aboutsummaryrefslogtreecommitdiff
path: root/src/processor/exploitability_unittest.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/processor/exploitability_unittest.cc')
-rw-r--r--src/processor/exploitability_unittest.cc120
1 files changed, 120 insertions, 0 deletions
diff --git a/src/processor/exploitability_unittest.cc b/src/processor/exploitability_unittest.cc
index db7f1cb0..700f9e58 100644
--- a/src/processor/exploitability_unittest.cc
+++ b/src/processor/exploitability_unittest.cc
@@ -37,11 +37,41 @@
#include "google_breakpad/processor/basic_source_line_resolver.h"
#include "google_breakpad/processor/minidump_processor.h"
#include "google_breakpad/processor/process_state.h"
+#ifndef _WIN32
+#include "processor/exploitability_linux.h"
+#endif // _WIN32
#include "processor/simple_symbol_supplier.h"
+#ifndef _WIN32
+namespace google_breakpad {
+
+class ExploitabilityLinuxTest : public ExploitabilityLinux {
+ public:
+ using ExploitabilityLinux::DisassembleBytes;
+ using ExploitabilityLinux::TokenizeObjdumpInstruction;
+ using ExploitabilityLinux::CalculateAddress;
+};
+
+class ExploitabilityLinuxTestMinidumpContext : public MinidumpContext {
+ public:
+ explicit ExploitabilityLinuxTestMinidumpContext(
+ const MDRawContextAMD64& context) : MinidumpContext(NULL) {
+ valid_ = true;
+ SetContextAMD64(new MDRawContextAMD64(context));
+ SetContextFlags(MD_CONTEXT_AMD64);
+ }
+};
+
+} // namespace google_breakpad
+#endif // _WIN32
+
namespace {
using google_breakpad::BasicSourceLineResolver;
+#ifndef _WIN32
+using google_breakpad::ExploitabilityLinuxTest;
+using google_breakpad::ExploitabilityLinuxTestMinidumpContext;
+#endif // _WIN32
using google_breakpad::MinidumpProcessor;
using google_breakpad::ProcessState;
using google_breakpad::SimpleSymbolSupplier;
@@ -59,6 +89,7 @@ ExploitabilityFor(const string& filename) {
SimpleSymbolSupplier supplier(TestDataDir() + "/symbols");
BasicSourceLineResolver resolver;
MinidumpProcessor processor(&supplier, &resolver, true);
+ processor.set_enable_objdump(true);
ProcessState state;
string minidump_file = TestDataDir() + "/" + filename;
@@ -135,6 +166,95 @@ TEST(ExploitabilityTest, TestLinuxEngine) {
ExploitabilityFor("linux_executable_stack.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("linux_executable_heap.dmp"));
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
+ ExploitabilityFor("linux_jmp_to_module_not_exe_region.dmp"));
+#ifndef _WIN32
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
+ ExploitabilityFor("linux_write_to_nonwritable_module.dmp"));
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
+ ExploitabilityFor("linux_write_to_nonwritable_region_math.dmp"));
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
+ ExploitabilityFor("linux_write_to_outside_module.dmp"));
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
+ ExploitabilityFor("linux_write_to_outside_module_via_math.dmp"));
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
+ ExploitabilityFor("linux_write_to_under_4k.dmp"));
+#endif // _WIN32
+}
+
+#ifndef _WIN32
+TEST(ExploitabilityLinuxUtilsTest, DisassembleBytesTest) {
+ ASSERT_FALSE(ExploitabilityLinuxTest::DisassembleBytes("", NULL, 5, NULL));
+ uint8_t bytes[6] = {0xc7, 0x0, 0x5, 0x0, 0x0, 0x0};
+ char buffer[1024] = {0};
+ ASSERT_TRUE(ExploitabilityLinuxTest::DisassembleBytes("i386:x86-64",
+ bytes,
+ 1024,
+ buffer));
+ std::stringstream objdump_stream;
+ objdump_stream.str(string(buffer));
+ string line = "";
+ while ((line.find("0:") == string::npos) && getline(objdump_stream, line)) {
+ }
+ ASSERT_EQ(line, " 0:\tc7 00 05 00 00 00 \tmov DWORD PTR [rax],0x5");
+}
+TEST(ExploitabilityLinuxUtilsTest, TokenizeObjdumpInstructionTest) {
+ ASSERT_FALSE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction("",
+ NULL,
+ NULL,
+ NULL));
+ string line = "0: c7 00 05 00 00 00 mov DWORD PTR [rax],0x5";
+ string operation = "";
+ string dest = "";
+ string src = "";
+ ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
+ &operation,
+ &dest,
+ &src));
+ ASSERT_EQ(operation, "mov");
+ ASSERT_EQ(dest, "[rax]");
+ ASSERT_EQ(src, "0x5");
+ line = "0: c3 ret";
+ ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
+ &operation,
+ &dest,
+ &src));
+ ASSERT_EQ(operation, "ret");
+ ASSERT_EQ(dest, "");
+ ASSERT_EQ(src, "");
+ line = "0: 5f pop rdi";
+ ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
+ &operation,
+ &dest,
+ &src));
+ ASSERT_EQ(operation, "pop");
+ ASSERT_EQ(dest, "rdi");
+ ASSERT_EQ(src, "");
}
+
+TEST(ExploitabilityLinuxUtilsTest, CalculateAddressTest) {
+ MDRawContextAMD64 raw_context;
+ raw_context.rdx = 12345;
+ ExploitabilityLinuxTestMinidumpContext context(raw_context);
+ ASSERT_EQ(context.GetContextAMD64()->rdx, 12345);
+ ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("", context, NULL));
+ uint64_t write_address = 0;
+ ASSERT_TRUE(ExploitabilityLinuxTest::CalculateAddress("rdx-0x4D2",
+ context,
+ &write_address));
+ ASSERT_EQ(write_address, 11111);
+ ASSERT_TRUE(ExploitabilityLinuxTest::CalculateAddress("rdx+0x4D2",
+ context,
+ &write_address));
+ ASSERT_EQ(write_address, 13579);
+ ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("rdx+rax",
+ context,
+ &write_address));
+ ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("0x3482+0x4D2",
+ context,
+ &write_address));
}
+#endif // _WIN32
+
+} // namespace
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-18 13:06:10 +0000