite.execute(state, arguments=[fd, buf1_addr, 6, 6])
-        pwrite.execute(state, arguments=[fd, buf2_addr, 5, 0])
-
-        data1 = state.solver.eval(state.mem[buf1_addr].string.resolved, cast_to=bytes)
-        data2 = state.solver.eval(state.mem[buf2_addr].string.resolved, cast_to=bytes)
-
-        assert data1 == b"world!"
-        assert data2 == b"hello"
-
-        state.posix.close(fd)
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/posix/test_sim_time.py

@@ -1,46 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use,line-too-long
-
-import unittest
-
-import angr
-
-
-class TestSimTime(unittest.TestCase):
-    def test_gettimeofday(self):
-        proc = angr.SIM_PROCEDURES["posix"]["gettimeofday"]()
-
-        s = angr.SimState(arch="amd64")
-        s.regs.rdi = 0x8000
-        s.regs.rsi = 0
-
-        s.options.add(angr.options.USE_SYSTEM_TIMES)
-        proc.execute(s)
-        assert not s.mem[0x8000].qword.resolved.symbolic
-        assert not s.mem[0x8008].qword.resolved.symbolic
-
-        s.options.discard(angr.options.USE_SYSTEM_TIMES)
-        proc.execute(s)
-        assert s.mem[0x8000].qword.resolved.symbolic
-        assert s.mem[0x8008].qword.resolved.symbolic
-
-    def test_clock_gettime(self):
-        proc = angr.SIM_PROCEDURES["posix"]["clock_gettime"]()
-
-        s = angr.SimState(arch="amd64")
-        s.regs.rdi = 0
-        s.regs.rsi = 0x8000
-
-        s.options.add(angr.options.USE_SYSTEM_TIMES)
-        proc.execute(s)
-        assert not s.mem[0x8000].qword.resolved.symbolic
-        assert not s.mem[0x8008].qword.resolved.symbolic
-
-        s.options.discard(angr.options.USE_SYSTEM_TIMES)
-        proc.execute(s)
-        assert s.mem[0x8000].qword.resolved.symbolic
-        assert s.mem[0x8008].qword.resolved.symbolic
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/posix/test_unlink.py

@@ -1,46 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use,line-too-long
-
-import unittest
-
-import angr
-
-
-class TestUnlink(unittest.TestCase):
-    def test_file_unlink(self):
-        # Initialize a blank state with an arbitrary errno location
-        state = angr.SimState(arch="AMD64", mode="symbolic")
-        state.libc.errno_location = 0xA0000000
-        state.libc.errno = 0
-
-        # Create a file 'test'
-        fd = state.posix.open(b"test", 1)
-        state.posix.close(fd)
-
-        # Ensure 'test' was in fact created
-        assert b"/test" in state.fs._files
-
-        # Store the filename in memory
-        path_addr = 0xB0000000
-        state.memory.store(path_addr, b"test\x00")
-
-        # Unlink 'test': should return 0 and leave ERRNO unchanged
-        unlink = angr.SIM_PROCEDURES["posix"]["unlink"]()
-        state.scratch.sim_procedure = unlink
-        rval = unlink.execute(state, arguments=[path_addr]).ret_expr
-        assert rval == 0
-        assert state.solver.eval(state.libc.errno) == 0
-
-        # Check that 'test' was in fact deleted
-        assert state.fs._files == {}
-
-        # Unlink again: should return -1 and set ERRNO to ENOENT
-        unlink = angr.SIM_PROCEDURES["posix"]["unlink"]()
-        state.scratch.sim_procedure = unlink
-        rval = unlink.execute(state, arguments=[path_addr]).ret_expr
-        assert rval == -1
-        assert state.solver.eval(state.libc.errno) == state.posix.ENOENT
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/test_project_resolve_simproc.py

@@ -1,43 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use,line-too-long
-__package__ = __package__ or "tests.procedures"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-bina = os.path.join(test_location, "x86_64", "test_project_resolve_simproc")
-
-
-# We voluntarily don't use SimProcedures for 'rand' and 'sleep' because we want
-# to step into their lib code.
-class TestProjectResolveSimProc(unittest.TestCase):
-    def test_bina(self):
-        # auto_load_libs can't be disabled as the testcase fails
-        p = angr.Project(bina, exclude_sim_procedures_list=["rand", "sleep"], load_options={"auto_load_libs": True})
-
-        # Make sure external functions are not replaced with a SimProcedure
-        sleep_jmpslot = p.loader.main_object.jmprel["sleep"]
-        rand_jmpslot = p.loader.main_object.jmprel["rand"]
-        read_jmpslot = p.loader.main_object.jmprel["read"]
-
-        sleep_addr = p.loader.memory.unpack_word(sleep_jmpslot.rebased_addr)
-        rand_addr = p.loader.memory.unpack_word(rand_jmpslot.rebased_addr)
-        read_addr = p.loader.memory.unpack_word(read_jmpslot.rebased_addr)
-
-        libc_sleep_addr = p.loader.shared_objects["libc.so.6"].get_symbol("sleep").rebased_addr
-        libc_rand_addr = p.loader.shared_objects["libc.so.6"].get_symbol("rand").rebased_addr
-
-        assert sleep_addr == libc_sleep_addr
-        assert rand_addr == libc_rand_addr
-        assert p.is_hooked(read_addr)
-        assert "read" in str(p._sim_procedures[read_addr])
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/procedures/test_sim_procedure.py

