Skip to content
Snippets Groups Projects
Commit 1b20d11f authored by Jason Hiser's avatar Jason Hiser :tractor:
Browse files

trying to make zipr and ir-builders plugins 

Former-commit-id: e090137bcdabec261f551794d48cce91f214e47f
parent 8bd01812
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 472 additions and 495 deletions
tools/ps_analyze.sh
+ 472
495
View file @ 1b20d11f
#!/bin/bash
#!/bin/bash
#
# ps_analyze.sh - analyze a program and transform it for peasoupification to prevent exploit.
#
......@@ -15,52 +15,73 @@ realpath() {
/bin/pwd
}
init_globals()
{
##################################################################################
# set default values for
##################################################################################
##################################################################################
# set default values for
##################################################################################
initial_on_phases="stratafy_with_pc_confine create_binary_script is_so gather_libraries meds_static pdb_register fill_in_cfg fill_in_indtargs clone fix_calls generate_spri spasm fast_annot fast_spri preLoaded_ILR1 preLoaded_ILR2"
initial_on_phases="stratafy_with_pc_confine create_binary_script is_so gather_libraries meds_static pdb_register fill_in_cfg fill_in_indtargs clone fix_calls generate_spri spasm fast_annot fast_spri preLoaded_ILR1 preLoaded_ILR2"
##################################################################################
##################################################################################
ulimit -s unlimited > /dev/null 2>&1 || true
ulimit -s unlimited > /dev/null 2>&1 || true
# default watchdog value is 30 seconds
#watchdog_val=30
errors=0
warnings=0
# default watchdog value is 30 seconds
#watchdog_val=30
errors=0
warnings=0
# record statistics in database?
record_stats=0
# record statistics in database?
record_stats=0
export backend=strata
# DEFAULT TIMEOUT VALUE
INTEGER_TRANSFORM_TIMEOUT_VALUE=1800
TWITCHER_TRANSFORM_TIMEOUT_VALUE=1800
# Setting PN timeout to 6 hours for TNE.
# PN_TIMEOUT_VALUE=21600
#
# set default values for
#
export backend=strata
#CONCOLIC_DIR=concolic.files_a.stratafied_0001
#
# set default values for
#
# JOBID
CONCOLIC_DIR=concolic.files_a.stratafied_0001
# JOBID
user_critical_steps=""
JOBID="$(basename $1).$$"
#
# By default, big data approach is off
# To turn on the big data approach: modify check_options()
#
user_critical_steps=""
# alarm handler
THIS_PID=$$
#
# turn off runtime protections for BED. turn off runtime prrotections for BED. turn off runtime prrotections for BED.
#
STRATA_DOUBLE_FREE=0
STRATA_HEAPRAND=0
STRATA_PC_CONFINE=0
STRATA_PC_CONFINE_XOR=0
#
# set the threshold value. if a step errors with a more severe error (1=most severe, >1 lesser severe)
# than the error_threshold, we exit.
#
error_threshold=0
#
# record when we started processing:
#
ps_starttime=$($PS_DATE)
#
# By default, big data approach is off
# To turn on the big data approach: modify check_options()
#
# alarm handler
THIS_PID=$$
#
# stepnum used for counting how many steps peasoup executes
#
stepnum=0
}
handle_alarm()
{
# reset handler
......@@ -260,7 +281,7 @@ check_options()
if [ "X$2" = "Xzipr" ]; then
echo "Using Zipr backend."
export backend="zipr"
phases_spec=" $phases_spec clone=off stratafy_with_pc_confine=off generate_spri=off spasm=off fast_annot=off zipr=on preLoaded_ILR1=off preLoaded_ILR2=off fast_spri=off create_binary_script=off is_so=off"
phases_spec=" $phases_spec gather_libraries=off clone=off stratafy_with_pc_confine=off generate_spri=off spasm=off fast_annot=off zipr=on preLoaded_ILR1=off preLoaded_ILR2=off fast_spri=off create_binary_script=off is_so=off"
phases_spec=${phases_spec/preLoaded_ILR1=on/}
phases_spec=${phases_spec/preLoaded_ILR2=on/}
step_options_gather_libraries="$step_options_gather_libraries --main_exe_only"
......@@ -341,6 +362,34 @@ check_options()
esac
done
#
# Check/parse input/output file
#
if [ -z $2 ]; then
fail_gracefully "Usage: $0 <original_binary> <new_binary> <options>"
fi
#
# record the original program's name
#
orig_exe=$1
shift
#
# sanity check incoming arg.
#
if [ ! -f $orig_exe ]; then
fail_gracefully "ps_analyze cannot find file named $orig_exe."
