kbruen/gaulthiergain-tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve the static analyser part

Browse source 
Signed-off-by: Gaulthier Gain <gaulthier.gain@uliege.be>
This commit is contained in:
Gaulthier Gain 2021-05-18 10:47:01 +02:00
parent 14ccfb0426
commit 4425c80017
6 changed files with 361 additions and 333 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
srcs/common/data.go
View file

@ -16,13 +16,13 @@ type Data struct {
type StaticData struct {
Dependencies map[string][]string `json:"dependencies"`
SharedLibs map[string][]string `json:"shared_libs"`
SystemCalls map[string]string `json:"system_calls"`
SystemCalls map[string]int `json:"system_calls"`
Symbols map[string]string `json:"symbols"`
}
// Exported struct that represents data for dynamic dependency analysis.
type DynamicData struct {
SharedLibs map[string][]string `json:"shared_libs"`
SystemCalls map[string]string `json:"system_calls"`
SystemCalls map[string]int `json:"system_calls"`
Symbols map[string]string `json:"symbols"`
}

6
srcs/dependtool/dynamic_analyser.go
View file

@ -83,9 +83,9 @@ func gatherDataAux(command, programPath, programName, option string,
ret := false
if command == systrace {
ret = parseTrace(errStr, data.SystemCalls)
ret = parseStrace(errStr, data.SystemCalls)
} else {
ret = parseTrace(errStr, data.Symbols)
ret = parseFtrace(errStr, data.Symbols)
}
return ret
}
@ -206,7 +206,7 @@ func dynamicAnalyser(args *u.Arguments, data *u.Data, programPath string) {
// Init dynamic data
dynamicData := &data.DynamicData
dynamicData.SharedLibs = make(map[string][]string)
dynamicData.SystemCalls = make(map[string]string)
dynamicData.SystemCalls = make(map[string]int)
dynamicData.Symbols = make(map[string]string)
// Run strace

45
srcs/dependtool/parser.go
View file

@ -62,7 +62,7 @@ func parseNMMac(output string, data *u.StaticData) {
// Add to system calls map if symbol is a system call
if _, isSyscall := systemCalls[match[2]]; isSyscall {
data.SystemCalls[match[2]] = ""
data.SystemCalls[match[2]] = systemCalls[match[2]]
} else {
data.Symbols[match[2]] = ""
}
@ -76,11 +76,11 @@ func parseNMLinux(output string, data *u.StaticData) {
systemCalls := initSystemCalls()
// Check the output of 'nm' command
var re = regexp.MustCompile(`(?m)([U|T|B|D]\s)(.*)\s*`)
var re = regexp.MustCompile(`(?m)([U|u|T|t|w|W]\s)(.*)\s*`)
for _, match := range re.FindAllStringSubmatch(output, -1) {
// Add to system calls map if symbol is a system call
if _, isSyscall := systemCalls[match[2]]; isSyscall {
data.SystemCalls[match[2]] = ""
data.SystemCalls[match[2]] = systemCalls[match[2]]
} else {
data.Symbols[match[2]] = ""
}
@ -208,7 +208,7 @@ func parseLDD(output string, data map[string][]string, lddMap map[string][]strin
lib, path := words[0], words[1]
// Execute ldd only if fullDeps mode is set
if fullDeps {
if fullDeps && strings.HasPrefix(path, "/") {
rd := recursiveData{
data: data,
glMap: lddMap,
@ -221,10 +221,15 @@ func parseLDD(output string, data map[string][]string, lddMap map[string][]strin
listLdd = append(listLdd, lib)
parseRecursive(rd)
} else {
// Associate the path if it exists
if strings.Contains(path, ".so"){
data[lib] = []string{path}
}else{
data[lib] = nil
}
}
}
}
return listLdd
}
@ -269,12 +274,10 @@ func detectPermissionDenied(str string) bool {
}
return false
}
// parseTrace parses the output of the '(s)|(f)trace' command.
// parseTrace parses the output of the 'ftrace' command.
//
// It returns true if command must be run with sudo, otherwise false.
func parseTrace(output string, data map[string]string) bool {
func parseFtrace(output string, data map[string]string) bool {
var re = regexp.MustCompile(`([a-zA-Z_0-9@/-]+?)\((.*)`)
for _, match := range re.FindAllStringSubmatch(output, -1) {
if len(match) > 1 {
@ -291,6 +294,32 @@ func parseTrace(output string, data map[string]string) bool {
return false
}
// parseTrace parses the output of the '(s)|(f)trace' command.
//
// It returns true if command must be run with sudo, otherwise false.
func parseStrace(output string, data map[string]int) bool {
systemCalls := initSystemCalls()
var re = regexp.MustCompile(`([a-zA-Z_0-9@/-]+?)\((.*)`)
for _, match := range re.FindAllStringSubmatch(output, -1) {
if len(match) > 1 {
// Detect if Permission denied is thrown
detected := detectPermissionDenied(match[2])
if detected {
// Command must be run with sudo
return true
}
// Add symbol to map
if _, isSyscall := systemCalls[match[1]]; isSyscall {
data[match[1]] = systemCalls[match[1]]
}else{
data[match[1]] = -1
}
}
}
return false
}
// parseLsof parses the output of the 'lsof' command.
//
// It returns an error if any, otherwise it returns nil.

