reven2.preview.taint.TaintState

class documentation

class TaintState(object):

View In Hierarchy

A taint state lists all data that is currently tainted at a given reven2.trace.Context.

A taint state is composed of:

Warnings

This object is not meant to be constructed directly. It is created by TaintStateView

Examples

>>> states = taint.states()
>>> for state in states.all():
...     # state is an instance of TaintState
...     print(state)
Taint state at Context before #10
Tainted registers:
rax : [tag0,]
Tainted memories:
[phy:0x46b5ff0; 8] : [tag0,]
[phy:0x1bdb4040; 1] : [tag1,]

Taint state at Context before #11 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : [tag0,] [phy:0x1bdb4040; 1] : [tag1,]

Method __init__ Undocumented
Method __repr__ Undocumented
Method __str__ Undocumented
Method add Add some tainted data to this taint state.
Method format_as_html This method gets an html formatting string representation for this class instance.
Method is_tainted Returns the intersection of this state with the requested data if it is tainted with some markers.
Method remove Remove some tainted data from this taint state.
Method tainted_memories Iterates over each TaintedMemories in this state and yields a pair of TaintedMemories and MarkerIterator
Method tainted_registers Iterates over each TaintedRegisterSlice in this state and yields a pair of TaintedRegisterSlice and MarkerIterator
Property context Property: the context associated to the state
Property empty No summary
Method _add_one Undocumented
Method _disjoint_tainted_data Undocumented
Method _is_tainted_one Undocumented
Method _marker_handle Undocumented
Method _one_tainted_data_to_interval Undocumented
Method _remove_one Undocumented
Method _repr_html_ Undocumented
Method _tainted_data_str Undocumented
Method _tainted_data_to_interval Undocumented
Instance Variable __physical_memory_map Undocumented
Instance Variable __register_slice_map Undocumented
Instance Variable _context Undocumented
Instance Variable _taint_data Undocumented
Instance Variable _taint_state Undocumented
Instance Variable _trace Undocumented
Property _physical_memory_map Undocumented
Property _register_slice_map Undocumented
def __init__(self, trace, taint_data, taint_state):

Undocumented

Parameters
traceUndocumented
taint_data:_TaintDataUndocumented
taint_stateUndocumented
def __repr__(self):

Undocumented

def __str__(self):

Undocumented

def add(self, data, marker=None):

Add some tainted data to this taint state.

Warning

Adding data to a taint state does not modify the state of the currently running taint. For the changes to take effect, restart a taint from this taint state using Tainter.taint_from_state.

Information

Parameters
data:_Union[TaintedData, _Iterable[TaintedData]]The data to add to this state. Can be an individual piece of data or an iterable of data.
marker:_Optional[Marker]The marker to add to the passed data. If None, defaults to "Tag0".
def format_as_html(self):

This method gets an html formatting string representation for this class instance.

Information

Returns
String
def is_tainted(self, data, marker=None):

Returns the intersection of this state with the requested data if it is tainted with some markers.

Examples

Checking if all of a register is tainted.

>>> state.is_tainted(reven2.arch.x64.rax).full
False

Checking if some of a register is tainted.

>>> not state.is_tainted(reven2.arch.x64.rax).empty
True

Checking if all the requested data is tainted.

>>> state.is_tainted((reven2.arch.x64.rax, reven2.arch.x64.rbx)).full
False

Checking if some of the requested data is tainted.

>>> not state.is_tainted((reven2.arch.x64.rax, reven2.arch.x64.rbx)).empty
True

Overloads

def is_tainted( self, data: _Union[TaintedMemories, _Iterable[TaintedMemories]], marker: _Optional[Marker] = None ) -> _StateIntersection[_MemoryRange]

def is_tainted( self, data: _Union[_address.AddressType, _Iterable[_address.AddressType]], marker: _Optional[Marker] = None ) -> _StateIntersection[_MemoryRange[_address.AddressType]]

def is_tainted( self, data: _Union[_MemoryRange[_address.AddressType], _Iterable[_MemoryRange[_address.AddressType]]], marker: _Optional[Marker] = None, ) -> _StateIntersection[_MemoryRange[_address.AddressType]]

def is_tainted( self, data: _Union[TaintedRegisterData, _Iterable[TaintedRegisterData]], marker: _Optional[Marker] = None ) -> _StateIntersection[_RegisterSlice]

def is_tainted( self, data: _Union[TaintedData, _Iterable[TaintedData]], marker: _Optional[Marker] = None ) -> _StateIntersection[_Union[_MemoryRange, _RegisterSlice]]

Information

Parameters
data:_Union[TaintedData, _Iterable[TaintedData]]the data whose "taintedness" we want to check. Can be a single TaintedData or an Iterable or these.
marker:_Optional[Marker]the marker with which the data should be tainted. If None, considers the data tainted if it has any marker.
Returns
_StateIntersection[_Union[_MemoryRange, _RegisterSlice]]Undocumented
def remove(self, data, marker=None):

Remove some tainted data from this taint state.

Warning

Removing data from a taint state does not modify the state of the currently running taint. For the changes to take effect, restart a taint from this taint state using Tainter.taint_from_state.

