Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Python3 support and linting #3

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions egghatch/block.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"Instruction", ("addr", "size", "mnemonic", "operands")
)


class Block(object):
stop_insns = (
"jmp", "jecxz", "ret", "loop", "loope", "loopne",
Expand Down
7 changes: 5 additions & 2 deletions egghatch/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,19 @@
from egghatch.misc import str_as_db
from egghatch.shellcode import Shellcode


def main():
if len(sys.argv) != 2:
print "Usage: python %s <sc.bin>" % sys.argv[0]
print("Usage: python %s <sc.bin>" % sys.argv[0])
exit(1)

print Shellcode(open(sys.argv[1], "rb").read()).to_json()
print(Shellcode(open(sys.argv[1], "rb").read()).to_json())


def parse(payload):
return Shellcode(payload).to_dict()


def as_text(payload):
ret, sc = [], Shellcode(payload).to_dict()

Expand Down
4 changes: 2 additions & 2 deletions egghatch/misc.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ def str_as_db(s):

r2, idx = [], 0
while idx < len(r1):
if isinstance(r1[idx], (int, long)):
if isinstance(r1[idx], (int, float)):
r2.append("%s" % r1[idx])
idx += 1
continue
jdx = idx
while idx < len(r1) and isinstance(r1[idx], basestring):
while idx < len(r1) and isinstance(r1[idx], str):
idx += 1
r2.append("'%s'" % "".join(r1[jdx:idx]))

Expand Down
9 changes: 5 additions & 4 deletions egghatch/shellcode.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

from egghatch.block import Block


class Shellcode(object):
def __init__(self, payload):
import capstone
Expand Down Expand Up @@ -63,14 +64,14 @@ def handle_relative_call(self, block):
def add_bbl(self, start, end):
bbl_r = dict((v, k) for k, v in self.bbl.items())
for start_, end_ in self.bbl.items():
if start >= start_ and start < end_:
if start_ <= start < end_:
self.bbl[start_] = start
self.bbl[start] = end_
break
if start < start_ and end == end_:
self.bbl[start] = bbl_r.get(start_, start_)
break
if end and end > start_ and end <= end_:
if end and start_ < end <= end_:
self.bbl[start] = start_
self.bbl[start_] = end
if end != end_:
Expand Down Expand Up @@ -135,7 +136,7 @@ def basic_taint(self):
continue

op = insn2.operands
for _ in xrange(64):
for _ in range(64):
if insn2.addr + insn2.size not in insns:
break

Expand All @@ -156,7 +157,7 @@ def extract_data(self):
parsed[len(self.payload)] = len(self.payload)

chunks = sorted(parsed.items())
for idx in xrange(1, len(chunks)):
for idx in range(1, len(chunks)):
_, start = chunks[idx-1]
end, _ = chunks[idx]
if start != end and start < end:
Expand Down
8 changes: 4 additions & 4 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,13 @@
"Natural Language :: English",
"License :: OSI Approved :: GNU General Public License v3 (GPLv3)",
"Operating System :: POSIX :: Linux",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3.8",
"Topic :: Security",
],
url="https://cuckoosandbox.org/",
license="GPLv3",
description="Cuckoo Sandbox Shellcode Identification & Formatting",
long_description=open("README.rst", "rb").read(),
long_description=str(open("README.rst", "rb").read()),
include_package_data=True,
entry_points={
"console_scripts": [
Expand All @@ -42,10 +42,10 @@
"capstone-windows==3.0.4",
],
":sys_platform == 'darwin'": [
"capstone==3.0.5rc2",
"capstone==4.0.2",
],
":sys_platform == 'linux2'": [
"capstone==3.0.5rc2",
"capstone==4.0.2",
],
},
)
9 changes: 8 additions & 1 deletion tests/test_blocks.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@

from egghatch.shellcode import Shellcode


def test_parse():
sc = Shellcode("\x90\x75\x02\x90\x90\x90")
sc = Shellcode(b"\x90\x75\x02\x90\x90\x90")
assert sc.to_dict() == {
"text": [
(0, 1, "nop", ""),
Expand All @@ -22,6 +23,7 @@ def test_parse():
"data": [],
}


def test_add_bbl1():
sc = Shellcode("")
sc.parsed[97] = False
Expand All @@ -39,6 +41,7 @@ def test_add_bbl1():
136: 192,
}


def test_add_bbl2():
sc = Shellcode("")
sc.parsed[209] = False
Expand All @@ -58,6 +61,7 @@ def test_add_bbl2():
290: 308,
}


def test_sd():
sc = Shellcode(open("tests/files/plain/sd.bin", "rb").read())
assert sc.to_dict()["bbl"] == [
Expand All @@ -66,6 +70,7 @@ def test_sd():
(0x39, 0x45),
]


def test_bin1():
sc = Shellcode(open("tests/files/plain/1.bin", "rb").read())
assert sc.to_dict()["bbl"] == [
Expand Down Expand Up @@ -100,6 +105,7 @@ def test_bin1():
(0x14b, "www.service.chrome-up.date\x00"),
]


def test_bin2():
sc = Shellcode(open("tests/files/plain/2.bin", "rb").read())
assert sc.to_dict()["bbl"] == [
Expand Down Expand Up @@ -131,6 +137,7 @@ def test_bin2():
(192, "ddos400.ddns.net\x00"),
]


def test_bin3():
sc = Shellcode(open("tests/files/plain/3.bin", "rb").read())
assert sc.to_dict()["bbl"] == [
Expand Down
3 changes: 3 additions & 0 deletions tests/test_json.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

from egghatch.shellcode import Shellcode


def test_sd():
sc = Shellcode(open("tests/files/plain/sd.bin", "rb").read())
assert json.loads(sc.to_json()) == {
Expand Down Expand Up @@ -49,6 +50,7 @@ def test_sd():
"data": [],
}


def test_bin1():
sc = Shellcode(open("tests/files/plain/1.bin", "rb").read())
assert json.loads(sc.to_json()) == {
Expand All @@ -60,6 +62,7 @@ def test_bin1():
],
}


def test_bin2():
sc = Shellcode(open("tests/files/plain/1.bin", "rb").read())
assert json.loads(sc.to_json()) == {
Expand Down
3 changes: 3 additions & 0 deletions tests/test_main.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from egghatch import parse, as_text


def test_parse():
assert parse("\xfc\xeb\xfe") == {
"bbl": [
Expand All @@ -17,6 +18,7 @@ def test_parse():
"data": [],
}


def test_as_text_cld_jmpinf():
assert as_text("\xfc\xeb\xfe") == (
"bbl_0x0000:\n"
Expand All @@ -25,6 +27,7 @@ def test_as_text_cld_jmpinf():
" 0x0001: jmp 1\n"
)


def test_as_text_sc():
def f(filename):
return open("tests/files/plain/%s" % filename, "rb").read()
Expand Down
1 change: 1 addition & 0 deletions tests/test_misc.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from egghatch.misc import str_as_db


def test_str_as_db():
assert str_as_db("\x00") == "0"
assert str_as_db("foo") == "'foo'"
Expand Down