How to use the claripy.And function in claripy
To help you get started, we’ve selected a few claripy examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
angr / angr / angr / procedures / stubs / format_parser.py View on Github 
if simfd is not None and isinstance(simfd.read_storage, SimPackets):
argnum = startpos
for component in self.components:
if type(component) is bytes:
sdata, _ = simfd.read_data(len(component), short_reads=False)
self.state.solver.add(sdata == component)
elif isinstance(component, claripy.Bits):
sdata, _ = simfd.read_data(len(component) // 8, short_reads=False)
self.state.solver.add(sdata == component)
elif component.spec_type == b's':
if component.length_spec is None:
sdata, slen = simfd.read_data(self.state.libc.buf_symbolic_bytes)
else:
sdata, slen = simfd.read_data(component.length_spec)
for byte in sdata.chop(8):
self.state.solver.add(claripy.And(*[byte != char for char in self.SCANF_DELIMITERS]))
self.state.memory.store(args(argnum), sdata, size=slen)
self.state.memory.store(args(argnum) + slen, claripy.BVV(0, 8))
argnum += 1
elif component.spec_type == b'c':
sdata, _ = simfd.read_data(1, short_reads=False)
self.state.memory.store(args(argnum), sdata)
argnum += 1
else:
bits = component.size * 8
if component.spec_type == b'x':
base = 16
elif component.spec_type == b'o':
base = 8
else:
base = 10ranges = [['A', 'Z'], ['a', 'z']]
elif values == 'zero-bytes':
ranges = [['\0', '\0']]
elif values == 'ascii':
ranges = [['\0', '\x7f']]
elif values == 'any':
return state
else:
logger.error('Invalid input constraint')
sys.exit(-1)
constraints = claripy.And()
for c in stdin:
constraint = claripy.And()
for r in ranges:
constraint = claripy.And(c >= r[0], c <= r[1], constraint)
constraints = claripy.And(constraint, constraints)
if state.solver.satisfiable(extra_constraints=[constraints]):
state.add_constraints(constraints)
return state
else:
return Noneelif values == 'ascii':
ranges = [['\0', '\x7f']]
elif values == 'any':
return state
else:
logger.error('Invalid input constraint')
sys.exit(-1)
stdin = state.posix.get_fd(fd).all_bytes().chop(8)
constraints = claripy.And()
for c in stdin:
constraint = claripy.And()
for r in ranges:
constraint = claripy.And(c >= r[0], c <= r[1], constraint)
constraints = claripy.And(constraint, constraints)
if state.solver.satisfiable(extra_constraints=[constraints]):
state.add_constraints(constraints)
return state
else:
return Nonedef run(self, _, length): # pylint: disable=W0221
bvs = claripy.BVS("Random.nextInt", 32)
cs = claripy.And(claripy.SGE(bvs, 0), claripy.SLE(bvs, length))
self.state.add_constraints(cs)
return bvsdef compare_states(self, sl, sr):
"""
Compares two states for similarity.
"""
joint_solver = claripy.Solver()
# make sure the canonicalized constraints are the same
n_map, n_counter, n_canon_constraint = claripy.And(*sr.solver.constraints).canonicalize() #pylint:disable=no-member
u_map, u_counter, u_canon_constraint = claripy.And(*sl.solver.constraints).canonicalize() #pylint:disable=no-member
n_canoner_constraint = sr.solver.simplify(n_canon_constraint)
u_canoner_constraint = sl.solver.simplify(u_canon_constraint)
joint_solver.add((n_canoner_constraint, u_canoner_constraint))
if n_canoner_constraint is not u_canoner_constraint:
self._report_incongruency("Different constraints!")
