Add extra functions to check in fpva plugin

tylergu · tylergu · commit cccf5b31ac22 · 2021-06-30T09:43:21.000-05:00
diff --git a/user_agent/fpva/fpva.C b/user_agent/fpva/fpva.C
@@ -15,6 +15,8 @@ Fpva::Fpva() {
   // Each checker is called for each point
   checkers_.push_back(new ForkChecker(mgr_));
   checkers_.push_back(new IpcChecker(mgr_));
+  checkers_.push_back(new FileChecker(mgr_));
+  checkers_.push_back(new PrivilegeChecker(mgr_));
 }
 
 Fpva::~Fpva() {
diff --git a/user_agent/fpva/fpva_checker.C b/user_agent/fpva/fpva_checker.C
@@ -126,7 +126,7 @@ bool ForkChecker::PreCheck(sp::SpPoint* pt, sp::SpFunction* callee) {
 bool ForkChecker::PostCheck(sp::PointCallHandle* pHandle) {
   sp::SpFunction* callee = pHandle->GetCallee();
   if (callee->name().compare("fork") == 0) {
-    pid_t ret = (pid_t) pHandle->GetReturnValue();
+    pid_t ret = (pid_t)pHandle->GetReturnValue();
     if (ret == 0) {
       mgr_->NewDoc();
     } else {
@@ -144,4 +144,53 @@ bool ForkChecker::PostCheck(sp::PointCallHandle* pHandle) {
   return true;
 }
 
-}  // namespace mist
+bool FileChecker::PreCheck(sp::SpPoint* pt, sp::SpFunction* callee) {
+  if (callee->name() == "open" || callee->name() == "fopen") {
+    sp::ArgumentHandle h;
+    char** fname = (char**)PopArgument(pt, &h, sizeof(void*));
+    CallTrace newTrace;
+    newTrace.functionName = callee->name();
+    newTrace.timeStamp = std::to_string(FpvaUtils::GetUsec());
+    newTrace.parameters.insert(
+        std::pair<std::string, std::string>("file", std::string(*fname)));
+    mgr_->AddTrace(&newTrace);
+    return true;
+  } else if (callee->name() == "chmod") {
+    sp::ArgumentHandle h;
+    char** fname = (char**)PopArgument(pt, &h, sizeof(void*));
+    mode_t* mode = (mode_t*)PopArgument(pt, &h, sizeof(mode_t));
+    CallTrace newTrace;
+    newTrace.functionName = callee->name();
+    newTrace.timeStamp = std::to_string(FpvaUtils::GetUsec());
+    newTrace.parameters.insert(
+        std::pair<std::string, std::string>("file", std::string(*fname)));
+    newTrace.parameters.insert(
+        std::pair<std::string, std::string>("mode", std::to_string(*mode)));
+    mgr_->AddTrace(&newTrace);
+    return true;
+  }
+  return false;
+}
+
+bool FileChecker::PostCheck(sp::PointCallHandle*) { return true; }
+
+bool PrivilegeChecker::PreCheck(sp::SpPoint* pt, sp::SpFunction* callee) {
+  if (callee->name() == "seteuid" || callee->name() == "setuid") {
+    sp::ArgumentHandle h;
+    uid_t* uid = (uid_t*)PopArgument(pt, &h, sizeof(uid_t));
+    CallTrace newTrace;
+    newTrace.functionName = callee->name();
+    newTrace.timeStamp = std::to_string(FpvaUtils::GetUsec());
+    newTrace.parameters.insert(std::pair<std::string, std::string>(
+        "name", FpvaUtils::GetUserName(*uid)));
+    newTrace.parameters.insert(
+        std::pair<std::string, std::string>("uid", std::to_string(*uid)));
+    mgr_->AddTrace(&newTrace);
+    return true;
+  }
+  return false;
+}
+
+bool PrivilegeChecker::PostCheck(sp::PointCallHandle*) { return true; }
+
+}  // namespace fpva
diff --git a/user_agent/fpva/fpva_checker.h b/user_agent/fpva/fpva_checker.h
@@ -38,7 +38,7 @@ class FpvaChecker {
 class ProcInitChecker : public OneTimeChecker {
  public:
   using OneTimeChecker::OneTimeChecker;
-  virtual bool Run();
+  bool Run();
   ~ProcInitChecker() {}
 };
 
@@ -47,8 +47,8 @@ class IpcChecker : public FpvaChecker {
  public:
   using FpvaChecker::FpvaChecker;
   virtual ~IpcChecker() {}
-  virtual bool PreCheck(sp::SpPoint* pt, sp::SpFunction* callee);
-  virtual bool PostCheck(sp::PointCallHandle* pHandle);
+  bool PreCheck(sp::SpPoint* pt, sp::SpFunction* callee);
+  bool PostCheck(sp::PointCallHandle* pHandle);
 
  protected:
   string port;
@@ -57,8 +57,22 @@ class IpcChecker : public FpvaChecker {
 class ForkChecker : public FpvaChecker {
  public:
   using FpvaChecker::FpvaChecker;
-  virtual bool PreCheck(sp::SpPoint* pt, sp::SpFunction* callee);
-  virtual bool PostCheck(sp::PointCallHandle* pHandle);
+  bool PreCheck(sp::SpPoint* pt, sp::SpFunction* callee);
+  bool PostCheck(sp::PointCallHandle* pHandle);
+};
+
+class FileChecker : public FpvaChecker {
+ public:
+  using FpvaChecker::FpvaChecker;
+  bool PreCheck(sp::SpPoint* pt, sp::SpFunction* callee);
+  bool PostCheck(sp::PointCallHandle* pHandle);
+};
+
+class PrivilegeChecker : public FpvaChecker {
+ public:
+  using FpvaChecker::FpvaChecker;
+  bool PreCheck(sp::SpPoint* pt, sp::SpFunction* callee);
+  bool PostCheck(sp::PointCallHandle* pHandle);
 };
 
 }  // namespace fpva

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,8 @@ Fpva::Fpva() {`
`15`	`15`	`// Each checker is called for each point`
`16`	`16`	`checkers_.push_back(new ForkChecker(mgr_));`
`17`	`17`	`checkers_.push_back(new IpcChecker(mgr_));`
	`18`	`+ checkers_.push_back(new FileChecker(mgr_));`
	`19`	`+ checkers_.push_back(new PrivilegeChecker(mgr_));`
`18`	`20`	`}`
`19`	`21`
`20`	`22`	`Fpva::~Fpva() {`