Is there any security concerns todo with debug.setlocal? If so can you please tell me how exactly it works.
Lua threads run on top of a "stack", a list of items that make up most of the memory in the language. Everything, from "global" variables to tables, sits happily on this list.
When you create a local variable and execute your code, the stack would look something like this:
local a = "the letter a"
STACK
+---+----------------+
| 1 | "the letter a" |
+---+----------------+
Now, let's say we are malicious code. We know that the following code is used to run our program:
local isAdministrator = false
local Code = "malicious code here!"
loadstring(Code)()
Well, that means the stack of the loader looks something like this:
+---+-------+
| 1 | false | isAdministrator
+---+-------+----------------+
| 2 | "malicious code here!" | Code
+---+---------------------+--+
| 3 | function loadstring |
+---+---------------------+--+
| 4 | function MaliciousCode |
+---+------------------------+
Now, let's say changing isAdministrator is of some value to us. Let's look at how we would do that.
1 We need to get lua to modify the "stack" above our function. Imagine lua is a tree, like so:
otherScript
+ loader
+ maliciousCode
Each step in this tree has it's own stack, and each variable from the stack above it is "accessible" to the stack below it, thanks to the debug library.
If the "stack" we are currently on is stack #1 (which is always true)
Then the function that called the current function is on stack #2 (which is almost always true)
Now, looking at the stack of the function we want to change, isAdministrator is in slot 1, the first one. So, to change this, we juuuust:
debug.setlocal(2,1,true)
And bam. isAdministrator is now true. We are free to ruin your computer!
Do not fret- there is a way to stop this. It is really easy to take away the debug library:
local func = loadstring("malicious code!")
setfenv(func, {
-- Here we insert what functions our baby function can use. Let's give it the string, table, and math libraries- which are pretty safe
math = math, table = table, string = string,
-- Oh, and let's give it the `os.time` function as well.
os = { time = os.time }
})
func()
Now, func cannot access the debug library, and you are free to use your silly isAdministrator locals in peace.
Related
I am working on implementation of new fiscal device. And it is using OPOS / UPOS library for communication. I am very new to ctypes and have no experience with C at all. However, I have managed to make it work, mostly.
But I am having issues with returning a string from generalist method DirectIO. documentation says: "This command should be used immediately after EndFiscalReceipt() to retrieve unique ID of latest receipt"
" Parameters:
– Data [in]
Ignored.
– Obj [in/out]
Value to be read."
And adds .NET example under it:
int iData = 0;
string strReferenceID = "";
fiscalPrinter.EndFiscalReceipt();
fiscalPrinter.DirectIO(CMD_EKASA_RECEIPT_ID, ref iData, ref strReferenceID);
// strReferenceID will contain latest receipt ID, e.g. "O−7DBCDA8A56EE426DBCDA8A56EE426D1A"
the first parameter (CMD_EKASA_RECEIPT_ID) is the command executed, thats why its not listed above.
However, python is not .NET and I have never been working with .NET.
I have been following instructions in ctypes doku (https://docs.python.org/2.7/library/ctypes.html), defiend this methods arguments and return in init:
self.libc.DirectIO.argtypes = [ctypes.c_int32, ctypes.c_int32, ctypes.c_char_p]
self.libc.DirectIO.restype = ctypes.c_char_p
Than tried different ways to retrieve reply string, but neither of these does work in my case:
s = ""
c_s = ctypes.c_char_p(s)
result = self.send_command(CMD_EKASA_RECEIPT_ID, 0, c_s)
p = ctypes.create_string_buffer(40)
poin = ctypes.pointer(p)
result = self.send_command(CMD_EKASA_RECEIPT_ID, 0, poin)
p = ctypes.create_string_buffer(40)
result = self.send_command(CMD_EKASA_RECEIPT_ID, 0, p)
s = ctypes.create_string_buffer('\000' * 32)
result = self.send_command(CMD_EKASA_RECEIPT_ID, 0, s)
the string object I have created is allways empty, a.k.a. "" after caling the Cmethod, just like I have created it.
However, there is one more thing, that does not make sense to me. My colleague showed me, how you can see method arguments and return in header file. For this one, there is this:
int DirectIO(int iCommand, int* piData, const char* pccString);
Which means, it returns integer? If I am not mistaken.
so, what I am thinking is, that I have to pass to the method some pointer to a string, created in python, and C will change it, into what I should read. Thus, I think my way of thinking about solution is right.