Overloads

def remove( self, data: _Union[TaintedMemories, _Iterable[TaintedMemories]], marker: _Optional[Marker] = None ) -> _StateIntersection[_MemoryRange]

def remove( self, data: _Union[_address.AddressType, _Iterable[_address.AddressType]], marker: _Optional[Marker] = None ) -> _StateIntersection[_MemoryRange[_address.AddressType]]

def remove( self, data: _Union[_MemoryRange[_address.AddressType], _Iterable[_MemoryRange[_address.AddressType]]], marker: _Optional[Marker] = None, ) -> _StateIntersection[_MemoryRange[_address.AddressType]]

def remove( self, data: _Union[TaintedRegisterData, _Iterable[TaintedRegisterData]], marker: _Optional[Marker] = None ) -> _StateIntersection[_RegisterSlice]

def remove( self, data: _Union[TaintedData, _Iterable[TaintedData]], marker: _Optional[Marker] = None ) -> _StateIntersection[_Union[_MemoryRange, _RegisterSlice]]

Information

Parameters
data:_Union[TaintedData, _Iterable[TaintedData]]The data to remove from this state. Can be an individual piece of data or an iterable of data.
marker:_Optional[Marker]The marker to remove from the passed data. If None, remove the data regardless of its tag.
Returns
_StateIntersection[_Union[_MemoryRange, _RegisterSlice]]Undocumented
def tainted_memories(self):

Iterates over each TaintedMemories in this state and yields a pair of TaintedMemories and MarkerIterator

Examples

>>> states = taint.states()
>>> for state in states.all():
...     # state is an instance of TaintState
...     for mem, markers in state.tainted_memories():
...         print(mem)
...         for handle, name in markers:
...             print(name)
[phy:0x46b5ff0; 8]
tag0
[phy:0x1bdb4040; 1]
tag1
[phy:0x46b5ff0; 8]
tag0
[phy:0x1bdb4040; 1]
tag1

Information

Returns
_Iterator[_Tuple[TaintedMemories, MarkerIterator]]A generator of (TaintedMemories, MarkerIterator).
def tainted_registers(self):

Iterates over each TaintedRegisterSlice in this state and yields a pair of TaintedRegisterSlice and MarkerIterator

Examples

>>> states = taint.states()
>>> for state in states.all():
...     # state is an instance of TaintState
...     for reg, markers in state.tainted_registers():
...         print(reg)
...         for handle, name in markers:
...             print(name)
rax
tag0
rax
tag0

Information

Returns
_Iterator[_Tuple[TaintedRegisterSlice, MarkerIterator]]A generator of (TaintedRegisterSlice, MarkerIterator).
@property
context: _Context =

Property: the context associated to the state

Examples

>>> states = taint.states()
>>> for state in states.all():
...     # state is an instance of TaintState
...     print(state.context)
Context before #10
Context before #11

Information

Returns
A reven2.trace.Context.
@property
empty: bool =
Returns
`True` if the state doesn't contain tainted data.
def _add_one(self, data, marker):

Undocumented

Parameters
data:_Union[_MemoryRange, _RegisterSlice]Undocumented
marker:MarkerHandleUndocumented
def _disjoint_tainted_data(self, data):

Undocumented

Parameters
data:_Union[TaintedData, _Iterable[TaintedData]]Undocumented
Returns
_Iterator[_Union[_MemoryRange, _RegisterSlice]]Undocumented
def _is_tainted_one(self, data, marker):

Undocumented

Parameters
data:_Union[_MemoryRange[_address.AddressType], _RegisterSlice]Undocumented
marker:_Optional[MarkerHandle]Undocumented
Returns
_Iterator[_Union[_MemoryRange[_address.AddressType], _RegisterSlice]]Undocumented
def _marker_handle(self, marker):

Undocumented

Parameters
marker:_Optional[Marker]Undocumented
Returns
_Optional[MarkerHandle]Undocumented
def _one_tainted_data_to_interval(self, data):

Undocumented

Parameters
data:TaintedDataUndocumented
Returns
_Union[_MemoryRange, _RegisterSlice]Undocumented
def _remove_one(self, data, marker):

Undocumented

Parameters
data:_Union[_MemoryRange[_address.AddressType], _RegisterSlice]Undocumented
marker:_Optional[MarkerHandle]Undocumented
Returns
_Iterator[_Union[_MemoryRange[_address.AddressType], _RegisterSlice]]Undocumented
def _repr_html_(self):

Undocumented

def _tainted_data_str(self):

Undocumented

Returns
strUndocumented
def _tainted_data_to_interval(self, data):

Undocumented

Parameters
data:_Union[TaintedData, _Iterable[TaintedData]]Undocumented
Returns
_Iterator[_Union[_MemoryRange, _RegisterSlice]]Undocumented
__physical_memory_map: _Optional[_MemoryRangeMap[_address.PhysicalAddress, _Set[MarkerHandle]]] =

Undocumented

__register_slice_map: _Optional[_RegisterSliceMap[_Set[MarkerHandle]]] =

Undocumented

_context =

Undocumented

_taint_data =

Undocumented

_taint_state =

Undocumented

_trace =

Undocumented

@property
_physical_memory_map: _MemoryRangeMap[_address.PhysicalAddress, _Set[MarkerHandle]] =

Undocumented

@property
_register_slice_map: _RegisterSliceMap[_Set[MarkerHandle]] =

Undocumented