Added ldap interception layer test

Former-commit-id: 29b53f12f6de81091d81aedb002dc6e0775ee573

.gitattributes

@@ -108,6 +108,12 @@ appfw/src/xq_hook.cpp -text
 appfw/src/xq_parser.cpp -text
 appfw/src/xqfw.c -text
 appfw/src/xqfw.h -text
+appfw/tests/ldap/Makefile -text
+appfw/tests/ldap/ldap.intercept.test.sh -text
+appfw/tests/ldap/testldapintercept.c -text
+appfw/tests/ldap/testldapintercept2.c -text
+appfw/tests/ldap/testldapintercept3.c -text
+appfw/tests/ldap/testldapintercept4.c -text
 appfw/tests/ministry/Makefile -text
 appfw/tests/ministry/httpparse.c -text
 appfw/tests/ministry/oscommand.c -text

appfw/tests/ldap/Makefile

+APPFW_LIB=$(SECURITY_TRANSFORMS_HOME)/appfw/lib/libappfw.so
+generate_signatures=$(PEASOUP_HOME)/tools/generate_string_signatures.sh
+
+all: testldapintercept.exe testldapintercept2.exe testldapintercept3.exe testldapintercept4.exe
+
+testldapintercept.o: testldapintercept.c
+	gcc -c testldapintercept.c
+
+testldapintercept.exe: testldapintercept.o
+	gcc testldapintercept.o -o testldapintercept.exe -lldap
+	$(generate_signatures) testldapintercept.exe
+
+testldapintercept2.o: testldapintercept2.c
+	gcc -c testldapintercept2.c
+
+testldapintercept2.exe: testldapintercept2.o
+	gcc testldapintercept2.o -o testldapintercept2.exe -lldap
+	$(generate_signatures) testldapintercept2.exe
+
+testldapintercept3.o: testldapintercept3.c
+	gcc -c testldapintercept3.c
+
+testldapintercept3.exe: testldapintercept3.o
+	gcc testldapintercept3.o -o testldapintercept3.exe -lldap
+	$(generate_signatures) testldapintercept3.exe
+
+testldapintercept4.o: testldapintercept4.c
+	gcc -c testldapintercept4.c
+
+testldapintercept4.exe: testldapintercept4.o
+	gcc testldapintercept4.o -o testldapintercept4.exe -lldap
+	$(generate_signatures) testldapintercept4.exe
+
+clean:
+	rm -rf *.o *.tmp *.exe peasoup_executable_directory* test*.peasoup messages_to_tne.log ps_tne_logfile.txt appfw.db *.sigs
+
+peasoup: all
+	$(PEASOUP_HOME)/tools/ps_analyze.sh testldapintercept.exe testldapintercept.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off
+	
+run: all
+	APPFW_VERBOSE=1 LDAP_DATA="hacker)(|(objectclass=*)" LD_PRELOAD=$(APPFW_LIB) APPFW_DB=appfw.db APPFW_SIGNATURE_FILE=testldapintercept.exe.sigs ./testldapintercept.exe; APPFW_VERBOSE=1 LDAP_DATA="hacker)(|(objectclass=*)" LD_PRELOAD=$(APPFW_LIB) APPFW_DB=appfw.db APPFW_SIGNATURE_FILE=testldapintercept.exe.sigs ./testldapintercept2.exe; APPFW_VERBOSE=1 LDAP_DATA="hacker)(|(objectclass=*)" LD_PRELOAD=$(APPFW_LIB) APPFW_DB=appfw.db APPFW_SIGNATURE_FILE=testldapintercept.exe.sigs ./testldapintercept3.exe; APPFW_VERBOSE=1 LDAP_DATA="hacker)(|(objectclass=*)" LD_PRELOAD=$(APPFW_LIB) APPFW_DB=appfw.db APPFW_SIGNATURE_FILE=testldapintercept.exe.sigs ./testldapintercept4.exe 

