public void AddTaintOnPointer()
{
buffer = new AbstractBuffer(AbstractValue.GetNewBuffer(1));
var clean = new AbstractValue(buffer);
clean.AddTaint();
}
public void AddTaint()
{
var clean = new AbstractValue(0x31337);
Assert.IsFalse(clean.IsTainted);
var tainted = clean.AddTaint();
Assert.IsTrue(tainted.IsTainted);
Assert.AreNotSame(clean, tainted);
}
public void DoOperationForShl()
{
eax = one.AddTaint();
ebx = new AbstractValue(0x3);
state = state.DoOperation(RegisterName.EAX, OperatorEffect.Shl, RegisterName.EBX);
Assert.AreEqual(0x8, eax.Value);
Assert.IsTrue(eax.IsTainted);
}
public void AddTaint()
{
var clean = new AbstractValue(0x31337);
Assert.IsFalse(clean.IsTainted);
var tainted = clean.AddTaint();
Assert.IsTrue(tainted.IsTainted);
Assert.AreNotSame(clean, tainted);
}
private static OperationResult DoOperation(AbstractValue lhs, OperatorEffect operatorEffect, AbstractValue rhs)
{
if (rhs.IsPointer &&
operatorEffect != OperatorEffect.Assignment)
{
throw new ArgumentException("rhs pointer only supported for OperatorEffect.Assignment.");
}
var result = new OperationResult();
AbstractValue totalValue;
if (operatorEffect == OperatorEffect.Assignment)
{
var newValue = new AbstractValue(rhs);
if (rhs.IsInitialized &&
rhs.IsOutOfBounds)
{
newValue.IsOutOfBounds = true;
}
result.Value = newValue;
return(result);
}
if (operatorEffect == OperatorEffect.Cmp)
{
result.ZeroFlag = (lhs.Value - rhs.Value) == 0;
totalValue = lhs;
result.Value = totalValue;
return(result);
}
if (lhs.IsPointer)
{
var newBuffer = lhs.PointsTo.DoOperation(operatorEffect, rhs);
result.Value = new AbstractValue(newBuffer);
return(result);
}
var total = CalculateValueFor(lhs.Value, operatorEffect, rhs.Value);
totalValue = new AbstractValue(total);
if (lhs.IsTainted ||
rhs.IsTainted)
{
totalValue = totalValue.AddTaint();
}
result.Value = totalValue;
return(result);
}
public void OverflowDoesntLoseIncrement()
{
var buffer = AbstractValue.GetNewBuffer(16);
var pointer = new AbstractBuffer(buffer);
var value = new AbstractValue(0x41);
value = value.AddTaint();
pointer[0] = value;
pointer = pointer.DoOperation(OperatorEffect.Add, new AbstractValue(1));
pointer[16] = value;
pointer = pointer.DoOperation(OperatorEffect.Sub, new AbstractValue(1));
Assert.AreEqual(0x41, pointer[0].Value);
Assert.IsTrue(value.IsTainted);
Assert.AreEqual(0x41, pointer[17].Value);
Assert.IsTrue(pointer[17].IsTainted);
}
public void OverflowDoesntLoseIncrement()
{
var buffer = AbstractValue.GetNewBuffer(16);
var pointer = new AbstractBuffer(buffer);
var value = new AbstractValue(0x41);
value = value.AddTaint();
pointer[0] = value;
pointer = pointer.DoOperation(OperatorEffect.Add, new AbstractValue(1));
pointer[16] = value;
pointer = pointer.DoOperation(OperatorEffect.Sub, new AbstractValue(1));
Assert.AreEqual(0x41, pointer[0].Value);
Assert.IsTrue(value.IsTainted);
Assert.AreEqual(0x41, pointer[17].Value);
Assert.IsTrue(pointer[17].IsTainted);
}
public void AddTaintOnPointer()
{
buffer = new AbstractBuffer(AbstractValue.GetNewBuffer(1));
var clean = new AbstractValue(buffer);
clean.AddTaint();
}
private static OperationResult DoOperation(AbstractValue lhs, OperatorEffect operatorEffect, AbstractValue rhs)
{
if (rhs.IsPointer &&
operatorEffect != OperatorEffect.Assignment)
{
throw new ArgumentException("rhs pointer only supported for OperatorEffect.Assignment.");
}
var result = new OperationResult();
AbstractValue totalValue;
if (operatorEffect == OperatorEffect.Assignment)
{
var newValue = new AbstractValue(rhs);
if (rhs.IsInitialized &&
rhs.IsOutOfBounds)
{
newValue.IsOutOfBounds = true;
}
result.Value = newValue;
return result;
}
if (operatorEffect == OperatorEffect.Cmp)
{
result.ZeroFlag = (lhs.Value - rhs.Value) == 0;
totalValue = lhs;
result.Value = totalValue;
return result;
}
if (lhs.IsPointer)
{
var newBuffer = lhs.PointsTo.DoOperation(operatorEffect, rhs);
result.Value = new AbstractValue(newBuffer);
return result;
}
var total = CalculateValueFor(lhs.Value, operatorEffect, rhs.Value);
totalValue = new AbstractValue(total);
if (lhs.IsTainted ||
rhs.IsTainted)
{
totalValue = totalValue.AddTaint();
}
result.Value = totalValue;
return result;
}