1
srcs/dependtool/run_deptool.go
View file

@ -56,7 +56,6 @@ func RunAnalyserTool(homeDir string, data *u.Data) {
runStaticAnalyser(args, programName, programPath, outFolder, data)
// Run dynamic analyser
if strings.ToLower(runtime.GOOS) == "linux" {
u.PrintHeader1("(1.2) RUN DYNAMIC ANALYSIS")
runDynamicAnalyser(args, programName, programPath, outFolder, data)

2
srcs/dependtool/static_analyser.go
View file

@ -190,7 +190,7 @@ func staticAnalyser(args u.Arguments, data *u.Data, programPath string) {
// Init symbols members
staticData.Symbols = make(map[string]string)
staticData.SystemCalls = make(map[string]string)
staticData.SystemCalls = make(map[string]int)
staticData.SharedLibs = make(map[string][]string)
if strings.ToLower(runtime.GOOS) == "linux" {

634
srcs/dependtool/system_calls.go
View file

@ -9,322 +9,322 @@ package dependtool
// InitSystemCalls initialises all Linux system calls.
//
// It returns a map of all system calls.
func initSystemCalls() map[string]*string {
return map[string]*string{
"read": nil,
"write": nil,
"open": nil,
"close": nil,
"stat": nil,
"fstat": nil,
"lstat": nil,
"poll": nil,
"lseek": nil,
"mmap": nil,
"mprotect": nil,
"munmap": nil,
"brk": nil,
"rt_sigaction": nil,
"rt_sigprocmask": nil,
"rt_sigreturn": nil,
"ioctl": nil,
"pread64": nil,
"pwrite64": nil,
"readv": nil,
"writev": nil,
"access": nil,
"pipe": nil,
"select": nil,
"sched_yield": nil,
"mremap": nil,
"msync": nil,
"mincore": nil,
"madvise": nil,
"shmget": nil,
"shmat": nil,
"shmctl": nil,
"dup": nil,
"dup2": nil,
"pause": nil,
"nanosleep": nil,
"getitimer": nil,
"alarm": nil,
"setitimer": nil,
"getpid": nil,
"sendfile": nil,
"socket": nil,
"connect": nil,
"accept": nil,
"sendto": nil,
"recvfrom": nil,
"sendmsg": nil,
"recvmsg": nil,
"shutdown": nil,
"bind": nil,
"listen": nil,
"getsockname": nil,
"getpeername": nil,
"socketpair": nil,
"setsockopt": nil,
"getsockopt": nil,
"clone": nil,
"fork": nil,
"vfork": nil,
"execve": nil,
"exit": nil,
"wait4": nil,
"kill": nil,
"uname": nil,
"semget": nil,
"semop": nil,
"semctl": nil,
"shmdt": nil,
"msgget": nil,
"msgsnd": nil,
"msgrcv": nil,
"msgctl": nil,
"fcntl": nil,
"flock": nil,
"fsync": nil,
"fdatasync": nil,
"truncate": nil,
"ftruncate": nil,
"getdents": nil,
"getcwd": nil,
"chdir": nil,
"fchdir": nil,
"rename": nil,
"mkdir": nil,
"rmdir": nil,
"creat": nil,
"link": nil,
"unlink": nil,
"symlink": nil,
"readlink": nil,
"chmod": nil,
"fchmod": nil,
"chown": nil,
"fchown": nil,
"lchown": nil,
"umask": nil,
"gettimeofday": nil,
"getrlimit": nil,
"getrusage": nil,
"sysinfo": nil,
"times": nil,
"ptrace": nil,
"getuid": nil,
"syslog": nil,
"getgid": nil,
"setuid": nil,
"setgid": nil,
"geteuid": nil,
"getegid": nil,
"setpgid": nil,
"getppid": nil,
"getpgrp": nil,
"setsid": nil,
"setreuid": nil,
"setregid": nil,
"getgroups": nil,
"setgroups": nil,
"setresuid": nil,
"getresuid": nil,
"setresgid": nil,
"getresgid": nil,
"getpgid": nil,
"setfsuid": nil,
"setfsgid": nil,
"getsid": nil,
"capget": nil,
"capset": nil,
"rt_sigpending": nil,