I have also tried this approach, but that does not work for me either How to pass pointer back in ctypes?
and I am starting to feel desperate. Not sure if I understand the problem correctly and looking for a solution is right place.
I have solved my problem. The whole thing was, in allocating of memory. Every example on the net that I have readed did create empty string, like s = "". But, that is not correct!
When allocated empty string "" C library have had no memory where to write result.
this was almost correct approach,
self.libc = ctypes.cdll.LoadLibrary(LIB_PATH)
self.libc.DirectIO.argtypes = [ctypes.c_int32, ctypes.c_int32, ctypes.c_char_p]
result_s = ctypes.c_char_p("")
log.info('S address: %s | S.value: "%s"' % (result_s, result_s.value))
self.libc.DirectIO(CMD_EKASA_RECEIPT_ID, 0, result_s)
log.info('S address: %s | S.value: "%s"' % (result_s, result_s.value))
returns:
S address: c_char_p(140192115373700) | S.value: ""
S address: c_char_p(140192115373700) | S.value: ""
it needed just a small modification:
self.libc = ctypes.cdll.LoadLibrary(LIB_PATH)
self.libc.DirectIO.argtypes = [ctypes.c_int32, ctypes.c_int32, ctypes.c_char_p]
result_s = ctypes.c_char_p(" " * 10)
log.info('S address: %s | S.value: %s' % (result_s, result_s.value))
self.libc.DirectIO(CMD_EKASA_RECEIPT_ID, 0, result_s)
log.info('S address: %s | S.value: %s' % (result_s, result_s.value))
now, printing result_s after calling self.libc.DirectIO does return different string, than it was before call.
S address: c_char_p(140532072777764) | S.value: " "
S address: c_char_p(140532072777764) | S.value: "0-C12A22F5"
There is linux in the tag, but OPOS does not work on linux.
Or are you working in an emulation environment such as Wine?
In any case, if you don't have the right environment, you can get into trouble with a little bit of nothing.
First, work in a Windows 32-bit environment, create something that works there, and then port it to another environment.
Since OPOS uses OLE/COM technology, the first package to use is win32com or comtypes.
UnifiedPOS is a conceptual specification and there are no actual software components.
There are three types of software that actually run: OPOS, JavaPOS, and POS for.NET.
OPOS and POS for.NET only work in a Windows 32-bit environment.
Only JavaPOS can work in a Linux environment, and it is usually only available from Java.
If you want to make something in Python, you need to create a Wrapper (or glue) library that calls Java from Python.
If the C interface UnifiedPOS(OPOS) is running on Linux without using the Windows emulator or the Wrapper for Java, it may be an original library/component created by the printer vendor with reference to UnifiedPOS.
In that case, I think that the detailed specification can only be heard from the vendor who created it.
To explain, DirectIO method and DirectIOEvent are defined as method/event that vendors can freely define and use.
Therefore, only method/event names and parameters are defined in the UnifiedPOS document.
It is necessary to ask the vendor who provides the DirectIO method/DirectIOEvent what function the specific vendor's service object has, and it is up to the vendor to determine what the parameter means is.
The OPOS specification was absorbed by UnifiedPOS from the middle, but until then it existed as a single specification.
The rest of the name is here. MCS: OPOS Releases
This is the root of the return value of the method of your library being integer.
By the way, this is the latest UnifiedPOS specification for now.
Document -- retail/17-07-32 (UnifiedPOS Retail Peripheral Architecture, Version 1.14.1)
This question already has answers here:
Python Mocking a function from an imported module
(3 answers)
Closed 10 months ago.
I got the following function to test:
my_package.db_engine.db_functions.py:
from ..utils import execute_cmd
from my_package.db_engine.db_functions import dbinfo
def dbinfo(db_name):
params = (cmd_cfg.DB, add_pj_suffix(db_name))
cmd = get_db_cmd_string(cmd_cfg.DBINFO, params=params)
cmd_result = execute_cmd(cmd)
result_dict = map_cmd_output_to_dict(cmd_result)
return result_dict
This function takes the name of a database, then builds a command string from it and executes this command as subprocess with the execute_cmd method.