return False
# get the differences in registers and memory
mem_diff = sr.memory.changed_bytes(sl.memory)
reg_diff = sr.registers.changed_bytes(sl.registers)
# this is only for unicorn
if "UNICORN" in sl.options or "UNICORN" in sr.options:
if sl.arch.name == "X86":
reg_diff -= set(range(40, 52)) #ignore cc psuedoregisters
reg_diff -= set(range(320, 324)) #some other VEX weirdnessdef check_write(state):
# If we found an arb_write we're done
if state.heaphopper.vuln_type.startswith('arbitrary_write'):
return
# Check if we have an arbitrary_write
addr = state.inspect.mem_write_address
val = state.inspect.mem_write_expr
#logger.debug('check_write: addr: %s' % addr)
#logger.debug('check_write: val: %s' % val)
constr = claripy.And(addr >= state.heaphopper.wtarget[0],
addr < state.heaphopper.wtarget[0] + state.heaphopper.wtarget[1])
if state.solver.satisfiable(extra_constraints=[constr]):
#logger.debug('check_write: Found arbitrary write')
state.add_constraints(constr)
state.heaphopper.vuln_state = state.copy()
state.heaphopper.arb_write_info = dict(instr=state.addr, addr=addr, val=val)
state.heaphopper.vuln_type = 'arbitrary_write'
state.heaphopper.stack_trace = get_libc_stack_trace(state)predicate_mapping[predicate] = dst
reaching_conditions = { }
# recover the reaching condition for each node
for node in networkx.topological_sort(self._region.graph):
preds = self._region.graph.predecessors(node)
reaching_condition = None
for pred in preds:
edge = (pred, node)
pred_condition = reaching_conditions.get(pred, claripy.true)
edge_condition = edge_conditions.get(edge, claripy.true)
if reaching_condition is None:
reaching_condition = claripy.And(pred_condition, edge_condition)
else:
reaching_condition = claripy.Or(claripy.And(pred_condition, edge_condition), reaching_condition)
if reaching_condition is not None:
reaching_conditions[node] = self._simplify_condition(reaching_condition)
self._reaching_conditions = reaching_conditions
self._predicate_mapping = predicate_mapping
self._edge_conditions = edge_conditionsmax_digit = claripy.BVV(ord("0") + base, 8)
is_digit = claripy.And(char >= min_digit, char <= max_digit)
# return early here so we don't add unnecessary statements
if base <= 10:
return is_digit, char - min_digit
# handle alphabetic chars
max_char_lower = claripy.BVV(ord("a") + base-10 - 1, 8)
max_char_upper = claripy.BVV(ord("A") + base-10 - 1, 8)
min_char_lower = claripy.BVV(ord("a"), 8)
min_char_upper = claripy.BVV(ord("A"), 8)
cases.append((is_digit, char - min_digit))
is_alpha_lower = claripy.And(char >= min_char_lower, char <= max_char_lower)
cases.append((is_alpha_lower, char - min_char_lower + 10))
is_alpha_upper = claripy.And(char >= min_char_upper, char <= max_char_upper)
cases.append((is_alpha_upper, char - min_char_upper + 10))
expression = claripy.Or(is_digit, is_alpha_lower, is_alpha_upper)
# use the last case as the default, the expression will encode whether or not it's satisfiable
result = claripy.ite_cases(cases[:-1], cases[-1][1])
return expression, resultdef SET_ABCD(a, b, c, d, condition=None, condition2=None):
if condition is None:
state.registers.store('eax', a, size=4)
state.registers.store('ebx', b, size=4)
state.registers.store('ecx', c, size=4)
state.registers.store('edx', d, size=4)
elif condition2 is None:
cond = old_eax == condition
state.registers.store('eax', a, size=4, condition=cond)
state.registers.store('ebx', b, size=4, condition=cond)
state.registers.store('ecx', c, size=4, condition=cond)
state.registers.store('edx', d, size=4, condition=cond)
else:
cond = claripy.And(old_eax == condition, old_ecx == condition2)
state.registers.store('eax', a, size=4, condition=cond)
state.registers.store('ebx', b, size=4, condition=cond)
state.registers.store('ecx', c, size=4, condition=cond)
state.registers.store('edx', d, size=4, condition=cond)claripy
An abstraction layer for constraint solvers