"rt_sigtimedwait": nil,
"rt_sigqueueinfo": nil,
"rt_sigsuspend": nil,
"sigaltstack": nil,
"utime": nil,
"mknod": nil,
"uselib": nil,
"personality": nil,
"ustat": nil,
"statfs": nil,
"fstatfs": nil,
"sysfs": nil,
"getpriority": nil,
"setpriority": nil,
"sched_setparam": nil,
"sched_getparam": nil,
"sched_setscheduler": nil,
"sched_getscheduler": nil,
"sched_get_priority_max": nil,
"sched_get_priority_min": nil,
"sched_rr_get_interval": nil,
"mlock": nil,
"munlock": nil,
"mlockall": nil,
"munlockall": nil,
"vhangup": nil,
"modify_ldt": nil,
"pivot_root": nil,
"_sysctl": nil,
"prctl": nil,
"arch_prctl": nil,
"adjtimex": nil,
"setrlimit": nil,
"chroot": nil,
"sync": nil,
"acct": nil,
"settimeofday": nil,
"mount": nil,
"umount2": nil,
"swapon": nil,
"swapoff": nil,
"reboot": nil,
"sethostname": nil,
"setdomainname": nil,
"iopl": nil,
"ioperm": nil,
"create_module": nil,
"init_module": nil,
"delete_module": nil,
"get_kernel_syms": nil,
"query_module": nil,
"quotactl": nil,
"nfsservctl": nil,
"getpmsg": nil,
"putpmsg": nil,
"afs_syscall": nil,
"tuxcall": nil,
"security": nil,
"gettid": nil,
"readahead": nil,
"setxattr": nil,
"lsetxattr": nil,
"fsetxattr": nil,
"getxattr": nil,
"lgetxattr": nil,
"fgetxattr": nil,
"listxattr": nil,
"llistxattr": nil,
"flistxattr": nil,
"removexattr": nil,
"lremovexattr": nil,
"fremovexattr": nil,
"tkill": nil,
"time": nil,
"futex": nil,
"sched_setaffinity": nil,
"sched_getaffinity": nil,
"set_thread_area": nil,
"io_setup": nil,
"io_destroy": nil,
"io_getevents": nil,
"io_submit": nil,
"io_cancel": nil,
"get_thread_area": nil,
"lookup_dcookie": nil,
"epoll_create": nil,
"epoll_ctl_old": nil,
"epoll_wait_old": nil,
"remap_file_pages": nil,
"getdents64": nil,
"set_tid_address": nil,
"restart_syscall": nil,
"semtimedop": nil,
"fadvise64": nil,
"timer_create": nil,
"timer_settime": nil,
"timer_gettime": nil,
"timer_getoverrun": nil,
"timer_delete": nil,
"clock_settime": nil,
"clock_gettime": nil,
"clock_getres": nil,
"clock_nanosleep": nil,
"exit_group": nil,
"epoll_wait": nil,
"epoll_ctl": nil,
"tgkill": nil,
"utimes": nil,
"vserver": nil,
"mbind": nil,
"set_mempolicy": nil,
"get_mempolicy": nil,
"mq_open": nil,
"mq_unlink": nil,
"mq_timedsend": nil,
"mq_timedreceive": nil,
"mq_notify": nil,
"mq_getsetattr": nil,
"kexec_load": nil,
"waitid": nil,
"add_key": nil,
"request_key": nil,
"keyctl": nil,
"ioprio_set": nil,
"ioprio_get": nil,
"inotify_init": nil,
"inotify_add_watch": nil,
"inotify_rm_watch": nil,
"migrate_pages": nil,
"openat": nil,
"mkdirat": nil,
"mknodat": nil,
"fchownat": nil,
"futimesat": nil,
"newfstatat": nil,
"unlinkat": nil,
"renameat": nil,
"linkat": nil,
"symlinkat": nil,
"readlinkat": nil,
"fchmodat": nil,
"faccessat": nil,
"pselect6": nil,
"ppoll": nil,
"unshare": nil,
"set_robust_list": nil,
"get_robust_list": nil,
"splice": nil,
"tee": nil,
"sync_file_range": nil,
"vmsplice": nil,
"move_pages": nil,
"utimensat": nil,
"epoll_pwait": nil,
"signalfd": nil,
"timerfd_create": nil,
"eventfd": nil,
"fallocate": nil,
"timerfd_settime": nil,