@@ -1,117 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use,line-too-long
-__package__ = __package__ or "tests.procedures"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-from angr.codenode import BlockNode, HookNode, SyscallNode
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestSimProcedure(unittest.TestCase):
-    def test_ret_float(self):
-        class F1(angr.SimProcedure):
-            def run(self, *args, **kwargs):  # pylint: disable=unused-argument
-                return 12.5
-
-        p = angr.load_shellcode(b"X", arch="i386")
-
-        p.hook(0x1000, F1(prototype="float (x)();"))
-        p.hook(0x2000, F1(prototype="double (x)();"))
-
-        s = p.factory.call_state(addr=0x1000, ret_addr=0, prototype="float(x)()")
-        succ = s.step()
-        assert len(succ.successors) == 1
-        s2 = succ.flat_successors[0]
-        assert not s2.regs.st0.symbolic
-        assert s2.solver.eval(s2.regs.st0.raw_to_fp()) == 12.5
-
-        s = p.factory.call_state(addr=0x2000, ret_addr=0, prototype="double(x)()")
-        succ = s.step()
-        assert len(succ.successors) == 1
-        s2 = succ.flat_successors[0]
-        assert not s2.regs.st0.symbolic
-        assert s2.solver.eval(s2.regs.st0.raw_to_fp()) == 12.5
-
-        p = angr.load_shellcode(b"X", arch="amd64")
-
-        p.hook(0x1000, F1(prototype="float (x)();"))
-        p.hook(0x2000, F1(prototype="double (x)();"))
-
-        s = p.factory.call_state(addr=0x1000, ret_addr=0, prototype="float(x)()")
-        succ = s.step()
-        assert len(succ.successors) == 1
-        s2 = succ.flat_successors[0]
-        res = s2.registers.load("xmm0", 4).raw_to_fp()
-        assert not res.symbolic
-        assert s2.solver.eval(res) == 12.5
-
-        s = p.factory.call_state(addr=0x2000, ret_addr=0, prototype="double(x)()")
-        succ = s.step()
-        assert len(succ.successors) == 1
-        s2 = succ.flat_successors[0]
-        res = s2.registers.load("xmm0", 8).raw_to_fp()
-        assert not res.symbolic
-        assert s2.solver.eval(res) == 12.5
-
-    def test_syscall_and_simprocedure(self):
-        bin_path = os.path.join(test_location, "cgc", "CADET_00002")
-        proj = angr.Project(bin_path, auto_load_libs=False)
-        cfg = proj.analyses.CFGFast(normalize=True)
-
-        # check syscall
-        node = cfg.get_any_node(proj.loader.kernel_object.mapped_base + 1)
-        func = proj.kb.functions[node.addr]
-
-        assert node.is_simprocedure
-        assert node.is_syscall
-        assert not node.to_codenode().is_hook
-        assert not proj.is_hooked(node.addr)
-        assert func.is_syscall
-        assert func.is_simprocedure
-        assert type(proj.factory.snippet(node.addr)) == SyscallNode
-
-        # check normal functions
-        node = cfg.get_any_node(0x80480A0)
-        func = proj.kb.functions[node.addr]
-
-        assert not node.is_simprocedure
-        assert not node.is_syscall
-        assert not proj.is_hooked(node.addr)
-        assert not func.is_syscall
-        assert not func.is_simprocedure
-        assert type(proj.factory.snippet(node.addr)) == BlockNode
-
-        # check hooked functions
-        proj.hook(0x80480A0, angr.SIM_PROCEDURES["libc"]["puts"]())
-        cfg = proj.analyses.CFGFast(normalize=True)  # rebuild cfg to updated nodes
-        node = cfg.get_any_node(0x80480A0)
-        func = proj.kb.functions[node.addr]
-
-        assert node.is_simprocedure
-        assert not node.is_syscall
-        assert proj.is_hooked(node.addr)
-        assert not func.is_syscall
-        assert func.is_simprocedure
-        assert type(proj.factory.snippet(node.addr)) == HookNode
-
-    def test_inet_ntoa(self) -> None:
-        """
-        Test the inet_ntoa simprocedure for functionality
-        """
-        bin_path = os.path.join(test_location, "x86_64", "inet_ntoa")
-        proj = angr.Project(bin_path, auto_load_libs=False, use_sim_procedures=True)
-        initial_state = proj.factory.entry_state()
-        simgr = proj.factory.simgr(initial_state)
-        after = simgr.run()
-        assert after.deadended[0].posix.dumps(1) == b"192.168.192.168\n"
-
-
-if __name__ == "__main__":
-    unittest.main()