fi
JOBID="$(basename $orig_exe).$$"
#
# record the new program's name
#
export protected_exe=$1
shift
# report errors if found
if [ ! -z $1 ]; then
echo Unparsed parameters:
......@@ -350,12 +399,6 @@ check_options()
exit -3;
fi
# turn off heaprand, signconv_func_monitor, and watchdog double_free if twitcher is on for now
is_step_on twitchertransform
if [[ $? = 1 && "$TWITCHER_HOME" != "" ]]; then
phases_spec="$phases_spec heaprand=off signconv_func_monitor=off watchdog=off double_free=off"
fi
#
# turn on/off recording of statistics
#
......@@ -702,20 +745,16 @@ do_plugins()
builtin_steps="
gather_libraries
meds_static
rida
pdb_register
fill_in_cfg
fill_in_indtargs
clone
fix_calls
manual_test
zipr
generate_spri
preLoaded_ILR1
preLoaded_ILR2
spasm
fast_annot
fast_spri
rida
"
for i in $phases_spec
......@@ -758,18 +797,6 @@ do_plugins()
warnings=1
fi
done
# old style -- scan plugins in alphabetical order.
# # do plugins directory
# for i in $SECURITY_TRANSFORMS_HOME/plugins_install/*.exe $SECURITY_TRANSFORMS_HOME/plugins_install/*.sh;
# do
# stepname=`basename $i .exe`
# stepname=`basename $stepname .sh`
# this_step_options_name=step_options_$stepname
# value="${!this_step_options_name}"
# perform_step $stepname none $i $cloneid $value
# done
}
......@@ -909,536 +936,486 @@ compatcheck()
}
#
# turn on debugging output if it's requested.
#
if [ ! -z "$VERBOSE" ]; then
set -x
fi
# Make sure thanos is always exited
exit_thanos()
{
# will do the job for emergency exits
kill $thanos_pid &> /dev/null
wait $thanos_pid &> /dev/null
rm -f $input_pipe
rm -f $output_pipe
}
#
# set the threshold value. if a step errors with a more severe error (1=most severe, >1 lesser severe)
# than the error_threshold, we exit.
#
error_threshold=0
do_prefix_steps()
{
#
# copy the .so files for this exe into a working directory.
#
perform_step gather_libraries mandatory $PEASOUP_HOME/tools/do_gatherlibs.sh $step_options_gather_libraries
#
# record when we started processing:
#
ps_starttime=$($PS_DATE)
#
# Running IDA Pro static analysis phase ...
#
perform_step meds_static mandatory $PEASOUP_HOME/tools/do_idapro.sh $name $step_options_meds_static
perform_step rida mandatory $SECURITY_TRANSFORMS_HOME/plugins_install/rida.exe ./a.ncexe ./a.ncexe.annot ./a.ncexe.infoannot ./a.ncexe.STARSxrefs $step_options_rida
touch a.ncexe.annot
cp a.ncexe.annot a.ncexe.annot.full
##
## Populate IR Database
##
#
# stepnum used for counting how many steps peasoup executes
#
stepnum=0
#
# get some simple info for the program
#
if [ -z $DB_PROGRAM_NAME ]; then
DB_PROGRAM_NAME=`basename $protected_exe | sed "s/[^a-zA-Z0-9]/_/g"`
fi
#MD5HASH=`$PS_MD5SUM $newname.ncexe | cut -f1 -d' '`
INSTALLER=`pwd`
#
# Check for proper environment variables and files that are necessary to peasoupify a program.
#
check_environ_vars PEASOUP_HOME SMPSA_HOME SECURITY_TRANSFORMS_HOME IDAROOT
#
# register the program
#
perform_step pdb_register mandatory "$PEASOUP_HOME/tools/db/pdb_register.sh $DB_PROGRAM_NAME `pwd`" registered.id
is_step_on pdb_register
if [ $? = 1 ]; then
varid=`cat registered.id`
if [ ! $varid -gt 0 ]; then
fail_gracefully "Failed to write Variant into database. Exiting early. Is postgres running? Can $PGUSER access the db?"
fi
fi
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_register.sh "$JOBID" "$DB_PROGRAM_NAME" "$varid" 'submitted' "$ps_starttime"
fi
if [ ! -x $SMPSA_HOME/SMP-analyze.sh ] && [ ! -x $SMPSA_HOME/SMP-analyze.sh ] ; then
echo "SMP-analyze script (local or remote) not found"
exit 1
fi
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'pending' "$ps_starttime"
fi
}
#
# Check/parse options
#
if [ -z $2 ]; then
fail_gracefully "Usage: $0 <original_binary> <new_binary> <options>"
fi
main()
{
init_globals
#
# record the original program's name
#
orig_exe=$1
newname=a
shift
#
# sanity check incoming arg.
#
if [ ! -f $orig_exe ]; then
fail_gracefully "ps_analyze cannot find file named $orig_exe."
fi
#
# Check for proper environment variables and files that are necessary to peasoupify a program.
#
check_environ_vars PEASOUP_HOME SECURITY_TRANSFORMS_HOME
#
# record the new program's name
#
export protected_exe=$1
shift
#
# finish argument parsing
#
check_options "$@"
#
# finish argument parsing
#
check_options "$@"