appfw/tests/ldap/ldap.intercept.test.sh

+#!/bin/sh -x
+
+# Assumptions:
+# 	$1 is the full pathname to output file
+
+# For PEASOUP, Required XML fields are
+# name - name of the test
+# host - name of the host where the test was run
+# project - project name
+# date_time - date time in specific format date +%FT%R:%S
+# key_value pairs, any number
+#   may include result, user, host platform, build platform
+
+# Fixed attributes
+# ATTRIBUTE ModDep=strata
+# ATTRIBUTE ModDep=diablo_toolchain
+# ATTRIBUTE ModDep=stratafier
+# ATTRIBUTE ModDep=idapro61
+# ATTRIBUTE ModDep=idapro61_sdk
+# ATTRIBUTE TestsWhat=lang_C
+# ATTRIBUTE TestsWhat=strata
+# ATTRIBUTE TestsWhat=commandinjection
+# ATTRIBUTE OS=linux
+# ATTRIBUTE Compiler=gcc
+# ATTRIBUTE Arch=x86_32
+# ATTRIBUTE TestName=ldap_interception
+# ATTRIBUTE BenchmarkName=TandE
+# ATTRIBUTE CompilerFlags="-w"
+
+COMPFLAGS="-w"
+
+PWD=`pwd`
+TESTLOC="${PWD}"
+tmp=$$.tmp
+
+outfile=$1
+
+cleanup()
+{
+	exit_code=$1
+	shift
+	msg=$*
+
+	if [ $exit_code -eq 0 ]; then 
+		report_test_success $outfile "$msg"
+	else
+		report_test_failure $outfile "Intermediate step failed, exit code is $exit_code, msg='$msg'"
+	fi
+
+	cd $TESTLOC
+	rm -f $tmp 2>/dev/null
+	make clean
+	cd -
+
+ 	rm -f $tmp
+	exit $exit_code
+}
+
+# suck in utils
+. ${TEST_HARNESS_HOME}/test_utils.sh || cleanup 1 "Cannot source utils file"
+
+assert_test_args $*
+assert_test_env $outfile STRATAFIER STRATA TOOLCHAIN IDAROOT IDASDK PEASOUP_HOME SECURITY_TRANSFORMS_HOME
+
+# path to source
+cd $TESTLOC
+make clean all
+if [ ! $? -eq 0 ]; then
+	cleanup 1 "Failed to build mysql intercept tests"
+fi
+
+make run 2>$tmp >/dev/null
+
+num_detected=$(grep -i detected $tmp | wc -l)
+echo "Detected $num_detected violations"
+if [ ! $num_detected -eq 8 ]; then
+	cleanup 1 "Failed to intercept and/or detect security violation"
+fi
+
+cleanup 0 "Successfully tested ldap interception layer"

appfw/tests/ldap/testldapintercept.c

+// Test LDAP interception layer
+
+#include <stdio.h>
+#include <ldap.h>
+
+int main(int argc, char **argv)
+{
+	LDAP *ld = NULL;
+	char *filter_data = getenv("LDAP_DATA");
+	char base[1024];
+	int scope = LDAP_SCOPE_BASE;
+	char filter[1024];
+	int attrsonly = 0;
+
+	sprintf(base,"virginia.edu"); // this doesn't really matter
+	sprintf(filter,"(cn=%s)", filter_data);
+
+	if (ldap_search(ld,base,scope,filter,NULL,attrsonly) == -1)
+		fprintf(stderr,"(1) ldap_search returned an error\n");
+
+	if (ldap_search_ext(ld,base,scope,filter,NULL,attrsonly,NULL,NULL,NULL,25,NULL) == -1)
+		fprintf(stderr,"(2) ldap_search returned an error\n");
+
+	if (ldap_search_ext_s(ld,base,scope,filter,NULL,attrsonly,NULL,NULL,NULL,25,NULL) == -1)
+		fprintf(stderr,"(3) ldap_search returned an error\n");
+
+	if (ldap_search_s(ld,base,scope,filter,NULL,attrsonly,NULL) == -1)
+		fprintf(stderr,"(1) ldap_search returned an error\n");
+
+}

appfw/tests/ldap/testldapintercept2.c

+// Test LDAP interception layer
+
+#include <stdio.h>
+#include <ldap.h>
+
+int main(int argc, char **argv)
+{
+	LDAP *ld = NULL;
+	char *filter_data = getenv("LDAP_DATA");
+	char base[1024];
+	int scope = LDAP_SCOPE_BASE;
+	char filter[1024];
+	int attrsonly = 0;
+
+	sprintf(base,"virginia.edu"); // this doesn't really matter
+	sprintf(filter,"(cn=%s)", filter_data);
+
+	if (ldap_search_ext(ld,base,scope,filter,NULL,attrsonly,NULL,NULL,NULL,25,NULL) == -1)
+		fprintf(stderr,"(2) ldap_search returned an error\n");
+}

appfw/tests/ldap/testldapintercept3.c

+// Test LDAP interception layer
+
+#include <stdio.h>
+#include <ldap.h>
+
+int main(int argc, char **argv)
+{
+	LDAP *ld = NULL;
+	char *filter_data = getenv("LDAP_DATA");
+	char base[1024];
+	int scope = LDAP_SCOPE_BASE;
+	char filter[1024];
+	int attrsonly = 0;
+
+	sprintf(base,"virginia.edu"); // this doesn't really matter
+	sprintf(filter,"(cn=%s)", filter_data);
+
+	if (ldap_search_ext_s(ld,base,scope,filter,NULL,attrsonly,NULL,NULL,NULL,25,NULL) == -1)
+		fprintf(stderr,"(3) ldap_search returned an error\n");
+}

appfw/tests/ldap/testldapintercept4.c

+// Test LDAP interception layer
+
+#include <stdio.h>
+#include <ldap.h>
+
+int main(int argc, char **argv)
+{
+	LDAP *ld = NULL;
+	char *filter_data = getenv("LDAP_DATA");
+	char base[1024];
+	int scope = LDAP_SCOPE_BASE;
+	char filter[1024];
+	int attrsonly = 0;
+
+	sprintf(base,"virginia.edu"); // this doesn't really matter
+	sprintf(filter,"(cn=%s)", filter_data);
+
+	if (ldap_search_s(ld,base,scope,filter,NULL,attrsonly,NULL) == -1)
+		fprintf(stderr,"(1) ldap_search returned an error\n");
+}