kbruen/gaulthiergain-tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve the static analyser part

Browse source 
Signed-off-by: Gaulthier Gain <gaulthier.gain@uliege.be>
This commit is contained in:
Gaulthier Gain 2021-05-18 10:47:01 +02:00
parent 14ccfb0426
commit 4425c80017
6 changed files with 361 additions and 333 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
srcs/common/data.go
View file

@ -16,13 +16,13 @@ type Data struct {
type StaticData struct { type StaticData struct {
Dependencies map[string][]string `json:"dependencies"` Dependencies map[string][]string `json:"dependencies"`
SharedLibs map[string][]string `json:"shared_libs"` SharedLibs map[string][]string `json:"shared_libs"`
SystemCalls map[string]string `json:"system_calls"` SystemCalls map[string]int `json:"system_calls"`
Symbols map[string]string `json:"symbols"` Symbols map[string]string `json:"symbols"`
} }
// Exported struct that represents data for dynamic dependency analysis. // Exported struct that represents data for dynamic dependency analysis.
type DynamicData struct { type DynamicData struct {
SharedLibs map[string][]string `json:"shared_libs"` SharedLibs map[string][]string `json:"shared_libs"`
SystemCalls map[string]string `json:"system_calls"` SystemCalls map[string]int `json:"system_calls"`
Symbols map[string]string `json:"symbols"` Symbols map[string]string `json:"symbols"`
} }

6
srcs/dependtool/dynamic_analyser.go
View file

@ -83,9 +83,9 @@ func gatherDataAux(command, programPath, programName, option string,
ret := false ret := false
if command == systrace { if command == systrace {
ret = parseTrace(errStr, data.SystemCalls) ret = parseStrace(errStr, data.SystemCalls)
} else { } else {
ret = parseTrace(errStr, data.Symbols) ret = parseFtrace(errStr, data.Symbols)
} }
return ret return ret
} }
@ -206,7 +206,7 @@ func dynamicAnalyser(args *u.Arguments, data *u.Data, programPath string) {
// Init dynamic data // Init dynamic data
dynamicData := &data.DynamicData dynamicData := &data.DynamicData
dynamicData.SharedLibs = make(map[string][]string) dynamicData.SharedLibs = make(map[string][]string)
dynamicData.SystemCalls = make(map[string]string) dynamicData.SystemCalls = make(map[string]int)
dynamicData.Symbols = make(map[string]string) dynamicData.Symbols = make(map[string]string)
// Run strace // Run strace

