1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/toolkit/crashreporter/google-breakpad/src/processor/exploitability_unittest.cc Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,255 @@
1.4 +// All rights reserved.
1.5 +//
1.6 +// Redistribution and use in source and binary forms, with or without
1.7 +// modification, are permitted provided that the following conditions are
1.8 +// met:
1.9 +//
1.10 +// * Redistributions of source code must retain the above copyright
1.11 +// notice, this list of conditions and the following disclaimer.
1.12 +// * Redistributions in binary form must reproduce the above
1.13 +// copyright notice, this list of conditions and the following disclaimer
1.14 +// in the documentation and/or other materials provided with the
1.15 +// distribution.
1.16 +// * Neither the name of Google Inc. nor the names of its
1.17 +// contributors may be used to endorse or promote products derived from
1.18 +// this software without specific prior written permission.
1.19 +//
1.20 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.21 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.22 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1.23 +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1.24 +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.25 +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.26 +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1.27 +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.28 +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.29 +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1.30 +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE//
1.31 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.32 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.33 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1.34 +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1.35 +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.36 +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.37 +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1.38 +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.39 +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.40 +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1.41 +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.42 +
1.43 +#include <stdlib.h>
1.44 +#include <unistd.h>
1.45 +
1.46 +#include <string>
1.47 +
1.48 +#include "breakpad_googletest_includes.h"
1.49 +#include "common/using_std_string.h"
1.50 +#include "google_breakpad/processor/basic_source_line_resolver.h"
1.51 +#include "google_breakpad/processor/call_stack.h"
1.52 +#include "google_breakpad/processor/code_module.h"
1.53 +#include "google_breakpad/processor/code_modules.h"
1.54 +#include "google_breakpad/processor/minidump.h"
1.55 +#include "google_breakpad/processor/minidump_processor.h"
1.56 +#include "google_breakpad/processor/process_state.h"
1.57 +#include "google_breakpad/processor/stack_frame.h"
1.58 +#include "google_breakpad/processor/symbol_supplier.h"
1.59 +
1.60 +namespace google_breakpad {
1.61 +class MockMinidump : public Minidump {
1.62 + public:
1.63 + MockMinidump() : Minidump("") {
1.64 + }
1.65 +
1.66 + MOCK_METHOD0(Read, bool());
1.67 + MOCK_CONST_METHOD0(path, string());
1.68 + MOCK_CONST_METHOD0(header, const MDRawHeader*());
1.69 + MOCK_METHOD0(GetThreadList, MinidumpThreadList*());
1.70 +};
1.71 +}
1.72 +
1.73 +namespace {
1.74 +
1.75 +using google_breakpad::BasicSourceLineResolver;
1.76 +using google_breakpad::CallStack;
1.77 +using google_breakpad::CodeModule;
1.78 +using google_breakpad::MinidumpProcessor;
1.79 +using google_breakpad::MinidumpThreadList;
1.80 +using google_breakpad::MinidumpThread;
1.81 +using google_breakpad::MockMinidump;
1.82 +using google_breakpad::ProcessState;
1.83 +using google_breakpad::SymbolSupplier;
1.84 +using google_breakpad::SystemInfo;
1.85 +
1.86 +class TestSymbolSupplier : public SymbolSupplier {
1.87 + public:
1.88 + TestSymbolSupplier() : interrupt_(false) {}
1.89 +
1.90 + virtual SymbolResult GetSymbolFile(const CodeModule *module,
1.91 + const SystemInfo *system_info,
1.92 + string *symbol_file);
1.93 +
1.94 + virtual SymbolResult GetSymbolFile(const CodeModule *module,
1.95 + const SystemInfo *system_info,
1.96 + string *symbol_file,
1.97 + string *symbol_data);
1.98 +
1.99 + virtual SymbolResult GetCStringSymbolData(const CodeModule *module,
1.100 + const SystemInfo *system_info,
1.101 + string *symbol_file,
1.102 + char **symbol_data);
1.103 +
1.104 + virtual void FreeSymbolData(const CodeModule *module) { }
1.105 + // When set to true, causes the SymbolSupplier to return INTERRUPT
1.106 + void set_interrupt(bool interrupt) { interrupt_ = interrupt; }
1.107 +
1.108 + private:
1.109 + bool interrupt_;
1.110 +};
1.111 +
1.112 +SymbolSupplier::SymbolResult TestSymbolSupplier::GetSymbolFile(
1.113 + const CodeModule *module,
1.114 + const SystemInfo *system_info,
1.115 + string *symbol_file) {
1.116 +
1.117 + if (interrupt_) {
1.118 + return INTERRUPT;
1.119 + }
1.120 +
1.121 + return NOT_FOUND;
1.122 +}
1.123 +
1.124 +SymbolSupplier::SymbolResult TestSymbolSupplier::GetCStringSymbolData(
1.125 + const CodeModule *module,
1.126 + const SystemInfo *system_info,
1.127 + string *symbol_file,
1.128 + char **symbol_data) {
1.129 + return GetSymbolFile(module, system_info, symbol_file);
1.130 +}
1.131 +
1.132 +SymbolSupplier::SymbolResult TestSymbolSupplier::GetSymbolFile(
1.133 + const CodeModule *module,
