generic-library/breakpad
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add simple exploitability analysis for Linux crashes.

Browse Source 
https://breakpad.appspot.com/622002/



git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1226 4c0a9323-5329-0410-9bdc-e9ce6186880e
This commit is contained in:
mattdr.breakpad@gmail.com
2013-10-29 20:03:39 +00:00
parent 6689f24d1a
commit 502f23211b
12 changed files with 13573 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

226
src/processor/exploitability_unittest.cc
View File

@@ -35,213 +35,83 @@
#include "breakpad_googletest_includes.h"
#include "common/using_std_string.h"
#include "google_breakpad/processor/basic_source_line_resolver.h"
#include "google_breakpad/processor/call_stack.h"
#include "google_breakpad/processor/code_module.h"
#include "google_breakpad/processor/code_modules.h"
#include "google_breakpad/processor/minidump.h"
#include "google_breakpad/processor/minidump_processor.h"
#include "google_breakpad/processor/process_state.h"
#include "google_breakpad/processor/stack_frame.h"
#include "google_breakpad/processor/symbol_supplier.h"
namespace google_breakpad {
class MockMinidump : public Minidump {
public:
MockMinidump() : Minidump("") {
}
MOCK_METHOD0(Read, bool());
MOCK_CONST_METHOD0(path, string());
MOCK_CONST_METHOD0(header, const MDRawHeader*());
MOCK_METHOD0(GetThreadList, MinidumpThreadList*());
};
}
#include "processor/simple_symbol_supplier.h"
namespace {
using google_breakpad::BasicSourceLineResolver;
using google_breakpad::CallStack;
using google_breakpad::CodeModule;
using google_breakpad::MinidumpProcessor;
using google_breakpad::MinidumpThreadList;
using google_breakpad::MinidumpThread;
using google_breakpad::MockMinidump;
using google_breakpad::ProcessState;
using google_breakpad::SymbolSupplier;
using google_breakpad::SystemInfo;
using google_breakpad::SimpleSymbolSupplier;
class TestSymbolSupplier : public SymbolSupplier {
public:
TestSymbolSupplier() : interrupt_(false) {}
virtual SymbolResult GetSymbolFile(const CodeModule *module,
const SystemInfo *system_info,
string *symbol_file);
virtual SymbolResult GetSymbolFile(const CodeModule *module,
const SystemInfo *system_info,
string *symbol_file,
string *symbol_data);
virtual SymbolResult GetCStringSymbolData(const CodeModule *module,
const SystemInfo *system_info,
string *symbol_file,
char **symbol_data,
size_t *symbol_data_size);
virtual void FreeSymbolData(const CodeModule *module) { }
// When set to true, causes the SymbolSupplier to return INTERRUPT
void set_interrupt(bool interrupt) { interrupt_ = interrupt; }
private:
bool interrupt_;
};
SymbolSupplier::SymbolResult TestSymbolSupplier::GetSymbolFile(
const CodeModule *module,
const SystemInfo *system_info,
string *symbol_file) {
if (interrupt_) {
return INTERRUPT;
}
return NOT_FOUND;
string TestDataDir() {
return string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata";
}
SymbolSupplier::SymbolResult TestSymbolSupplier::GetCStringSymbolData(
const CodeModule *module,
const SystemInfo *system_info,
string *symbol_file,
char **symbol_data,
size_t *symbol_data_size) {
return GetSymbolFile(module, system_info, symbol_file);
}
SymbolSupplier::SymbolResult TestSymbolSupplier::GetSymbolFile(
const CodeModule *module,
const SystemInfo *system_info,
string *symbol_file,
string *symbol_data) {
return GetSymbolFile(module, system_info, symbol_file);
}
TEST(ExploitabilityTest, TestWindowsEngine) {
TestSymbolSupplier supplier;
// Find the given dump file in <srcdir>/src/processor/testdata, process it,
// and get the exploitability rating. Returns EXPLOITABILITY_ERR_PROCESSING
// if the crash dump can't be processed.
google_breakpad::ExploitabilityRating
ExploitabilityFor(const string& filename) {
SimpleSymbolSupplier supplier(TestDataDir() + "/symbols");
BasicSourceLineResolver resolver;
MinidumpProcessor processor(&supplier, &resolver, true);
ProcessState state;
string minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_read_av.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
string minidump_file = TestDataDir() + "/" + filename;
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_read_av_block_write.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
if (processor.Process(minidump_file, &state) !=
google_breakpad::PROCESS_OK) {
return google_breakpad::EXPLOITABILITY_ERR_PROCESSING;
}
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_read_av_clobber_write.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
return state.exploitability();
}
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_read_av_conditional.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
TEST(ExploitabilityTest, TestWindowsEngine) {
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_read_av_then_jmp.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("ascii_read_av.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_read_av_xchg_write.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("ascii_read_av_block_write.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_write_av.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("ascii_read_av_clobber_write.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/ascii_write_av_arg_to_call.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("ascii_read_av_conditional.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/null_read_av.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("ascii_read_av_then_jmp.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("ascii_read_av_xchg_write.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("ascii_write_av.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("ascii_write_av_arg_to_call.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/null_write_av.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("null_read_av.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/stack_exhaustion.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("null_write_av.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/exec_av_on_stack.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("stack_exhaustion.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/write_av_non_null.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ASSERT_EQ(google_breakpad::EXPLOITABLITY_MEDIUM,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/read_av_non_null.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("exec_av_on_stack.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_MEDIUM,
ExploitabilityFor("write_av_non_null.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/read_av_clobber_write.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("read_av_non_null.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
state.exploitability());
minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
"/src/processor/testdata/read_av_conditional.dmp";
ASSERT_EQ(processor.Process(minidump_file, &state),
google_breakpad::PROCESS_OK);
ExploitabilityFor("read_av_clobber_write.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
state.exploitability());
ExploitabilityFor("read_av_conditional.dmp"));
}
TEST(ExploitabilityTest, TestLinuxEngine) {
ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
ExploitabilityFor("linux_null_read_av.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("linux_overflow.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("linux_stacksmash.dmp"));
}
}