#
# check for input file existance and file type
#
compatcheck $orig_exe
#
# check for input file existance and file type
#
compatcheck $orig_exe
#
# new program
#
name=`basename $orig_exe`
#
# new program
#
name=`basename $orig_exe`
newname=a
#
# create a new working directory. default to something that allows parallelism unless asked by the user.
#
if [ "X$tempdir_opt" != "X" ]; then
newdir="$tempdir_opt"
else
newdir=peasoup_executable_directory.$JOBID
fi
export newdir
# create a working dir for all our files using the pid
mkdir $newdir
# store the original executable as a.ncexe
cp $orig_exe $newdir/$newname.ncexe
file $orig_exe|grep 32-bit >/dev/null 2>&1
if [ $? = 0 ]; then
if [ `uname -p` = 'x86_64' ]; then
STRATA_HOME=$STRATA_HOME32
STRATA=$STRATA32
#
# create a new working directory. default to something that allows parallelism unless asked by the user.
#
if [ "X$tempdir_opt" != "X" ]; then
newdir="$tempdir_opt"
else
newdir=peasoup_executable_directory.$JOBID
fi
arch_bits=32
else
arch_bits=64
fi
if [ $backend = "strata" ]; then
check_environ_vars STRATA_HOME
check_files $PEASOUP_HOME/tools/getsyms.sh $STRATA_HOME/tools/pc_confinement/stratafy_with_pc_confine.sh
elif [ $backend = "zipr" ]; then
check_environ_vars ZIPR_INSTALL
check_files $ZIPR_INSTALL/bin/zipr.exe
else
echo "Unknown backend!"
exit 1
fi
export newdir
#
# setup libstrata.so. We'll setup two versions, one with symbols so we can debug, and a stripped, faster-loading version.
# by default, use the faster version. copy in the .symbosl version for debugging
#
if [ -f $STRATA_HOME/lib/libstrata.so -a $backend = "strata" ]; then
cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.symbols
cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.nosymbols
$PS_STRIP $newdir/libstrata.so.nosymbols
cp $newdir/libstrata.so.nosymbols $newdir/libstrata.so
fi
# create a working dir for all our files using the pid
mkdir $newdir
# store the original executable as a.ncexe
cp $orig_exe $newdir/$newname.ncexe
adjust_lib_path
file $orig_exe|grep 32-bit >/dev/null 2>&1
if [ $? = 0 ]; then
if [ `uname -p` = 'x86_64' ]; then
STRATA_HOME=$STRATA_HOME32
STRATA=$STRATA32
fi
arch_bits=32
else
arch_bits=64
fi
if [ $backend = "strata" ]; then
check_environ_vars STRATA_HOME
check_files $PEASOUP_HOME/tools/getsyms.sh $STRATA_HOME/tools/pc_confinement/stratafy_with_pc_confine.sh
elif [ $backend = "zipr" ]; then
check_environ_vars ZIPR_INSTALL
check_files $ZIPR_INSTALL/bin/zipr.exe
else
echo "Unknown backend!"
exit 1
fi
# make sure we overwrite out output file one way or another
rm -f $protected_exe
#
# setup libstrata.so. We'll setup two versions, one with symbols so we can debug, and a stripped, faster-loading version.
# by default, use the faster version. copy in the .symbosl version for debugging
#
if [ -f $STRATA_HOME/lib/libstrata.so -a $backend = "strata" ]; then
cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.symbols
cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.nosymbols
$PS_STRIP $newdir/libstrata.so.nosymbols
cp $newdir/libstrata.so.nosymbols $newdir/libstrata.so
fi
# and switch to that dir
cd $newdir
check_for_bad_funcs $newname.ncexe
adjust_lib_path
# next, create a location for our log files
mkdir logs
#
# turn off runtime protections for BED. turn off runtime prrotections for BED. turn off runtime prrotections for BED.
#
STRATA_DOUBLE_FREE=0
STRATA_HEAPRAND=0
STRATA_PC_CONFINE=0
STRATA_PC_CONFINE_XOR=0
# start thanos
input_pipe="thanos_input"
[ -p $input_pipe ] || mkfifo $input_pipe
output_pipe="thanos_output"
[ -p $output_pipe ] || mkfifo $output_pipe
$SECURITY_TRANSFORMS_HOME/plugins_install/thanos.exe $input_pipe $output_pipe &
thanos_pid=$!
# set thanos execution mode
if [ ! -z "$DEBUG_STEPS" ]; then
printf "SET_MODE DEBUG" > $input_pipe
elif [ ! -z "$VERBOSE" ]; then
printf "SET_MODE VERBOSE" > $input_pipe
else
printf "SET_MODE DEFAULT" > $input_pipe
fi
read -r mode_set_res < $output_pipe
if [ "$mode_set_res" != "MODE_SET_OK" ]; then
echo Internal Transform_Step plugin architecture error.
echo Mode set failed. Exiting ps_analyze early.
exit -1
fi
# make sure we overwrite out output file one way or another
rm -f $protected_exe
# Make sure thanos is always exited
function exit_thanos {
# will do the job for emergency exits
kill $thanos_pid &> /dev/null
wait $thanos_pid &> /dev/null
rm -f $input_pipe
rm -f $output_pipe
}
trap exit_thanos EXIT
#
# copy the .so files for this exe into a working directory.
#
perform_step gather_libraries mandatory $PEASOUP_HOME/tools/do_gatherlibs.sh $step_options_gather_libraries
