diff options
author | user1 <user1@ubuntu> | 2017-04-04 04:41:17 +0000 |
---|---|---|
committer | user1 <user1@ubuntu> | 2017-04-04 04:41:17 +0000 |
commit | 30427d6c8d406dfe6d1abaa98f05cf0e667035b0 (patch) | |
tree | b41c4ae3238a05093917cc5517a643b993b787c0 | |
parent | these are a version of testFunc1.c/h translated to SaferCPlusPlus for (diff) | |
parent | added pointer declrefexpr tagging for safercpp (diff) | |
download | mutator-30427d6c8d406dfe6d1abaa98f05cf0e667035b0.tar.gz mutator-30427d6c8d406dfe6d1abaa98f05cf0e667035b0.zip |
Merge branch 'master' of https://github.com/bloodstalker/mutator.git
-rw-r--r-- | daemon/README.md | 19 | ||||
-rw-r--r-- | daemon/daemon_aux.c | 121 | ||||
-rw-r--r-- | daemon/mutatorclient.c | 4 | ||||
-rw-r--r-- | daemon/mutatord.c | 4 | ||||
-rw-r--r-- | daemon/mutatorserver.c | 6 | ||||
-rw-r--r-- | daemon/mutatorserver.h | 7 | ||||
-rw-r--r-- | makefile | 2 | ||||
-rw-r--r-- | mutator-lvl0.cpp | 146 |
8 files changed, 286 insertions, 23 deletions
diff --git a/daemon/README.md b/daemon/README.md index ba2a8f7..e9e2943 100644 --- a/daemon/README.md +++ b/daemon/README.md @@ -10,6 +10,7 @@ It's simple. The client sends a command to the server run by the daemon(`mutator The mutator client is a thin client which is also the whole point of all of this: Plugin.<br/> The daemon generates a log file in the `daemon` directory under root named `mutatordlog`.<br/> +The daemon will need to read some VARS from a config file that is generated by `make install` inside the daemon directory named `mutator.config`.<br/> ### How to use it? @@ -21,15 +22,25 @@ make all ``` -After that, run `mutatord` to start up the server and then run `mutatorclient` and send your commands.<br/> -The server passes the commands to `mutator.sh` to execute. For a list of available options you can run `mutator.sh -h` or just read the `README.md` in project root.<br/>A -I have yet to decide how to set a home path variable for mutator so you need to pass all adresses to the server as absolute paths since the daemon changes the directory to `/`.<br/> +Or just run that from the main makefile. After that, run `mutatord` to start up the server and then run `mutatorclient` and send your commands.<br/> +The server passes the commands to `mutator.sh` to execute. For a list of available options you can run `mutator.sh -h` or just read the `README.md` in project root.<br/> + +To run commands on the server, use normal mutator driver commands excluding the driver name:<br/> + +```bash + +-f /home/user1/mutator/samples/action_file.mutator + +``` + To kill the client and server(and also the daemon) just send `end_comm` as the command through the client.<br/> ## WARNING -Currently there are no checks on the commands sent to the server. The server uses `popen()` to run the commands so it will run any valid `sh` command it gets from `/` and the buffers are not exactly small either.<br/> +Currently there are some checks on the commands sent to the server. The server uses `popen()` to run the commands prefixed by the driver name, `mutator.sh`.<br/> +The server checks to see whether the command string is null-terminated and whether it contains `|` or `;`. Thats's all the checks it runs before running a command from the root directory.<br/> +The daemon will switch to the root directory as soon as it is run and the server will inherit the permissions that the daemon was ran by. There is no reason to run the daemon as sudo.<br/> ### Directory Content diff --git a/daemon/daemon_aux.c b/daemon/daemon_aux.c index ce47f37..00841de 100644 --- a/daemon/daemon_aux.c +++ b/daemon/daemon_aux.c @@ -23,10 +23,25 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* #if 1 #undef __DBG #endif + +#define __DBG_2 +#if 1 +#undef __DBG_2 +#endif + +#define CLEAN_UP() \ + do{\ + fclose(log_file);\ + fclose(mutator_config);\ + close(client_sock);\ + close(socket_desc);\ + }\ + while(0) /**********************************************************************************************************************/ /*inclusion directive*/ #include "daemon_aux.h" /*standard headers*/ +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -59,6 +74,7 @@ bool cleanser(char cleansee[]) return (cleansee_health && nullterminated); } + /**********************************************************************************************************************/ int mutator_server(FILE* log_file) { @@ -67,9 +83,14 @@ int mutator_server(FILE* log_file) char client_message[2000]; FILE* clientistream; + FILE* mutator_config; char runresponse[4000]; - char NOOUT[]="command did not return any output. could be an error or not.