I want to test this function without actually executing the subprocess. I only want to check if the command is built correctly and correctly passed to execute_cmd. Therefore I need to mock the execute_cmd method which is imported from module utils.
My folder structure is the following:
my_project
|_src
| |_my_package
| | |_db_engine
| | | |_db_functions.py
| | | |_ __init__.py
| | |_utils.py
| | |_ __init__.py
| | |_ ....
| |_ __init__.py
|_tests
|_test_db_engine.py
So for my test I tried the following in test_db_engine.py:
import unittest
from mock import patch
from my_pacakge.db_engine.db_functions import dbinfo
def execute_db_info_cmd_mock():
return {
'Last Checkpoint': '1.7',
'Last Checkpoint Date': 'May 20, 2015 10:07:41 AM'
}
class DBEngineTestSuite(unittest.TestCase):
""" Tests für DB Engine"""
#patch('my_package.utils.execute_cmd')
def test_dbinfo(self, test_patch):
test_patch.return_value = execute_db_info_cmd_mock()
db_info = dbinfo('MyDBNameHere')
self.assertEqual(sandbox_info['Last Checkpoint'], '1.7')
The execution of the actual command yields 1.6 for Last Checkpoint. So to verify if the mock return value is used, I set it to 1.7.
But the mock for the function is not used, as the execution of the test case still yields 1.6 because it is executing the actual function that should have been patched with the mock.
Any idea what I got wrong here?
You are patching the wrong location. From the Where to patch section:
patch() works by (temporarily) changing the object that a name points to with another one. There can be many names pointing to any individual object, so for patching to work you must ensure that you patch the name used by the system under test.
The basic principle is that you patch where an object is looked up, which is not necessarily the same place as where it is defined.
Your code-under-test finds execute_cmd as a global in their own module, but you didn't patch that reference:
from ..utils import execute_cmd
The my_package.utils.execute_cmd reference is patched, but that execute_cmd reference in my_package.db_engine.db_functions will still point to the original, unpatched function.
Patch the imported global instead:
#patch('my_package.db_engine.db_functions.execute_cmd')
Now the execute_cmd lookup inside dbinfo will use the patched mock object rather than the original global bound by the from ... import ... statement.
I have written a code for my application.
def "Test for file type #FileFormat"() {
given:
HttpURLConnection connection = getHandlerURL('endpoint')
connection.setDoOutput(true)
connection.setRequestMethod("POST")
connection.setRequestProperty(HttpHeaders.CONTENT_TYPE, "RdfFormat."+RDFFileFormat+".toMIME()")
rdfStatement = ModelFactory.createDefaultModel().read(new ByteArrayInputStream(readRDFfromfile(Filename).bytes), null, "RdfFormat."+RDFFileFormat.toString()).listStatements().nextStatement()
when:
connection.getOutputStream().write(readRDFfromfile(Filename).bytes)
then:
connection.getResponseCode() == HTTP_CREATED
where:
FileFormat | Filename | RDFFileFormat
'N-TRIPLES' | 'n-triples.nt' | "NTRIPLES"
}
When I run my code I am getting error: SampleTest.Test for file type #FileFormat:37 » Riot in last line of Given clause.
The test is passing if I use RdfFormat.NTRIPLES.toString() instead of using the parameter RDFFileFormat passed from Where clause.
Tried assigning def format1 = "RdfFormat."+RDFFileFormat+".toString()" and using format1, but got same error.
Is there any way I can make it work?
I think you probably want:
connection.setRequestProperty(HttpHeaders.CONTENT_TYPE, RdfFormat."$RDFFileFormat".toMIME())
Currently implementing GEB,Spock,Groovy. I come across the scenario like
There is a set of data's in the spock table. I have to pass the modulename as a parameter, Search from the spock table then return two values user id and password. Below code is skeleton code
My question is how to search module name based on parameter?
How to return two data's ?
Class Password_Collection extends Specification {
def "Secure password for search and Data Driven"(String ModuleName) {
expect:
// Search based on modulename in where
// pick the values and return the picked data
where:
Module | User_Name | Pass_word
login_Pass | cqauthor1 | SGVsbG8gV29ybGQ =
AuthorPageTest_Pass | cqauthor2 | DOIaRTd35f3y4De =
PublisherPage_pass | cqaauthor3 | iFK95JKasdfdO5 ==
}
}
If you provide the code it would be great help to learn and imeplement.