#
# Running IDA Pro static analysis phase ...
#
perform_step meds_static mandatory $PEASOUP_HOME/tools/do_idapro.sh $name $step_options_meds_static
perform_step rida mandatory $SECURITY_TRANSFORMS_HOME/plugins_install/rida.exe ./a.ncexe ./a.ncexe.annot ./a.ncexe.infoannot ./a.ncexe.STARSxrefs $step_options_rida
touch a.ncexe.annot
cp a.ncexe.annot a.ncexe.annot.full
##
## Populate IR Database
##
# and switch to that dir
cd $newdir
#
# get some simple info for the program
#
if [ -z $DB_PROGRAM_NAME ]; then
# DB_PROGRAM_NAME=`basename $orig_exe | sed "s/[^a-zA-Z0-9]/_/g"`
DB_PROGRAM_NAME=`basename $protected_exe | sed "s/[^a-zA-Z0-9]/_/g"`
fi
MD5HASH=`$PS_MD5SUM $newname.ncexe | cut -f1 -d' '`
check_for_bad_funcs $newname.ncexe
INSTALLER=`pwd`
# next, create a location for our log files
mkdir logs
#
# register the program
#
perform_step pdb_register mandatory "$PEASOUP_HOME/tools/db/pdb_register.sh $DB_PROGRAM_NAME `pwd`" registered.id
is_step_on pdb_register
if [ $? = 1 ]; then
varid=`cat registered.id`
if [ ! $varid -gt 0 ]; then
fail_gracefully "Failed to write Variant into database. Exiting early. Is postgres running? Can $PGUSER access the db?"
fi
fi
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_register.sh "$JOBID" "$DB_PROGRAM_NAME" "$varid" 'submitted' "$ps_starttime"
fi
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'pending' "$ps_starttime"
fi
# start thanos
input_pipe="thanos_input"
[ -p $input_pipe ] || mkfifo $input_pipe
output_pipe="thanos_output"
[ -p $output_pipe ] || mkfifo $output_pipe
# build basic IR
perform_step fill_in_cfg mandatory libfill_in_cfg.so $varid $step_options_fill_in_cfg
perform_step fill_in_safefr mandatory $SECURITY_TRANSFORMS_HOME/bin/fill_in_safefr.exe $varid
perform_step fill_in_indtargs mandatory $SECURITY_TRANSFORMS_HOME/bin/fill_in_indtargs.exe $varid $step_options_fill_in_indtargs
$SECURITY_TRANSFORMS_HOME/plugins_install/thanos.exe $input_pipe $output_pipe &
thanos_pid=$!
# finally create a clone so we can do some transforms
perform_step clone mandatory $SECURITY_TRANSFORMS_HOME/bin/clone.exe $varid clone.id
is_step_on clone
if [ $? = 1 ]; then
cloneid=`cat clone.id`
#
# we could skip this check and simplify ps_analyze if we say that cloning is necessary in is_step_error
#
if [ -z "$cloneid" -o ! "$cloneid" -gt 0 ]; then
fail_gracefully "Failed to create variant. Is postgres running properly?"
# set thanos execution mode
if [ ! -z "$DEBUG_STEPS" ]; then
printf "SET_MODE DEBUG" > $input_pipe
elif [ ! -z "$VERBOSE" ]; then
printf "SET_MODE VERBOSE" > $input_pipe
else
printf "SET_MODE DEFAULT" > $input_pipe
fi
else
cloneid=$varid
fi
# do the basic tranforms we're performing for peasoup
perform_step fix_calls mandatory $SECURITY_TRANSFORMS_HOME/bin/fix_calls.exe $cloneid $step_options_fix_calls
# look for strings in the binary
perform_step find_strings none $SECURITY_TRANSFORMS_HOME/bin/find_strings.exe $cloneid $step_options_find_strings
#
# analyze binary for string signatures
#
perform_step appfw find_strings $PEASOUP_HOME/tools/do_appfw.sh $arch_bits $newname.ncexe logs/find_strings.log $step_optoins_appfw
#
# protect_pov
#
perform_step protect_pov fill_in_indtargs $PEASOUP_HOME/tools/do_protect_pov.sh $PWD/a.ncexe $name $PWD/crash.pov.cso $step_options_protect_pov
if [ -f crash.pov.cso ]; then
step_options_watch_allocate="$step_options_watch_allocate --warning_file=crash.pov.cso"
fi
read -r mode_set_res < $output_pipe
#
# check signatures to determine if we know which program this is.
#
perform_step determine_program find_strings $PEASOUP_HOME/tools/match_program.sh
# If we ran determine program and got a log, then see if we were successful.
if [ -f logs/determine_program.log ]; then
program=$(cat logs/determine_program.log |grep "Program is a version of "|sed -e "s/Program is a version of .//" -e "s/.$//")
fi
if [ "$mode_set_res" != "MODE_SET_OK" ]; then
echo Internal Transform_Step plugin architecture error.
echo Mode set failed. Exiting ps_analyze early.
exit -1
fi
if [[ "$program" != "" ]]; then
echo "Detected program is a version of '$program'"
trap exit_thanos EXIT
manual_test_script=$PEASOUP_HOME/tests/$program/test_script.sh
if [[ -f "$manual_test_script" ]];then
#check if the selected script succeeds
#I'm currently capping the validation run to 6 minutes
#to avoid the case where every test times out, but doesn't
#invalidate the test.