\n"; - char BADOUT[]="what are you exactly trying to do?"; + const char NOOUT[]="command did not return any output. could be an error or not.\n"; + const char BADOUT[]="what are you exactly trying to do?"; + const char STD_OUT[]="stdout returned:\n"; + const char EMPTY_CONFIG[]="error: empty config file.\n"; + const char NFOUND_CONFIG[]="error: cant find config file in the default path.\n"; + const char SERVER_TERM[]="server terminated.\n"; /*create socket*/ socket_desc = socket(AF_INET, SOCK_STREAM, 0); @@ -89,6 +110,7 @@ int mutator_server(FILE* log_file) /*Bind*/ if (bind(socket_desc, (struct sockaddr*)&server, sizeof(server)) < 0) { + close(socket_desc); perror("bind failed.error.\n"); return 1; } @@ -120,18 +142,104 @@ int mutator_server(FILE* log_file) fprintf(log_file, "%s", "got command from client.\n"); + mutator_config = fopen("/home/bloodstalker/devi/hell2/daemon/mutator.config", "r"); + + if (mutator_config == NULL) + { + write(client_sock, NFOUND_CONFIG, strlen(NFOUND_CONFIG)); + write(client_sock, SERVER_TERM, strlen(SERVER_TERM)); + fprintf(log_file, "%s", NFOUND_CONFIG); + fprintf(log_file, "%s%d%s", "fopen returned: ", errno, "\n"); + fprintf(log_file, "%s", SERVER_TERM); + + fclose(log_file); + close(client_sock); + close(socket_desc); + + return errno; + } + + char configline[100]; + const char delimiter[2]="="; + char* token_var; + const char mutator_home_var[]="MUTATOR_HOME"; + const char driver_name[] = "/mutator.sh "; + char* full_command; + char* temp; + char* dummy; + + /*checking for an empty config-file. could also mean the config file was not found.*/ + if(fgets(configline,sizeof(configline), mutator_config) == NULL) + { + write(client_sock, EMPTY_CONFIG, strlen(EMPTY_CONFIG)); + write(client_sock, SERVER_TERM, strlen(SERVER_TERM)); + fprintf(log_file, "%s", EMPTY_CONFIG); + fprintf(log_file, "%s", SERVER_TERM); + CLEAN_UP(); + /*@DEVI-return SIGPIPE*/ + return 141; + } + + rewind(mutator_config); + + while (fgets(configline,sizeof(configline), mutator_config) != NULL) + { + temp = strstr(configline, mutator_home_var); + + if (temp != NULL) + { + memmove(temp, configline + strlen(mutator_home_var) + 1, strlen(configline) - strlen(mutator_home_var) - 1); + + break; + } + } + + /*@DEVI-null-terminating temp*/ + temp[strlen(temp) - strlen(mutator_home_var) - 2] = '\0'; + /*@DEVI-checks whether the line-break char was also sent.if yes, then removes it.*/ + if (client_message[read_size - 1] == '\n') + { + client_message[read_size - 1] = '\0'; + } + + full_command = malloc(strlen(temp) + read_size + strlen(driver_name) + 1); + + strcpy(full_command,temp); + strcat(full_command, driver_name); + /*@DEVI-client_message is not null-terminated but strcat takes care of that.*/ + strcat(full_command, client_message); + +#if defined(__DBG_2) + fprintf(log_file, "%s%s%s", "temp is: ", temp, "\n"); + fprintf(log_file, "%s%s%s", "driver_name is: ",driver_name, "\n"); +#endif + fprintf(log_file, "%s%s%s", "full_command is: ", full_command, "\n"); + if (cleanser(client_message) == true) { +#ifndef __DBG + clientistream = popen(full_command, "r"); +#endif + +#if defined(__DBG) /*open pipe, run command*/ clientistream = popen(client_message, "r"); + //clientistream = popen(full_command, "r"); +#endif } else { fprintf(log_file, "%s", "what are you trying to do exactly?"); write(client_sock, BADOUT, strlen(BADOUT)); + free(full_command); + fclose(mutator_config); continue; } + fprintf(log_file, "%s", "freeing memory reserved for command.