"timerfd_gettime": nil,
"accept4": nil,
"signalfd4": nil,
"eventfd2": nil,
"epoll_create1": nil,
"dup3": nil,
"pipe2": nil,
"inotify_init1": nil,
"preadv": nil,
"pwritev": nil,
"rt_tgsigqueueinfo": nil,
"perf_event_open": nil,
"recvmmsg": nil,
"fanotify_init": nil,
"fanotify_mark": nil,
"prlimit64": nil,
"name_to_handle_at": nil,
"open_by_handle_at": nil,
"clock_adjtime": nil,
"syncfs": nil,
"sendmmsg": nil,
"setns": nil,
"getcpu": nil,
"process_vm_readv": nil,
"process_vm_writev": nil,
"kcmp": nil,
"finit_module": nil,
"getrandom": nil,
func initSystemCalls() map[string]int {
return map[string]int{
"read": 0,
"write": 1,
"open": 2,
"close": 3,
"stat": 4,
"fstat": 5,
"lstat": 6,
"poll": 7,
"lseek": 8,
"mmap": 9,
"mprotect": 10,
"munmap": 11,
"brk": 12,
"rt_sigaction": 13,
"rt_sigprocmask": 14,
"rt_sigreturn": 15,
"ioctl": 16,
"pread64": 17,
"pwrite64": 18,
"readv": 19,
"writev": 20,
"access": 21,
"pipe": 22,
"select": 23,
"sched_yield": 24,
"mremap": 25,
"msync": 26,
"mincore": 27,
"madvise": 28,
"shmget": 29,
"shmat": 30,
"shmctl": 31,
"dup": 32,
"dup2": 33,
"pause": 34,
"nanosleep": 35,
"getitimer": 36,
"alarm": 37,
"setitimer": 38,
"getpid": 39,
"sendfile": 40,
"socket": 41,
"connect": 42,
"accept": 43,
"sendto": 44,
"recvfrom": 45,
"sendmsg": 46,
"recvmsg": 47,
"shutdown": 48,
"bind": 49,
"listen": 50,
"getsockname": 51,
"getpeername": 52,
"socketpair": 53,
"setsockopt": 54,
"getsockopt": 55,
"clone": 56,
"fork": 57,
"vfork": 58,
"execve": 59,
"exit": 60,
"wait4": 61,
"kill": 62,
"uname": 63,
"semget": 64,
"semop": 65,
"semctl": 66,
"shmdt": 67,
"msgget": 68,
"msgsnd": 69,
"msgrcv": 70,
"msgctl": 71,
"fcntl": 72,
"flock": 73,
"fsync": 74,
"fdatasync": 75,
"truncate": 76,
"ftruncate": 77,
"getdents": 78,
"getcwd": 79,
"chdir": 80,
"fchdir": 81,
"rename": 82,
"mkdir": 83,
"rmdir": 84,
"creat": 85,
"link": 86,
"unlink": 87,
"symlink": 88,
"readlink": 89,
"chmod": 90,
"fchmod": 91,
"chown": 92,
"fchown": 93,
"lchown": 94,
"umask": 95,
"gettimeofday": 96,
"getrlimit": 97,
"getrusage": 98,
"sysinfo": 99,
"times": 100,
"ptrace": 101,
"getuid": 102,
"syslog": 103,
"getgid": 104,
"setuid": 105,
"setgid": 106,
"geteuid": 107,
"getegid": 108,
"setpgid": 109,
"getppid": 110,
"getpgrp": 111,
"setsid": 112,
"setreuid": 113,
"setregid": 114,
"getgroups": 115,
"setgroups": 116,
"setresuid": 117,
"getresuid": 118,
"setresgid": 119,
"getresgid": 120,
"getpgid": 121,
"setfsuid": 122,
"setfsgid": 123,
"getsid": 124,
"capget": 125,
"capset": 126,
"rt_sigpending": 127,
"rt_sigtimedwait": 128,
"rt_sigqueueinfo": 129,
"rt_sigsuspend": 130,
"sigaltstack": 131,
"utime": 132,
"mknod": 133,
"uselib": 134,
"personality": 135,
"ustat": 136,
"statfs": 137,
"fstatfs": 138,
"sysfs": 139,
"getpriority": 140,
"setpriority": 141,
"sched_setparam": 142,
"sched_getparam": 143,
"sched_setscheduler": 144,
"sched_getscheduler": 145,
"sched_get_priority_max": 146,
"sched_get_priority_min": 147,
"sched_rr_get_interval": 148,
"mlock": 149,
"munlock": 150,
"mlockall": 151,
"munlockall": 152,
"vhangup": 153,
"modify_ldt": 154,