eval timeout 360 $manual_test_script `pwd`/$newname.ncexe `pwd`/$newname.ncexe &>logs/script_validation.log
if [[ ! $? -eq 0 ]]; then
echo "Manual Script Failure: test script fails to validate original program, ignoring selected script."
manual_test_script=""
fi
else
echo "Manual Test Script: $manual_test_script Not Found."
manual_test_script=""
fi
else
echo "Program not detected in signature database."
fi
#At this point we will know if manual testing should be turned off automatically
#i.e., we will know if a manual_test_script file exists.
if [ -z $manual_test_script ]; then
phases_spec=" $phases_spec manual_test=off"
else
phases_spec=" $phases_spec manual_test=on"
fi
do_prefix_steps
cloneid=$varid
#
# Run script to setup manual tests
#
perform_step manual_test none $PEASOUP_HOME/tools/do_manualtests.sh $name $protected_exe $manual_test_script $manual_test_coverage_file
#
# remove the parts of the annotation file not needed at runtime
#
perform_step fast_annot meds_static $PEASOUP_HOME/tools/fast_annot.sh
# build basic IR
#perform_step fill_in_cfg mandatory libfill_in_cfg.so $cloneid $step_options_fill_in_cfg
#perform_step fill_in_safefr mandatory $SECURITY_TRANSFORMS_HOME/bin/fill_in_safefr.exe $cloneid
#perform_step fill_in_indtargs mandatory $SECURITY_TRANSFORMS_HOME/bin/fill_in_indtargs.exe $cloneid $step_options_fill_in_indtargs
# finally create a clone so we can do some transforms
# perform_step clone pdb_register $SECURITY_TRANSFORMS_HOME/bin/clone.exe $varid clone.id
# is_step_on clone
# if [ $? = 1 ]; then
# cloneid=`cat clone.id`
# #
# # we could skip this check and simplify ps_analyze if we say that cloning is necessary in is_step_error
# #
# if [ -z "$cloneid" -o ! "$cloneid" -gt 0 ]; then
# fail_gracefully "Failed to create variant. Is postgres running properly?"
# fi
# else
# fi
# do the basic tranforms we're performing for peasoup
#perform_step fix_calls mandatory $SECURITY_TRANSFORMS_HOME/bin/fix_calls.exe $cloneid $step_options_fix_calls
# look for strings in the binary
#perform_step find_strings none $SECURITY_TRANSFORMS_HOME/bin/find_strings.exe $cloneid $step_options_find_strings
#
# analyze binary for string signatures
#
#perform_step appfw find_strings $PEASOUP_HOME/tools/do_appfw.sh $arch_bits $newname.ncexe logs/find_strings.log $step_optoins_appfw
#
# sfuzz: simple fuzzing to find crashes and record crashing instruction
# @todo: 2nd arg is the benchmark name but we're currently passing in
# the binary in
#
perform_step sfuzz none $PEASOUP_HOME/tools/do_sfuzz.sh $newname.ncexe $orig_exe crash.sfuzz.cso
# if crash found, feed the cso file to the watch allocate step
if [ -f crash.sfuzz.cso ]; then
step_options_watch_allocate="$step_options_watch_allocate --warning_file=crash.sfuzz.cso"
fi
#
# protect_pov
#
#perform_step protect_pov fill_in_indtargs $PEASOUP_HOME/tools/do_protect_pov.sh $PWD/a.ncexe $name $PWD/crash.pov.cso $step_options_protect_pov
#if [ -f crash.pov.cso ]; then
# step_options_watch_allocate="$step_options_watch_allocate --warning_file=crash.pov.cso"
#fi
#
# cinderella: infer malloc and other libc functions
#
perform_step cinderella clone,fill_in_indtargs,fill_in_cfg $PEASOUP_HOME/tools/do_cinderella.sh $cloneid
#
# check signatures to determine if we know which program this is.
#
#perform_step determine_program find_strings $PEASOUP_HOME/tools/match_program.sh
#
# # If we ran determine program and got a log, then see if we were successful.
# if [ -f logs/determine_program.log ]; then
# program=$(cat logs/determine_program.log |grep "Program is a version of "|sed -e "s/Program is a version of .//" -e "s/.$//")
# fi
# if [[ "$program" != "" ]]; then
# echo "Detected program is a version of '$program'"
#
# manual_test_script=$PEASOUP_HOME/tests/$program/test_script.sh
#
# if [[ -f "$manual_test_script" ]];then
# #check if the selected script succeeds
# #I'm currently capping the validation run to 6 minutes
# #to avoid the case where every test times out, but doesn't
# #invalidate the test.
# eval timeout 360 $manual_test_script `pwd`/$newname.ncexe `pwd`/$newname.ncexe &>logs/script_validation.log
#
# if [[ ! $? -eq 0 ]]; then
# echo "Manual Script Failure: test script fails to validate original program, ignoring selected script."
# manual_test_script=""
# fi
# else
# echo "Manual Test Script: $manual_test_script Not Found."
# manual_test_script=""
# fi
# else
# echo "Program not detected in signature database."
# fi
#At this point we will know if manual testing should be turned off automatically
#i.e., we will know if a manual_test_script file exists.