47
srcs/dependtool/parser.go
View file

@ -62,7 +62,7 @@ func parseNMMac(output string, data *u.StaticData) {
// Add to system calls map if symbol is a system call // Add to system calls map if symbol is a system call
if _, isSyscall := systemCalls[match[2]]; isSyscall { if _, isSyscall := systemCalls[match[2]]; isSyscall {
data.SystemCalls[match[2]] = "" data.SystemCalls[match[2]] = systemCalls[match[2]]
} else { } else {
data.Symbols[match[2]] = "" data.Symbols[match[2]] = ""
} }
@ -76,11 +76,11 @@ func parseNMLinux(output string, data *u.StaticData) {
systemCalls := initSystemCalls() systemCalls := initSystemCalls()
// Check the output of 'nm' command // Check the output of 'nm' command
var re = regexp.MustCompile(`(?m)([U|T|B|D]\s)(.*)\s*`) var re = regexp.MustCompile(`(?m)([U|u|T|t|w|W]\s)(.*)\s*`)
for _, match := range re.FindAllStringSubmatch(output, -1) { for _, match := range re.FindAllStringSubmatch(output, -1) {
// Add to system calls map if symbol is a system call // Add to system calls map if symbol is a system call
if _, isSyscall := systemCalls[match[2]]; isSyscall { if _, isSyscall := systemCalls[match[2]]; isSyscall {
data.SystemCalls[match[2]] = "" data.SystemCalls[match[2]] = systemCalls[match[2]]
} else { } else {
data.Symbols[match[2]] = "" data.Symbols[match[2]] = ""
} }
@ -208,7 +208,7 @@ func parseLDD(output string, data map[string][]string, lddMap map[string][]strin
lib, path := words[0], words[1] lib, path := words[0], words[1]
// Execute ldd only if fullDeps mode is set // Execute ldd only if fullDeps mode is set
if fullDeps { if fullDeps && strings.HasPrefix(path, "/") {
rd := recursiveData{ rd := recursiveData{
data: data, data: data,
glMap: lddMap, glMap: lddMap,
@ -221,7 +221,12 @@ func parseLDD(output string, data map[string][]string, lddMap map[string][]strin
listLdd = append(listLdd, lib) listLdd = append(listLdd, lib)
parseRecursive(rd) parseRecursive(rd)
} else { } else {
data[lib] = nil // Associate the path if it exists
if strings.Contains(path, ".so"){
data[lib] = []string{path}
}else{
data[lib] = nil
}
} }
} }
} }
@ -269,12 +274,10 @@ func detectPermissionDenied(str string) bool {
} }
return false return false
} }
// parseTrace parses the output of the 'ftrace' command.
// parseTrace parses the output of the '(s)|(f)trace' command.
// //
// It returns true if command must be run with sudo, otherwise false. // It returns true if command must be run with sudo, otherwise false.
func parseTrace(output string, data map[string]string) bool { func parseFtrace(output string, data map[string]string) bool {
var re = regexp.MustCompile(`([a-zA-Z_0-9@/-]+?)\((.*)`) var re = regexp.MustCompile(`([a-zA-Z_0-9@/-]+?)\((.*)`)
for _, match := range re.FindAllStringSubmatch(output, -1) { for _, match := range re.FindAllStringSubmatch(output, -1) {
if len(match) > 1 { if len(match) > 1 {
@ -291,6 +294,32 @@ func parseTrace(output string, data map[string]string) bool {
return false return false
} }
// parseTrace parses the output of the '(s)|(f)trace' command.
//
// It returns true if command must be run with sudo, otherwise false.
func parseStrace(output string, data map[string]int) bool {
systemCalls := initSystemCalls()
var re = regexp.MustCompile(`([a-zA-Z_0-9@/-]+?)\((.*)`)
for _, match := range re.FindAllStringSubmatch(output, -1) {
if len(match) > 1 {
// Detect if Permission denied is thrown
detected := detectPermissionDenied(match[2])
if detected {
// Command must be run with sudo
return true
}
// Add symbol to map
if _, isSyscall := systemCalls[match[1]]; isSyscall {
data[match[1]] = systemCalls[match[1]]
}else{
data[match[1]] = -1
}
}
}
return false
}
// parseLsof parses the output of the 'lsof' command. // parseLsof parses the output of the 'lsof' command.
// //
// It returns an error if any, otherwise it returns nil. // It returns an error if any, otherwise it returns nil.

1
srcs/dependtool/run_deptool.go
View file

@ -56,7 +56,6 @@ func RunAnalyserTool(homeDir string, data *u.Data) {
runStaticAnalyser(args, programName, programPath, outFolder, data) runStaticAnalyser(args, programName, programPath, outFolder, data)
// Run dynamic analyser // Run dynamic analyser
if strings.ToLower(runtime.GOOS) == "linux" { if strings.ToLower(runtime.GOOS) == "linux" {
u.PrintHeader1("(1.2) RUN DYNAMIC ANALYSIS") u.PrintHeader1("(1.2) RUN DYNAMIC ANALYSIS")
runDynamicAnalyser(args, programName, programPath, outFolder, data) runDynamicAnalyser(args, programName, programPath, outFolder, data)

2
srcs/dependtool/static_analyser.go
View file

@ -190,7 +190,7 @@ func staticAnalyser(args u.Arguments, data *u.Data, programPath string) {
// Init symbols members // Init symbols members
staticData.Symbols = make(map[string]string) staticData.Symbols = make(map[string]string)
staticData.SystemCalls = make(map[string]string) staticData.SystemCalls = make(map[string]int)
staticData.SharedLibs = make(map[string][]string) staticData.SharedLibs = make(map[string][]string)
if strings.ToLower(runtime.GOOS) == "linux" { if strings.ToLower(runtime.GOOS) == "linux" {