\n"); + free(full_command); + fclose(mutator_config); + if (clientistream == NULL) { perror("client command did not run successfully."); @@ -146,16 +254,21 @@ int mutator_server(FILE* log_file) if (fgets(runresponse, sizeof(runresponse), clientistream) == NULL) { /*say there was nothing on stdout to send.*/ + fprintf(log_file, "%s", "command returned no stdout.\n"); write(client_sock, NOOUT, strlen(NOOUT)); } + else + { + fprintf(log_file, "%s", "command returned stdout.\n"); + write(client_sock, STD_OUT, strlen(STD_OUT)); + } rewind(clientistream); while (fgets(runresponse, sizeof(runresponse), clientistream) != NULL) { #if defined(__DBG) - fscanf(log_file, "%s", "command stdout:"); - fscanf(log_file, "%s", runresponse); + fprintf(log_file, "%s", "command stdout:\n"); #endif write(client_sock, runresponse, strlen(runresponse)); fprintf(log_file, "%s", runresponse); diff --git a/daemon/mutatorclient.c b/daemon/mutatorclient.c index 2b61d96..1cbfd0a 100644 --- a/daemon/mutatorclient.c +++ b/daemon/mutatorclient.c @@ -97,14 +97,14 @@ int main(int argc, char *argv[]) fflush(stdin); #if defined(__DBG) - puts("checkpoint 1"); + puts("checkpoint 11"); #endif /*recieve a reply from the server*/ recvlength = recv(sock, server_reply, 2000, 0); #if defined(__DBG) - puts("checkpoint 2"); + puts("checkpoint 12"); #endif if (recvlength < 0) diff --git a/daemon/mutatord.c b/daemon/mutatord.c index a0496d3..a148686 100644 --- a/daemon/mutatord.c +++ b/daemon/mutatord.c @@ -20,7 +20,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* /**********************************************************************************************************************/ /*macros*/ #define __DBG -#if 0 +#if 1 #undef __DBG #endif /**********************************************************************************************************************/ @@ -140,6 +140,8 @@ int main(void) fclose(mut_log); }while(0); + return server_exit_code; + /*@DEVI-these obviously will never run. theyre just a reminder that i need to handle the gracefull shutdown*/ #if 0 fclose(mut_log); diff --git a/daemon/mutatorserver.c b/daemon/mutatorserver.c index 4450583..f233553 100644 --- a/daemon/mutatorserver.c +++ b/daemon/mutatorserver.c @@ -1,4 +1,10 @@ +/** @file mutatorserver.c*/ +/** + * @brief The test file for the server. Runs the server as a stand-alone. + */ + +/** @warning Deprecated*/ /***************************************************Project Mutator****************************************************/ /*first line intentionally left blank.*/ /*Copyright (C) 2017 Farzad Sadeghi diff --git a/daemon/mutatorserver.h b/daemon/mutatorserver.h index ce885e7..8585192 100644 --- a/daemon/mutatorserver.h +++ b/daemon/mutatorserver.h @@ -1,4 +1,11 @@ +/** @file mutatorserver.h*/ +/** + * @brief The header for the test file for the server. + */ + +/** @warning Deprecated*/ + /***************************************************Project Mutator****************************************************/ /*first line intentionally left blank.*/ /*Copyright (C) 2017 Farzad Sadeghi @@ -62,7 +62,7 @@ install: chmod +x ./extra-tools/ReportPrintPretty.sh chmod +x ./extra-tools/precommitTests.sh if [[ ! -d "./temp" ]]; then mkdir temp; fi - $(shell echo MUTATOR_HOME=$$(pwd) > mutator.config) + $(shell echo MUTATOR_HOME=$$(pwd) > ./daemon/mutator.config) help: @echo '- There is help.' diff --git a/mutator-lvl0.cpp b/mutator-lvl0.cpp index 7e388d4..42f0946 100644 --- a/mutator-lvl0.cpp +++ b/mutator-lvl0.cpp @@ -4125,16 +4125,44 @@ public: uint64_t ICETypeSize = ASTC->getTypeSize(CanonTypeDaddy); uint64_t ChildTypeSize = ASTC->getTypeSize(CanonTypeChild); - /* - bool ICETypeIsSignedInt = CanonTypeDaddy->getAsPlaceholderType()->isSignedInteger(); - bool ChildTypeIsSignedInt = CanonTypeChild->getAsPlaceholderType()->isSignedInteger(); - - bool ICETypeIsUSignedInt = CanonTypeDaddy->getAsPlaceholderType()->isUnsignedInteger(); - bool ChildTypeIsUSignedInt = CanonTypeChild->getAsPlaceholderType()->isUnsignedInteger(); - - if (CanonTypeDaddy->getAsPlaceholderType()->isInteger() && CanonTypeChild->getAsPlaceholderType()->isInteger()) - */ + bool ICETypeIsSignedInt = CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Long) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Int) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Short) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::SChar) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Char_S) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::LongLong) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Int128) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::WChar_S); + bool ChildTypeIsSignedInt = CanonTypeChild->isSpecificBuiltinType(BuiltinType::Kind::Long) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Int) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Short) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::SChar) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Char_S) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::LongLong) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Int128) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::WChar_S); + + bool ICETypeIsUSignedInt = CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::ULong) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UInt) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UShort) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UChar) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Char_U) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::ULongLong) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UInt128) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::WChar_U); + bool ChildTypeIsUSignedInt = CanonTypeChild->isSpecificBuiltinType(BuiltinType::Kind::ULong) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UInt) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UShort) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UChar) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::Char_U) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::ULongLong) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::UInt128) || \ + CanonTypeDaddy->isSpecificBuiltinType(BuiltinType::Kind::WChar_U); + + bool ICETypeIsInteger = ICETypeIsSignedInt || ICETypeIsUSignedInt; + bool ChildTypeIsInteger = ChildTypeIsSignedInt || ChildTypeIsUSignedInt; +#if 0 bool ICETypeIsSignedInt = false; bool ICETypeIsUSignedInt = false; bool ICETypeIsInteger = false; @@ -4158,6 +4186,7 @@ public: ChildTypeIsInteger = placeholderType->isInteger(); } } +#endif if (ICETypeIsInteger && ChildTypeIsInteger) { @@ -4919,7 +4948,16 @@ public: const clang::Type* CanonTP = ASTC->getCanonicalType(TP); - //bool TypeIsUSignedInt = CanonTP->getAsPlaceholderType()->isUnsignedInteger(); + bool TypeIsUSignedInt = CanonTP->isSpecificBuiltinType(BuiltinType::Kind::ULong) || \ + CanonTP->isSpecificBuiltinType(BuiltinType::Kind::UInt) || \ + CanonTP->isSpecificBuiltinType(BuiltinType::Kind::UShort) || \ + CanonTP->isSpecificBuiltinType(BuiltinType::Kind::UChar) || \ + CanonTP->isSpecificBuiltinType(BuiltinType::Kind::Char_U) || \ + CanonTP->isSpecificBuiltinType(BuiltinType::Kind::ULongLong) || \ + CanonTP->isSpecificBuiltinType(BuiltinType::Kind::UInt128) || \ + CanonTP->isSpecificBuiltinType(BuiltinType::Kind::WChar_U); + +#if 0 bool TypeIsUSignedInt = false; if (CanonTP) { auto placeholderType = CanonTP->getAsPlaceholderType(); @@ -4927,6 +4965,7 @@ public: TypeIsUSignedInt = placeholderType->isUnsignedInteger(); } } +#endif if (TypeIsUSignedInt) { @@ -5985,6 +6024,84 @@ class SFCPPARR02 : public MatchFinder::MatchCallback SFCPPARR02SUB SubHandler; }; /**********************************************************************************************************************/ +/** + * @brief The callback for the Safercpp pointer matchers. Matches the dedlarations. + */ +class SFCPPPNTR01 : public MatchFinder::MatchCallback +{ + public: + SFCPPPNTR01 (Rewriter &Rewrite) : Rewrite(Rewrite) {} + + virtual void run(const MatchFinder::MatchResult &MR) + { + if (MR.Nodes.getNodeAs<clang::VarDecl>("sfcpppntr01") != nullptr) + { + const VarDecl* VD = MR.Nodes.getNodeAs<clang::VarDecl>("sfcpppntr01"); + + SourceLocation SL = VD->clang::Decl::getLocStart(); + CheckSLValidity(SL); + SL = Devi::SourceLocationHasMacro(SL, Rewrite, "start"); + + if (Devi::IsTheMatchInSysHeader(CheckSystemHeader, MR, SL)) + { + return void(); + } + + if (!Devi::IsTheMatchInMainFile(MainFileOnly, MR, SL)) + { + return void(); + } + + std::cout << "SaferCPP02" << ":" << "Native pointer declared:" << SL.printToString(*MR.SourceManager) << ":" << std::endl; + + XMLDocOut.XMLAddNode(MR.Context, SL, "SaferCPP02", "Native pointer declared:"); + JSONDocOUT.JSONAddElement(MR.Context, SL, "SaferCPP02", "Native pointer declared:"); + } + } + + private: + Rewriter &Rewrite; +}; +/**********************************************************************************************************************/ +/** + * @brief The callback for the Safercpp pointer matchers. Matches the DeclRefExprs. + */ +class SFCPPPNTR02 : public MatchFinder::MatchCallback +{ + public: + SFCPPPNTR02 (Rewriter &Rewrite) : Rewrite(Rewrite) {} + + virtual void run(const MatchFinder::MatchResult &MR) + { + if (MR.Nodes.getNodeAs<clang::DeclRefExpr>("sfcpppntr02") != nullptr) + { + const DeclRefExpr* DRE = MR.Nodes.getNodeAs<clang::DeclRefExpr>("sfcpppntr02"); + + SourceLocation SL = DRE->getLocStart(); + CheckSLValidity(SL); + SL = Devi::SourceLocationHasMacro(SL, Rewrite, "start"); + + if (Devi::IsTheMatchInSysHeader(CheckSystemHeader, MR, SL)) + { + return void(); + } + + if (!Devi::IsTheMatchInMainFile(MainFileOnly, MR, SL)) + { + return void(); + } + + std::cout << "SaferCPP02" << ":" << "Native pointer used:" << SL.printToString(*MR.SourceManager) << ":" << std::endl; + + XMLDocOut.XMLAddNode(MR.Context, SL, "SaferCPP02", "Native pointer used:"); + JSONDocOUT.JSONAddElement(MR.Context, SL, "SaferCPP02", "Native pointer used:"); + } + } + + private: + Rewriter &Rewrite; +}; +/**********************************************************************************************************************/ /**********************************************************************************************************************/ /**********************************************************************************************************************/ /**********************************************************************************************************************/ @@ -7480,7 +7597,8 @@ public: HandlerForPointer1723(R), HandlerForPointer174(R), HandlerForPointer175(R), HandlerForTypes61(R), HandlerForSU181(R), \ HandlerForMCPTCCSTYLE(R), HandlerForATC101(R), HandlerForIdent51(R), HandlerForDCDF87(R), HandlerForDCDF88(R), HandlerForLangX23(R), \ HandlerForFunction167(R), HandlerForCF143(R), HandlerForExpr1212(R), HandlerForExpr1211(R), HandlerForAtc105(R), HandlerForCSE135(R), \ - HandlerForTypes612(R), HandlerForConst71(R), HandlerForIdent5X(R), HandlerForSFCPPARR01(R), HandlerForSFCPPARR02(R) { + HandlerForTypes612(R), HandlerForConst71(R), HandlerForIdent5X(R), HandlerForSFCPPARR01(R), HandlerForSFCPPARR02(R), \ + HandlerForSFCPPPNTR01(R), HandlerForSFCPPPNTR02(R) { /*@DEVI-disables all matchers*/ #if defined(_MUT0_DIS_MATCHERS) @@ -7748,6 +7866,10 @@ public: Matcher.addMatcher(declRefExpr(hasAncestor(binaryOperator(allOf(hasLHS(declRefExpr().bind("sfcpparrdeep")), hasRHS(hasDescendant(implicitCastExpr(hasCastKind(CK_ArrayToPointerDecay))))\ , hasOperatorName("="))))), &HandlerForSFCPPARR02); + + Matcher.addMatcher(varDecl(hasType(pointerType())).bind("sfcpppntr01"), &HandlerForSFCPPPNTR01); + + Matcher.addMatcher(declRefExpr(hasType(pointerType())).bind("sfcpppntr02"), &HandlerForSFCPPPNTR02); #endif } @@ -7827,6 +7949,8 @@ private: MCIdent5x HandlerForIdent5X; SFCPPARR01 HandlerForSFCPPARR01; SFCPPARR02 HandlerForSFCPPARR02; + SFCPPPNTR01 HandlerForSFCPPPNTR01; + SFCPPPNTR02 HandlerForSFCPPPNTR02; MatchFinder Matcher; }; /**********************************************************************************************************************/ |