# if [ -z $manual_test_script ]; then
# phases_spec=" $phases_spec manual_test=off"
# else
# phases_spec=" $phases_spec manual_test=on"
# fi
#
# For CGC, pad malloc
#
perform_step cgc_hlx cinderella $SECURITY_TRANSFORMS_HOME/bin/cgc_hlx.exe --varid=$cloneid $step_options_cgc_hlx
#
# Run script to setup manual tests
#
#perform_step manual_test none $PEASOUP_HOME/tools/do_manualtests.sh $name $protected_exe $manual_test_script $manual_test_coverage_file
#
# Do P1/Pn transform.
#
#perform_step p1transform meds_static,clone $PEASOUP_HOME/tools/do_p1transform.sh $cloneid $newname.ncexe $newname.ncexe.annot $PEASOUP_HOME/tools/bed.sh $PN_TIMEOUT_VALUE $step_options_p1transform
#
# Do integer transform.
#
if [ -z "$program" ]; then
program="unknown"
fi
#
# remove the parts of the annotation file not needed at runtime
#
# perform_step fast_annot meds_static $PEASOUP_HOME/tools/fast_annot.sh
perform_step integertransform meds_static,clone $PEASOUP_HOME/tools/do_integertransform.sh $cloneid $program $CONCOLIC_DIR $INTEGER_TRANSFORM_TIMEOUT_VALUE $step_options_integertransform
#
# perform step to instrument pgm with return shadow stack
#
perform_step ret_shadow_stack meds_static,clone $PEASOUP_HOME/tools/do_rss.sh --varid $cloneid $step_options_ret_shadow_stack
#
# sfuzz: simple fuzzing to find crashes and record crashing instruction
# @todo: 2nd arg is the benchmark name but we're currently passing in
# the binary in
#
# perform_step sfuzz none $PEASOUP_HOME/tools/do_sfuzz.sh $newname.ncexe $orig_exe crash.sfuzz.cso
# if crash found, feed the cso file to the watch allocate step
# if [ -f crash.sfuzz.cso ]; then
# step_options_watch_allocate="$step_options_watch_allocate --warning_file=crash.sfuzz.cso"
#fi
#
# Do Twitcher transform step if twitcher is present
#
if [[ "$TWITCHER_HOME" != "" && -d "$TWITCHER_HOME" ]]; then
perform_step twitchertransform none $TWITCHER_HOME/twitcher-transform/do_twitchertransform.sh $cloneid $program $CONCOLIC_DIR $TWITCHER_TRANSFORM_TIMEOUT_VALUE
fi
#
# cinderella: infer malloc and other libc functions
#
#perform_step cinderella clone,fill_in_indtargs,fill_in_cfg $PEASOUP_HOME/tools/do_cinderella.sh $cloneid
# input filtering
perform_step input_filtering clone,fill_in_indtargs,fill_in_cfg $SECURITY_TRANSFORMS_HOME/bin/watch_syscall.exe --varid $cloneid --do_input_filtering $step_options_input_filtering
#
# For CGC, pad malloc
#
#perform_step cgc_hlx cinderella $SECURITY_TRANSFORMS_HOME/bin/cgc_hlx.exe --varid=$cloneid $step_options_cgc_hlx
# watch syscalls
perform_step watch_allocate clone,fill_in_indtargs,fill_in_cfg,pdb_register $SECURITY_TRANSFORMS_HOME/bin/watch_syscall.exe --varid $cloneid --do_sandboxing $step_options_watch_allocate
#
# Do P1/Pn transform.
#
#perform_step p1transform meds_static,clone $PEASOUP_HOME/tools/do_p1transform.sh $cloneid $newname.ncexe $newname.ncexe.annot $PEASOUP_HOME/tools/bed.sh $PN_TIMEOUT_VALUE $step_options_p1transform
#
# Do integer transform.
#
#if [ -z "$program" ]; then
# program="unknown"
#fi
#
# check for any steps turned on by the --step option that aren't explicitly mentioned.
# if found, run the step as a plugin to $PS
#
do_plugins
# perform_step integertransform meds_static,clone $PEASOUP_HOME/tools/do_integertransform.sh $cloneid $program $CONCOLIC_DIR $INTEGER_TRANSFORM_TIMEOUT_VALUE $step_options_integertransform
# generate aspri, and assemble it to bspri
perform_step generate_spri mandatory $SECURITY_TRANSFORMS_HOME/bin/generate_spri.exe $($PEASOUP_HOME/tools/is_so.sh a.ncexe) $cloneid a.irdb.aspri
#
# perform step to instrument pgm with return shadow stack
#
#perform_step ret_shadow_stack meds_static,clone $PEASOUP_HOME/tools/do_rss.sh --varid $cloneid $step_options_ret_shadow_stack
