Merge pull request #557 from mr-tz/fixes-tests

fixes and tests
mandiant · Jun 21, 2022 · dd9bea8 · dd9bea8
2 parents 5c6215d + 1f4bedd
commit dd9bea8
Show file tree

Hide file tree

Showing 5 changed files with 147 additions and 6 deletions.
diff --git a/floss/features/extract.py b/floss/features/extract.py
@@ -124,13 +124,12 @@ def extract_function_kinda_tight_loop(f):
     """
     try:
         cfg = viv_utils.CFG(f)
+        root_bb_vas = {bb.va for bb in cfg.get_root_basic_blocks()}
+        leaf_bb_vas = {bb.va for bb in cfg.get_leaf_basic_blocks()}
     except ValueError:
         # likely wrongly identified or analyzed function
         return
 
-    root_bb_vas = {bb.va for bb in cfg.get_root_basic_blocks()}
-    leaf_bb_vas = {bb.va for bb in cfg.get_leaf_basic_blocks()}
-
     for bb in f.basic_blocks:
         # skip first and last BBs
         if bb.va in root_bb_vas:

diff --git a/floss/main.py b/floss/main.py
@@ -557,7 +557,7 @@ def main(argv=None) -> int:
         or results.analysis.enable_tight_strings
     ):
         if os.path.getsize(sample) > MAX_FILE_SIZE:
-            logger.error("cannot deobfuscate strings from files larger than %d bytes", MAX_FILE_SIZE)
+            logger.error("cannot deobfuscate strings from files larger than 0x%x bytes", MAX_FILE_SIZE)
             return -1
 
         sigpaths = get_signatures(args.signatures)

diff --git a/floss/results.py b/floss/results.py
@@ -16,7 +16,6 @@
 from pydantic.dataclasses import dataclass
 from pydantic.error_wrappers import ValidationError
 
-import floss.utils
 import floss.logging_
 from floss.render import Verbosity
 from floss.version import __version__
@@ -259,7 +258,7 @@ def filter_functions(results: ResultDocument, functions: List[int]) -> None:
         try:
             filtered_scores[fva] = results.analysis.functions.decoding_function_scores[fva]
         except KeyError:
-            raise InvalidLoadConfig(f"function {floss.utils.hex(fva)} not found in loaded data")
+            raise InvalidLoadConfig(f"function 0x{fva:x} not found in loaded data")
     results.analysis.functions.decoding_function_scores = filtered_scores
 
     results.strings.stack_strings = list(filter(lambda f: f.function in functions, results.strings.stack_strings))

diff --git a/tests/test_load.py b/tests/test_load.py
@@ -0,0 +1,88 @@
+import textwrap
+
+import floss.main
+
+# floss --no static -j tests/data/src/decode-in-place/bin/test-decode-in-place.exe
+RESULTS = textwrap.dedent(
+    """
+{
+    "analysis": {
+        "enable_decoded_strings": true,
+        "enable_stack_strings": true,
+        "enable_static_strings": false,
+        "enable_tight_strings": true,
+        "functions": {
+            "analyzed_decoded_strings": 20,
+            "analyzed_stack_strings": 30,
+            "analyzed_tight_strings": 2,
+            "decoding_function_scores": {
+                "4199648": 0.744, "4199776": 0.763, "4199888": 0.617, "4200144": 0.62, "4200304": 0.471,
+                "4200336": 0.617, "4200560": 0.44, "4201104": 0.931, "4201200": 0.887, "4201776": 0.576,
+                "4202640": 0.539, "4202672": 0.886, "4202992": 0.624, "4203120": 0.686, "4203264": 0.6,
+                "4203424": 0.497, "4203584": 0.591, "4203648": 0.727, "4203872": 0.617, "4204416": 0.531
+            },
+            "discovered": 50,
+            "library": 0
+        }
+    },
+    "metadata": {
+        "file_path": "tests/data/src/decode-in-place/bin/test-decode-in-place.exe",
+        "imagebase": 4194304,
+        "min_length": 4,
+        "runtime": {
+            "decoded_strings": 0.9855,
+            "find_features": 0.0546,
+            "stack_strings": 0.207,
+            "start_date": "2022-06-01T10:58:11.059390Z",
+            "static_strings": 0.0,
+            "tight_strings": 0.1788,
+            "total": 7.2177,
+            "vivisect": 5.7918
+        },
+        "version": "2.0.0"
+    },
+    "strings": {
+        "decoded_strings": [
+            {
+                "address": 3216244620,
+                "address_type": "STACK",
+                "decoded_at": 4199986,
+                "decoding_routine": 4199776,
+                "encoding": "ASCII",
+                "string": "hello world"
+            }
+        ],
+        "stack_strings": [
+            {
+                "encoding": "ASCII",
+                "frame_offset": 32,
+                "function": 4199888,
+                "offset": 32,
+                "original_stack_pointer": 3216244656,
+                "program_counter": 4199776,
+                "stack_pointer": 3216244588,
+                "string": "idmmn!vnsme"
+            }
+        ],
+        "static_strings": [],
+        "tight_strings": []
+    }
+}
+"""
+)
+
+
+def test_load(tmp_path):
+    d = tmp_path / "sub"
+    d.mkdir()
+    p = d / "results.json"
+    p.write_text(RESULTS)
+    assert (
+        floss.main.main(
+            [
+                "-l",
+                str(d.joinpath(p)),
+            ]
+        )
+        == 0
+    )
diff --git a/tests/test_scripts.py b/tests/test_scripts.py
@@ -0,0 +1,55 @@
+# Copyright (C) 2022 Mandiant, Inc. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at: [package root]/LICENSE.txt
+# Unless required by applicable law or agreed to in writing, software distributed under the License
+#  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+import os
+import sys
+import subprocess
+from functools import lru_cache
+
+import pytest
+
+CD = os.path.dirname(__file__)
+
+
+def get_script_path(s):
+    return os.path.join(CD, "..", "scripts", s)
+
+
+def get_file_path():
+    return os.path.join(CD, "data", "test-decode-to-stack.exe")
+
+
+def run_program(script_path, args):
+    args = [sys.executable] + [script_path] + args
+    print("running: '%s'" % args)
+    return subprocess.run(args, capture_output=True)
+
+
+@lru_cache()
+def get_results_file_path():
+    res_path = "results.json"
+    p = run_program("floss/main.py", ["--no", "static", "-j", get_file_path()])
+    with open(res_path, "w") as f:
+        f.write(p.stdout.decode("utf-8"))
+    return res_path
+
+
+@pytest.mark.parametrize(
+    "script,args",
+    [
+        pytest.param("render-binja-import-script.py", [get_results_file_path()]),
+        pytest.param("render-ghidra-import-script.py", [get_results_file_path()]),
+        pytest.param("render-ida-import-script.py", [get_results_file_path()]),
+        pytest.param("render-r2-import-script.py", [get_results_file_path()]),
+        pytest.param("render-x64dbg-database.py", [get_results_file_path()]),
+    ],
+)
+def test_scripts(script, args):
+    script_path = get_script_path(script)
+    p = run_program(script_path, args)
+    assert p.returncode == 0