You don't need to search the table yourself or pick that data. Spock will do that automatically for you
In the expect: block just write your unit test that uses Module, User_Name and Pass_word. Spock will automatically run the test 3 times (as many as the rows of the table) passing each row in turn to your test.
Remove the argument ModuleName from the test method. It is not needed.
I suggest you read the Spock documentation on Data Driven tests a bit more.
class YourSpec extends Specification {
def "Secure password for search and Data Driven"(Module, User_Name, Pass_Word) {
expect:
classUnderTest.getUserNameForModule(Module) == User_Name
classUnderTest.getPasswordForModule(Module) == Pass_Word
where:
Module | User_Name | Pass_word
login_Pass | cqauthor1 | SGVsbG8gV29ybGQ =
AuthorPageTest_Pass | cqauthor2 | DOIaRTd35f3y4De =
PublisherPage_pass | cqaauthor3 | iFK95JKasdfdO5 ==
}
}
What Spock will do is run your test one time for each row in the data table from the "where" block, passing Module, User_Name, Pass_Word as parameters and assert your expectations in the "expect" block.
Please refer to Spock Data Driven Testing documentation for more details.
I'm rewriting some JUnit test into Spock to take advantage of the data driven test style.
I'm struggling a bit with how to provide the verification with something dynamic.
Here's what I have so far:
def "domestic rules"(from, to, oneWay, check) {
expect:
String mealResponse = getMealResponse(new BookingOptions.BookingOptionsBuilder().setFrom(from).setTo(to).setOneWay(oneWay).build());
check(mealResponse)
where:
from | to | oneWay || check
'MNL' | 'PEK' | true || assertNoMeals()
}
def assertNoMeals = {
assert JsonAssert.with(it)
.assertThat('$.links', hasSize(1))
.assertThat('$.links[0].rel', is("http://localhost:9001/api/docs/rels/ink/meal-allocations"))
.assertThat('$.links[0].uri', startsWith("http://localhost:9001/api/tenants/acme/meals/allocations/"));
}
Unfortunately, I get a NullPointerException at the line with the first row of data.
I guess thats because the closure is being run at that point, rather than just declared.
Is there a way to do this better?
Change
def "domestic rules"(from, to, oneWay, check) {
To
#Unroll
def "domestic rules from #from to #to one way #oneWay"() {
def "domestic rules"() {
when: 'get meals using certain parameters'
String mealResponse = getMealResponse(new BookingOptions.BookingOptionsBuilder().setFrom(from).setTo(to).setOneWay(oneWay).build())
then: 'the json response should contain some contents (improve the message here!)'
JsonAssert.with(mealResponse)
.assertThat('$.links', hasSize(1))
.assertThat('$.links[0].rel', is(somethingToUseInAssertions))
where:
from | to | oneWay || somethingToUseInAssertions
'MNL' | 'PEK' | true || 'just some example'
}
The above should help you get in the right track. Notice that you should have some values only in the examples. If you need some logic in the assertions, use a value which indicates what kind of assertion needs to be made... but it's a very bad idea to use a closure as an example.
If you really want to make your test hard to maintain and go ahead and use closures as "values" in your examples, then do something like this:
def "domestic rules"() {
when:
String mealResponse = getMealResponse(new BookingOptions.BookingOptionsBuilder().setFrom(from).setTo(to).setOneWay(oneWay).build())
then:
check(mealResponse)
where:
from | to | oneWay || check
'MNL' | 'PEK' | true || this.&assertNoMeals
}
boolean assertNoMeals(mealResponse) {
assert JsonAssert.with(mealResponse)
.assertThat('$.links', hasSize(1))
.assertThat('$.links[0].rel', is("http://localhost:9001/api/docs/rels/ink/meal-allocations"))
.assertThat('$.links[0].uri', startsWith("http://localhost:9001/api/tenants/acme/meals/allocations/"))
return true // pass!
}
I advise you to learn both Groovy and Spock before writing something that is more reasonable. It's not hard, but it does take at least a few hours!