634
srcs/dependtool/system_calls.go
View file

@ -9,322 +9,322 @@ package dependtool
// InitSystemCalls initialises all Linux system calls. // InitSystemCalls initialises all Linux system calls.
// //
// It returns a map of all system calls. // It returns a map of all system calls.
func initSystemCalls() map[string]*string { func initSystemCalls() map[string]int {
return map[string]*string{ return map[string]int{
"read": nil, "read": 0,
"write": nil, "write": 1,
"open": nil, "open": 2,
"close": nil, "close": 3,
"stat": nil, "stat": 4,
"fstat": nil, "fstat": 5,
"lstat": nil, "lstat": 6,
"poll": nil, "poll": 7,
"lseek": nil, "lseek": 8,
"mmap": nil, "mmap": 9,
"mprotect": nil, "mprotect": 10,
"munmap": nil, "munmap": 11,
"brk": nil, "brk": 12,
"rt_sigaction": nil, "rt_sigaction": 13,
"rt_sigprocmask": nil, "rt_sigprocmask": 14,
"rt_sigreturn": nil, "rt_sigreturn": 15,
"ioctl": nil, "ioctl": 16,
"pread64": nil, "pread64": 17,
"pwrite64": nil, "pwrite64": 18,
"readv": nil, "readv": 19,
"writev": nil, "writev": 20,
"access": nil, "access": 21,
"pipe": nil, "pipe": 22,
"select": nil, "select": 23,
"sched_yield": nil, "sched_yield": 24,
"mremap": nil, "mremap": 25,
"msync": nil, "msync": 26,
"mincore": nil, "mincore": 27,
"madvise": nil, "madvise": 28,
"shmget": nil, "shmget": 29,
"shmat": nil, "shmat": 30,
"shmctl": nil, "shmctl": 31,
"dup": nil, "dup": 32,
"dup2": nil, "dup2": 33,
"pause": nil, "pause": 34,
"nanosleep": nil, "nanosleep": 35,
"getitimer": nil, "getitimer": 36,
"alarm": nil, "alarm": 37,
"setitimer": nil, "setitimer": 38,
"getpid": nil, "getpid": 39,
"sendfile": nil, "sendfile": 40,
"socket": nil, "socket": 41,
"connect": nil, "connect": 42,
"accept": nil, "accept": 43,
"sendto": nil, "sendto": 44,
"recvfrom": nil, "recvfrom": 45,
"sendmsg": nil, "sendmsg": 46,
"recvmsg": nil, "recvmsg": 47,
"shutdown": nil, "shutdown": 48,
"bind": nil, "bind": 49,
"listen": nil, "listen": 50,
"getsockname": nil, "getsockname": 51,
"getpeername": nil, "getpeername": 52,
"socketpair": nil, "socketpair": 53,
"setsockopt": nil, "setsockopt": 54,
"getsockopt": nil, "getsockopt": 55,
"clone": nil, "clone": 56,
"fork": nil, "fork": 57,
"vfork": nil, "vfork": 58,
"execve": nil, "execve": 59,
"exit": nil, "exit": 60,
"wait4": nil, "wait4": 61,
"kill": nil, "kill": 62,
"uname": nil, "uname": 63,
"semget": nil, "semget": 64,
"semop": nil, "semop": 65,
"semctl": nil, "semctl": 66,
"shmdt": nil, "shmdt": 67,
"msgget": nil, "msgget": 68,
"msgsnd": nil, "msgsnd": 69,
"msgrcv": nil, "msgrcv": 70,
"msgctl": nil, "msgctl": 71,
"fcntl": nil, "fcntl": 72,
"flock": nil, "flock": 73,
"fsync": nil, "fsync": 74,
"fdatasync": nil, "fdatasync": 75,
"truncate": nil, "truncate": 76,
"ftruncate": nil, "ftruncate": 77,
"getdents": nil, "getdents": 78,
"getcwd": nil, "getcwd": 79,
"chdir": nil, "chdir": 80,
"fchdir": nil, "fchdir": 81,