"pivot_root": 155,
"_sysctl": 156,
"prctl": 157,
"arch_prctl": 158,
"adjtimex": 159,
"setrlimit": 160,
"chroot": 161,
"sync": 162,
"acct": 163,
"settimeofday": 164,
"mount": 165,
"umount2": 166,
"swapon": 167,
"swapoff": 168,
"reboot": 169,
"sethostname": 170,
"setdomainname": 171,
"iopl": 172,
"ioperm": 173,
"create_module": 174,
"init_module": 175,
"delete_module": 176,
"get_kernel_syms": 177,
"query_module": 178,
"quotactl": 179,
"nfsservctl": 180,
"getpmsg": 181,
"putpmsg": 182,
"afs_syscall": 183,
"tuxcall": 184,
"security": 185,
"gettid": 186,
"readahead": 187,
"setxattr": 188,
"lsetxattr": 189,
"fsetxattr": 190,
"getxattr": 191,
"lgetxattr": 192,
"fgetxattr": 193,
"listxattr": 194,
"llistxattr": 195,
"flistxattr": 196,
"removexattr": 197,
"lremovexattr": 198,
"fremovexattr": 199,
"tkill": 200,
"time": 201,
"futex": 202,
"sched_setaffinity": 203,
"sched_getaffinity": 204,
"set_thread_area": 205,
"io_setup": 206,
"io_destroy": 207,
"io_getevents": 208,
"io_submit": 209,
"io_cancel": 210,
"get_thread_area": 211,
"lookup_dcookie": 212,
"epoll_create": 213,
"epoll_ctl_old": 214,
"epoll_wait_old": 215,
"remap_file_pages": 216,
"getdents64": 217,
"set_tid_address": 218,
"restart_syscall": 219,
"semtimedop": 220,
"fadvise64": 221,
"timer_create": 222,
"timer_settime": 223,
"timer_gettime": 224,
"timer_getoverrun": 225,
"timer_delete": 226,
"clock_settime": 227,
"clock_gettime": 228,
"clock_getres": 229,
"clock_nanosleep": 230,
"exit_group": 231,
"epoll_wait": 232,
"epoll_ctl": 233,
"tgkill": 234,
"utimes": 235,
"vserver": 236,
"mbind": 237,
"set_mempolicy": 238,
"get_mempolicy": 239,
"mq_open": 240,
"mq_unlink": 241,
"mq_timedsend": 242,
"mq_timedreceive": 243,
"mq_notify": 244,
"mq_getsetattr": 245,
"kexec_load": 246,
"waitid": 247,
"add_key": 248,
"request_key": 249,
"keyctl": 250,
"ioprio_set": 251,
"ioprio_get": 252,
"inotify_init": 253,
"inotify_add_watch": 254,
"inotify_rm_watch": 255,
"migrate_pages": 256,
"openat": 257,
"mkdirat": 258,
"mknodat": 259,
"fchownat": 260,
"futimesat": 261,
"newfstatat": 262,
"unlinkat": 263,
"renameat": 264,
"linkat": 265,
"symlinkat": 266,
"readlinkat": 267,
"fchmodat": 268,
"faccessat": 269,
"pselect6": 270,
"ppoll": 271,
"unshare": 272,
"set_robust_list": 273,
"get_robust_list": 274,
"splice": 275,
"tee": 276,
"sync_file_range": 277,
"vmsplice": 278,
"move_pages": 279,
"utimensat": 280,
"epoll_pwait": 281,
"signalfd": 282,
"timerfd_create": 283,
"eventfd": 284,
"fallocate": 285,
"timerfd_settime": 286,
"timerfd_gettime": 287,
"accept4": 288,
"signalfd4": 289,
"eventfd2": 290,
"epoll_create1": 291,
"dup3": 292,
"pipe2": 293,
"inotify_init1": 294,
"preadv": 295,
"pwritev": 296,
"rt_tgsigqueueinfo": 297,
"perf_event_open": 298,
"recvmmsg": 299,
"fanotify_init": 300,
"fanotify_mark": 301,
"prlimit64": 302,
"name_to_handle_at": 303,
"open_by_handle_at": 304,
"clock_adjtime": 305,
"syncfs": 306,
"sendmmsg": 307,
"setns": 308,
"getcpu": 309,
"process_vm_readv": 310,
"process_vm_writev": 311,
"kcmp": 312,
"finit_module": 313,
"getrandom": 314,
}
}