# hack to work with cgc file size restrictions.
stratafier_file=`ls -1 *nostrip 2>/dev/null |head -1`
if [ "X$stratafier_file" = "X" ]; then
stratafier_file=stratafier.o.exe
fi
perform_step spasm mandatory $SECURITY_TRANSFORMS_HOME/bin/spasm a.irdb.aspri a.irdb.bspri a.ncexe $stratafier_file libstrata.so.symbols
#
# Do Twitcher transform step if twitcher is present
#
#if [[ "$TWITCHER_HOME" != "" && -d "$TWITCHER_HOME" ]]; then
# perform_step twitchertransform none $TWITCHER_HOME/twitcher-transform/do_twitchertransform.sh $cloneid $program $CONCOLIC_DIR $TWITCHER_TRANSFORM_TIMEOUT_VALUE
#fi
perform_step fast_spri spasm $PEASOUP_HOME/tools/fast_spri.sh a.irdb.bspri a.irdb.fbspri
# input filtering
#perform_step input_filtering clone,fill_in_indtargs,fill_in_cfg $SECURITY_TRANSFORMS_HOME/bin/watch_syscall.exe --varid $cloneid --do_input_filtering $step_options_input_filtering
# preLoaded_ILR step
perform_step preLoaded_ILR1 fast_spri $STRATA_HOME/tools/preLoaded_ILR/generate_hashfiles.exe a.irdb.fbspri
perform_step preLoaded_ILR2 preLoaded_ILR1 $PEASOUP_HOME/tools/generate_relocfile.sh a.irdb.fbspri
# watch syscalls
#perform_step watch_allocate clone,fill_in_indtargs,fill_in_cfg,pdb_register $SECURITY_TRANSFORMS_HOME/bin/watch_syscall.exe --varid $cloneid --do_sandboxing $step_options_watch_allocate
#
# check for any steps turned on by the --step option that aren't explicitly mentioned.
# if found, run the step as a plugin to $PS
#
do_plugins
# put a front end in front of a.stratafied which opens file 990 for strata to read.
perform_step spawner stratafy_with_pc_confine $PEASOUP_HOME/tools/do_spawner.sh
# generate aspri, and assemble it to bspri
#perform_step generate_spri mandatory $SECURITY_TRANSFORMS_HOME/bin/generate_spri.exe $($PEASOUP_HOME/tools/is_so.sh a.ncexe) $cloneid a.irdb.aspri
# put a front end in front of a.stratafied which opens file 990 for strata to read.
perform_step get_pins spasm,fast_spri $PEASOUP_HOME/tools/get_pins.sh
# hack to work with cgc file size restrictions.
#stratafier_file=`ls -1 *nostrip 2>/dev/null |head -1`
#if [ "X$stratafier_file" = "X" ]; then
# stratafier_file=stratafier.o.exe
#fi
#perform_step spasm mandatory $SECURITY_TRANSFORMS_HOME/bin/spasm a.irdb.aspri a.irdb.bspri a.ncexe $stratafier_file libstrata.so.symbols
#
# perform_step fast_spri spasm $PEASOUP_HOME/tools/fast_spri.sh a.irdb.bspri a.irdb.fbspri
# zipr
perform_step zipr fill_in_indtargs,fill_in_cfg,pdb_register env LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ZIPR_INSTALL/lib $ZIPR_INSTALL/bin/zipr.exe --variant $cloneid --zipr:objcopy $PS_OBJCOPY $step_options_zipr
# preLoaded_ILR step
# perform_step preLoaded_ILR1 fast_spri $STRATA_HOME/tools/preLoaded_ILR/generate_hashfiles.exe a.irdb.fbspri
# perform_step preLoaded_ILR2 preLoaded_ILR1 $PEASOUP_HOME/tools/generate_relocfile.sh a.irdb.fbspri
# copy TOCTOU tool here if it exists
if [[ "$CONCURRENCY_HOME/toctou_tool" != "" && -d "$CONCURRENCY_HOME/toctou_tool" ]]; then
perform_step toctou none $CONCURRENCY_HOME/do_toctou.sh
fi
if [[ "$CONCURRENCY_HOME/deadlock" != "" && -d "$CONCURRENCY_HOME/deadlock" ]]; then
# copy deadlock tool here if it exists
perform_step deadlock none $CONCURRENCY_HOME/do_deadlock.sh
# enable some jitter in the scheduling
perform_step schedperturb none $CONCURRENCY_HOME/do_schedperturb.sh
fi
# put a front end in front of a.stratafied which opens file 990 for strata to read.
# perform_step spawner stratafy_with_pc_confine $PEASOUP_HOME/tools/do_spawner.sh
# put a front end in front of a.stratafied which opens file 990 for strata to read.
# perform_step get_pins spasm,fast_spri $PEASOUP_HOME/tools/get_pins.sh
#
#select the output file name to use -- b.out.addseg if zipr is on.
#
is_step_on zipr
zipr_on=$?