1.134 + const SystemInfo *system_info,
1.135 + string *symbol_file,
1.136 + string *symbol_data) {
1.137 + return GetSymbolFile(module, system_info, symbol_file);
1.138 +}
1.139 +
1.140 +TEST(ExploitabilityTest, TestWindowsEngine) {
1.141 + TestSymbolSupplier supplier;
1.142 + BasicSourceLineResolver resolver;
1.143 + MinidumpProcessor processor(&supplier, &resolver, true);
1.144 + ProcessState state;
1.145 +
1.146 + string minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.147 + "/src/processor/testdata/ascii_read_av.dmp";
1.148 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.149 + google_breakpad::PROCESS_OK);
1.150 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.151 + state.exploitability());
1.152 +
1.153 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.154 + "/src/processor/testdata/ascii_read_av_block_write.dmp";
1.155 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.156 + google_breakpad::PROCESS_OK);
1.157 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.158 + state.exploitability());
1.159 +
1.160 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.161 + "/src/processor/testdata/ascii_read_av_clobber_write.dmp";
1.162 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.163 + google_breakpad::PROCESS_OK);
1.164 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.165 + state.exploitability());
1.166 +
1.167 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.168 + "/src/processor/testdata/ascii_read_av_conditional.dmp";
1.169 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.170 + google_breakpad::PROCESS_OK);
1.171 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.172 + state.exploitability());
1.173 +
1.174 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.175 + "/src/processor/testdata/ascii_read_av_then_jmp.dmp";
1.176 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.177 + google_breakpad::PROCESS_OK);
1.178 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.179 + state.exploitability());
1.180 +
1.181 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.182 + "/src/processor/testdata/ascii_read_av_xchg_write.dmp";
1.183 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.184 + google_breakpad::PROCESS_OK);
1.185 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.186 + state.exploitability());
1.187 +
1.188 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.189 + "/src/processor/testdata/ascii_write_av.dmp";
1.190 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.191 + google_breakpad::PROCESS_OK);
1.192 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.193 + state.exploitability());
1.194 +
1.195 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.196 + "/src/processor/testdata/ascii_write_av_arg_to_call.dmp";
1.197 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.198 + google_breakpad::PROCESS_OK);
1.199 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.200 + state.exploitability());
1.201 +
1.202 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.203 + "/src/processor/testdata/null_read_av.dmp";
1.204 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.205 + google_breakpad::PROCESS_OK);
1.206 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
1.207 + state.exploitability());
1.208 +
1.209 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.210 + "/src/processor/testdata/null_write_av.dmp";
1.211 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.212 + google_breakpad::PROCESS_OK);
1.213 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
1.214 + state.exploitability());
1.215 +
1.216 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.217 + "/src/processor/testdata/stack_exhaustion.dmp";
1.218 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.219 + google_breakpad::PROCESS_OK);
1.220 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
1.221 + state.exploitability());
1.222 +
1.223 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.224 + "/src/processor/testdata/exec_av_on_stack.dmp";
1.225 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.226 + google_breakpad::PROCESS_OK);
1.227 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
1.228 + state.exploitability());
1.229 +
1.230 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.231 + "/src/processor/testdata/write_av_non_null.dmp";
1.232 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.233 + google_breakpad::PROCESS_OK);
1.234 + ASSERT_EQ(google_breakpad::EXPLOITABLITY_MEDIUM,
1.235 + state.exploitability());
1.236 +
1.237 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.238 + "/src/processor/testdata/read_av_non_null.dmp";
1.239 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.240 + google_breakpad::PROCESS_OK);
1.241 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
1.242 + state.exploitability());
1.243 +
1.244 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.245 + "/src/processor/testdata/read_av_clobber_write.dmp";
1.246 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.247 + google_breakpad::PROCESS_OK);
1.248 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
1.249 + state.exploitability());
1.250 +
1.251 + minidump_file = string(getenv("srcdir") ? getenv("srcdir") : ".") +
1.252 + "/src/processor/testdata/read_av_conditional.dmp";
1.253 + ASSERT_EQ(processor.Process(minidump_file, &state),
1.254 + google_breakpad::PROCESS_OK);
1.255 + ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
1.256 + state.exploitability());
1.257 +}
1.258 +}