"rename": nil, "rename": 82,
"mkdir": nil, "mkdir": 83,
"rmdir": nil, "rmdir": 84,
"creat": nil, "creat": 85,
"link": nil, "link": 86,
"unlink": nil, "unlink": 87,
"symlink": nil, "symlink": 88,
"readlink": nil, "readlink": 89,
"chmod": nil, "chmod": 90,
"fchmod": nil, "fchmod": 91,
"chown": nil, "chown": 92,
"fchown": nil, "fchown": 93,
"lchown": nil, "lchown": 94,
"umask": nil, "umask": 95,
"gettimeofday": nil, "gettimeofday": 96,
"getrlimit": nil, "getrlimit": 97,
"getrusage": nil, "getrusage": 98,
"sysinfo": nil, "sysinfo": 99,
"times": nil, "times": 100,
"ptrace": nil, "ptrace": 101,
"getuid": nil, "getuid": 102,
"syslog": nil, "syslog": 103,
"getgid": nil, "getgid": 104,
"setuid": nil, "setuid": 105,
"setgid": nil, "setgid": 106,
"geteuid": nil, "geteuid": 107,
"getegid": nil, "getegid": 108,
"setpgid": nil, "setpgid": 109,
"getppid": nil, "getppid": 110,
"getpgrp": nil, "getpgrp": 111,
"setsid": nil, "setsid": 112,
"setreuid": nil, "setreuid": 113,
"setregid": nil, "setregid": 114,
"getgroups": nil, "getgroups": 115,
"setgroups": nil, "setgroups": 116,
"setresuid": nil, "setresuid": 117,
"getresuid": nil, "getresuid": 118,
"setresgid": nil, "setresgid": 119,
"getresgid": nil, "getresgid": 120,
"getpgid": nil, "getpgid": 121,
"setfsuid": nil, "setfsuid": 122,
"setfsgid": nil, "setfsgid": 123,
"getsid": nil, "getsid": 124,
"capget": nil, "capget": 125,
"capset": nil, "capset": 126,
"rt_sigpending": nil, "rt_sigpending": 127,
"rt_sigtimedwait": nil, "rt_sigtimedwait": 128,
"rt_sigqueueinfo": nil, "rt_sigqueueinfo": 129,
"rt_sigsuspend": nil, "rt_sigsuspend": 130,
"sigaltstack": nil, "sigaltstack": 131,
"utime": nil, "utime": 132,
"mknod": nil, "mknod": 133,
"uselib": nil, "uselib": 134,
"personality": nil, "personality": 135,
"ustat": nil, "ustat": 136,
"statfs": nil, "statfs": 137,
"fstatfs": nil, "fstatfs": 138,
"sysfs": nil, "sysfs": 139,
"getpriority": nil, "getpriority": 140,
"setpriority": nil, "setpriority": 141,
"sched_setparam": nil, "sched_setparam": 142,
"sched_getparam": nil, "sched_getparam": 143,
"sched_setscheduler": nil, "sched_setscheduler": 144,
"sched_getscheduler": nil, "sched_getscheduler": 145,
"sched_get_priority_max": nil, "sched_get_priority_max": 146,
"sched_get_priority_min": nil, "sched_get_priority_min": 147,
"sched_rr_get_interval": nil, "sched_rr_get_interval": 148,
"mlock": nil, "mlock": 149,
"munlock": nil, "munlock": 150,
"mlockall": nil, "mlockall": 151,
"munlockall": nil, "munlockall": 152,
"vhangup": nil, "vhangup": 153,
"modify_ldt": nil, "modify_ldt": 154,
"pivot_root": nil, "pivot_root": 155,
"_sysctl": nil, "_sysctl": 156,
"prctl": nil, "prctl": 157,
"arch_prctl": nil, "arch_prctl": 158,
"adjtimex": nil, "adjtimex": 159,
"setrlimit": nil, "setrlimit": 160,
"chroot": nil, "chroot": 161,
"sync": nil, "sync": 162,
"acct": nil, "acct": 163,
"settimeofday": nil, "settimeofday": 164,
"mount": nil, "mount": 165,
"umount2": nil, "umount2": 166,
"swapon": nil, "swapon": 167,
"swapoff": nil, "swapoff": 168,
"reboot": nil, "reboot": 169,
"sethostname": nil, "sethostname": 170,
"setdomainname": nil, "setdomainname": 171,
"iopl": nil, "iopl": 172,
"ioperm": nil, "ioperm": 173,
"create_module": nil, "create_module": 174,
"init_module": nil, "init_module": 175,
"delete_module": nil, "delete_module": 176,
"get_kernel_syms": nil, "get_kernel_syms": 177,
"query_module": nil, "query_module": 178,
"quotactl": nil, "quotactl": 179,
"nfsservctl": nil, "nfsservctl": 180,
"getpmsg": nil, "getpmsg": 181,
"putpmsg": nil, "putpmsg": 182,
"afs_syscall": nil, "afs_syscall": 183,
"tuxcall": nil, "tuxcall": 184,
"security": nil, "security": 185,
"gettid": nil, "gettid": 186,
"readahead": nil, "readahead": 187,
"setxattr": nil, "setxattr": 188,
"lsetxattr": nil, "lsetxattr": 189,
"fsetxattr": nil, "fsetxattr": 190,
"getxattr": nil, "getxattr": 191,
"lgetxattr": nil, "lgetxattr": 192,
"fgetxattr": nil, "fgetxattr": 193,
"listxattr": nil, "listxattr": 194,
"llistxattr": nil, "llistxattr": 195,
"flistxattr": nil, "flistxattr": 196,
"removexattr": nil, "removexattr": 197,
"lremovexattr": nil, "lremovexattr": 198,
"fremovexattr": nil, "fremovexattr": 199,
"tkill": nil, "tkill": 200,
"time": nil, "time": 201,
"futex": nil, "futex": 202,
"sched_setaffinity": nil, "sched_setaffinity": 203,
"sched_getaffinity": nil, "sched_getaffinity": 204,
"set_thread_area": nil, "set_thread_area": 205,
"io_setup": nil, "io_setup": 206,
"io_destroy": nil, "io_destroy": 207,
"io_getevents": nil, "io_getevents": 208,
"io_submit": nil, "io_submit": 209,
"io_cancel": nil, "io_cancel": 210,
"get_thread_area": nil, "get_thread_area": 211,
"lookup_dcookie": nil, "lookup_dcookie": 212,
"epoll_create": nil, "epoll_create": 213,
"epoll_ctl_old": nil, "epoll_ctl_old": 214,
"epoll_wait_old": nil, "epoll_wait_old": 215,
"remap_file_pages": nil, "remap_file_pages": 216,
"getdents64": nil, "getdents64": 217,
"set_tid_address": nil, "set_tid_address": 218,
"restart_syscall": nil, "restart_syscall": 219,
"semtimedop": nil, "semtimedop": 220,
"fadvise64": nil, "fadvise64": 221,
"timer_create": nil, "timer_create": 222,
"timer_settime": nil, "timer_settime": 223,
"timer_gettime": nil, "timer_gettime": 224,
"timer_getoverrun": nil, "timer_getoverrun": 225,
"timer_delete": nil, "timer_delete": 226,
"clock_settime": nil, "clock_settime": 227,
"clock_gettime": nil, "clock_gettime": 228,
"clock_getres": nil, "clock_getres": 229,
"clock_nanosleep": nil, "clock_nanosleep": 230,
"exit_group": nil, "exit_group": 231,
"epoll_wait": nil, "epoll_wait": 232,
"epoll_ctl": nil, "epoll_ctl": 233,
"tgkill": nil, "tgkill": 234,
"utimes": nil, "utimes": 235,
"vserver": nil, "vserver": 236,
"mbind": nil, "mbind": 237,
"set_mempolicy": nil, "set_mempolicy": 238,
"get_mempolicy": nil, "get_mempolicy": 239,
"mq_open": nil, "mq_open": 240,
"mq_unlink": nil, "mq_unlink": 241,
"mq_timedsend": nil, "mq_timedsend": 242,
"mq_timedreceive": nil, "mq_timedreceive": 243,
"mq_notify": nil, "mq_notify": 244,
"mq_getsetattr": nil, "mq_getsetattr": 245,
"kexec_load": nil, "kexec_load": 246,
"waitid": nil, "waitid": 247,
"add_key": nil, "add_key": 248,
"request_key": nil, "request_key": 249,
"keyctl": nil, "keyctl": 250,
"ioprio_set": nil, "ioprio_set": 251,
"ioprio_get": nil, "ioprio_get": 252,
"inotify_init": nil, "inotify_init": 253,
"inotify_add_watch": nil, "inotify_add_watch": 254,
"inotify_rm_watch": nil, "inotify_rm_watch": 255,
"migrate_pages": nil, "migrate_pages": 256,
"openat": nil, "openat": 257,
"mkdirat": nil, "mkdirat": 258,
"mknodat": nil, "mknodat": 259,
"fchownat": nil, "fchownat": 260,
"futimesat": nil, "futimesat": 261,
"newfstatat": nil, "newfstatat": 262,
"unlinkat": nil, "unlinkat": 263,
"renameat": nil, "renameat": 264,
"linkat": nil, "linkat": 265,
"symlinkat": nil, "symlinkat": 266,
"readlinkat": nil, "readlinkat": 267,
"fchmodat": nil, "fchmodat": 268,
"faccessat": nil, "faccessat": 269,
"pselect6": nil, "pselect6": 270,
"ppoll": nil, "ppoll": 271,
"unshare": nil, "unshare": 272,
"set_robust_list": nil, "set_robust_list": 273,
"get_robust_list": nil, "get_robust_list": 274,
"splice": nil, "splice": 275,
"tee": nil, "tee": 276,
"sync_file_range": nil, "sync_file_range": 277,
"vmsplice": nil, "vmsplice": 278,
"move_pages": nil, "move_pages": 279,
"utimensat": nil, "utimensat": 280,
"epoll_pwait": nil, "epoll_pwait": 281,
"signalfd": nil, "signalfd": 282,
"timerfd_create": nil, "timerfd_create": 283,
"eventfd": nil, "eventfd": 284,
"fallocate": nil, "fallocate": 285,
"timerfd_settime": nil, "timerfd_settime": 286,
"timerfd_gettime": nil, "timerfd_gettime": 287,
"accept4": nil, "accept4": 288,
"signalfd4": nil, "signalfd4": 289,
"eventfd2": nil, "eventfd2": 290,
"epoll_create1": nil, "epoll_create1": 291,
"dup3": nil, "dup3": 292,
"pipe2": nil, "pipe2": 293,
"inotify_init1": nil, "inotify_init1": 294,
"preadv": nil, "preadv": 295,
"pwritev": nil, "pwritev": 296,
"rt_tgsigqueueinfo": nil, "rt_tgsigqueueinfo": 297,
"perf_event_open": nil, "perf_event_open": 298,
"recvmmsg": nil, "recvmmsg": 299,
"fanotify_init": nil, "fanotify_init": 300,
"fanotify_mark": nil, "fanotify_mark": 301,
"prlimit64": nil, "prlimit64": 302,
"name_to_handle_at": nil, "name_to_handle_at": 303,
"open_by_handle_at": nil, "open_by_handle_at": 304,
"clock_adjtime": nil, "clock_adjtime": 305,
"syncfs": nil, "syncfs": 306,
"sendmmsg": nil, "sendmmsg": 307,
"setns": nil, "setns": 308,
"getcpu": nil, "getcpu": 309,
"process_vm_readv": nil, "process_vm_readv": 310,
"process_vm_writev": nil, "process_vm_writev": 311,
"kcmp": nil, "kcmp": 312,
"finit_module": nil, "finit_module": 313,
"getrandom": nil, "getrandom": 314,
} }
} }