if [ $zipr_on -eq 0 ]; then
my_outfile=$newdir/a.sh
else
my_outfile=$newdir/c.out
fi
# AT
perform_step cgc_at_string none $DAFFY_HOME/anti_tamper/string_table_trick.sh $(basename $my_outfile)
# Basic sanity check to make sure protected CB is ok
perform_step cgc_sanity_check none $PEASOUP_HOME/tools/cgc_sanity_check.sh $PWD/a.ncexe ${PWD}/$(basename $my_outfile)
# zipr
# perform_step zipr fill_in_indtargs,fill_in_cfg,pdb_register env LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ZIPR_INSTALL/lib $ZIPR_INSTALL/bin/zipr.exe --variant $cloneid --zipr:objcopy $PS_OBJCOPY $step_options_zipr
# copy TOCTOU tool here if it exists
#if [[ "$CONCURRENCY_HOME/toctou_tool" != "" && -d "$CONCURRENCY_HOME/toctou_tool" ]]; then
# perform_step toctou none $CONCURRENCY_HOME/do_toctou.sh
#fi
#
# create a report for all of ps_analyze.
# if [[ "$CONCURRENCY_HOME/deadlock" != "" && -d "$CONCURRENCY_HOME/deadlock" ]]; then
# # copy deadlock tool here if it exists
# perform_step deadlock none $CONCURRENCY_HOME/do_deadlock.sh
# # enable some jitter in the scheduling
# perform_step schedperturb none $CONCURRENCY_HOME/do_schedperturb.sh
# fi
#
ps_endtime=`$PS_DATE`
report_logs
#
#select the output file name to use -- b.out.addseg if zipr is on.
#
# AT
# perform_step cgc_at_string none $DAFFY_HOME/anti_tamper/string_table_trick.sh $(basename $my_outfile)
# go back to original directory
cd - > /dev/null 2>&1
# Basic sanity check to make sure protected CB is ok
# perform_step cgc_sanity_check none $PEASOUP_HOME/tools/cgc_sanity_check.sh $PWD/a.ncexe ${PWD}/$(basename $my_outfile)
#
# create a report for all of ps_analyze.
#
ps_endtime=`$PS_DATE`
report_logs
# figure out the output file
is_step_on zipr
zipr_on=$?
if [ $zipr_on -eq 0 ]; then
my_outfile=$newdir/a.sh
else
my_outfile=$newdir/c.out
fi
# go back to original directory
cd - > /dev/null 2>&1
# copy output file into requested location.
cp $my_outfile $protected_exe
# copy output file into requested location.
cp $my_outfile $protected_exe
cd $newdir
cd $newdir
# gather stats into JSON format
python $PEASOUP_HOME/tools/gather_stats.py logs/*.log > logs/stats.json
# gather stats into JSON format
python $PEASOUP_HOME/tools/gather_stats.py logs/*.log > logs/stats.json
# make sure we only do this once there are no more updates to the peasoup_dir
perform_step installer none $PEASOUP_HOME/tools/do_installer.sh $PWD $protected_exe
# make sure we only do this once there are no more updates to the peasoup_dir
perform_step installer none $PEASOUP_HOME/tools/do_installer.sh $PWD $protected_exe
# exit thanos cleanly
printf "COMMIT_ALL" > $input_pipe
read -r commit_res < $output_pipe
if [ "$commit_res" != "COMMIT_ALL_OK" ]; then
echo A critical step was necessary, but failed.
echo To know exactly which step failed, source set the DEBUG_STEPS env var.
errors=1;
fi
printf "TERMINATE" > $input_pipe
# exit thanos cleanly
printf "COMMIT_ALL" > $input_pipe
read -r commit_res < $output_pipe
if [ "$commit_res" != "COMMIT_ALL_OK" ]; then
echo A critical step was necessary, but failed.
echo To know exactly which step failed, source set the DEBUG_STEPS env var.
errors=1;
fi
printf "TERMINATE" > $input_pipe
cd - > /dev/null 2>&1
cd - > /dev/null 2>&1
# we're done; cancel timer
if [ ! -z $TIMER_PID ]; then
kill -9 $TIMER_PID
fi
# we're done; cancel timer
if [ ! -z $TIMER_PID ]; then
kill -9 $TIMER_PID
fi
check_steps_completed
check_steps_completed
#
# return success if we created a script to invoke the pgm and zipr is off.
#
if [ -f $protected_exe ]; then
if [ $errors = 1 ]; then
echo
echo
echo "*******************************"
echo "* Warning: Some steps failed! *"
echo "*******************************"
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'partial' "$ps_endtime"
fi
exit 2;
elif [ $warnings = 1 ]; then
echo
echo
echo "**********************************************"
echo "* Warning: Some steps had critical warnings! *"
echo "**********************************************"
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'partial' "$ps_endtime"
#
# return success if we created a script to invoke the pgm and zipr is off.
#
if [ -f $protected_exe ]; then
if [ $errors = 1 ]; then
echo
echo
echo "*******************************"
echo "* Warning: Some steps failed! *"
echo "*******************************"
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'partial' "$ps_endtime"
fi
exit 2;
elif [ $warnings = 1 ]; then
echo
echo
echo "**********************************************"
echo "* Warning: Some steps had critical warnings! *"
echo "**********************************************"
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'partial' "$ps_endtime"
fi
exit 1;
else
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'success' "$ps_endtime"
fi
exit 0;
fi
exit 1;
else
echo "**************************************"
echo "*Error: failed to create output file!*"
echo "* Cannot protect this program. *"
echo "**************************************"
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'success' "$ps_endtime"
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'error' "$ps_endtime"
fi
exit 0;
exit 255;
fi
}
else
echo "**************************************"
echo "*Error: failed to create output file!*"
echo "* Cannot protect this program. *"
echo "**************************************"
if [ $record_stats -eq 1 ]; then
$PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'error' "$ps_endtime"
fi
exit 255;
fi
main "$@"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment