Skip to content

Trim Elf model interface, add tests#71

Merged
EdwardLarson merged 7 commits into
redballoonsecurity:masterfrom
whyitfor:maintenance/elf
Oct 28, 2022
Merged

Trim Elf model interface, add tests#71
EdwardLarson merged 7 commits into
redballoonsecurity:masterfrom
whyitfor:maintenance/elf

Conversation

@whyitfor
Copy link
Copy Markdown
Contributor

@whyitfor whyitfor commented Oct 11, 2022
edited
Loading

Please describe the changes in your request.
This PR refactors OFRAK's elf resource views and components, removing unnecessary methods and classes and adding function test coverage for the OFRAK Elf API.

Relevant changes:

  • Fix a type in MemoryPermissions enum such that executable is 1 and read is 4.
  • Refactor Elf Resource views:
    • Remove unneeded get_parent, get_elf methods in Elf resource views.
    • Delete ElfProgramHeaderPermission, replacing its usage with MemoryPermissions.
    • Simplify ElfProgramHeader interface to only include one method, get_memory_permissions.
    • Remove unneeded methods of UnanalyzedElfSegment.
    • Remove unused methods on Elf: get_sections_after_index, get_sections_before_index, get_section_header_by_name, get_string_section_header

This PR also deletes three analyzers: ElfSegmentStructureIndexAnalyzer, ElfSectionStructureIndexAnalyzer, and ElfSymbolStructureIndexAnalyzer. This was done for several reasons:

  • They do not appear to be necessary for current Elf capabilities
  • As implemented, they contain bugs:
    • ElfSegmentStructureIndexAnalyzer does not actually handle ElfSegment correctly
    • ElfSectionStructureIndexAnalyzer fails when run on an ElfSection with no data

These analyzers can be revisited when OFRAK users have use cases that require these indexes to be
updated.

Future Improvements
#87 was discovered when writing this PR.
Also, see #71 (review) for ideas for further improving OFRAK Elf APIs.

Anyone you think should look at this, specifically?
@andresito00, @EdwardLarson

@whyitfor
Copy link
Copy Markdown
Contributor Author

whyitfor commented Oct 11, 2022

@andresito00, @EdwardLarson, can you review this Draft MR.

Especially review:

  • the methods that I propose to delete. It seems that we don't need them; if they become necessary we can always update the model's API
  • the methods tagged with #TODO. These methods need tests written for them. If any of these should be deleted, please chime in.

Once we agree on path forward, I will add tests.

EdwardLarson
EdwardLarson reviewed Oct 17, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@EdwardLarson EdwardLarson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly lgtm. A general comment on the current ELF implementation is that a lot of the fields of these dataclasses are pointlessly saving the raw unpacked integers when practically all users want the enums they map to. We could get rid of a lot of the get_(field) methods by just unpacking the binary into the desirable types in the first place.

But in the interest of time, I imagine that is out of scope.

Comment thread ofrak_core/ofrak/core/elf/model.py Outdated
Comment thread ofrak_core/ofrak/core/elf/model.py Outdated
@whyitfor whyitfor force-pushed the maintenance/elf branch 2 times, most recently from 66fd95b to c01f0c6 Compare October 21, 2022 21:21
@whyitfor
WIP Commit.
ed2b51c 
This commit removes Elf model methods with no usage or tests that seem to be unneeded.
It also adds tests for untested Elf methods.
@whyitfor whyitfor mentioned this pull request Oct 28, 2022
Open
@whyitfor
Several updates:
0c8742b 
- Update OFRAK Tutorials to use MemoryPermissions.
- Bump ofrak function coverage enforcement to 90%.
- Add docstrings to new tests for clarity
@whyitfor
Copy link
Copy Markdown
Contributor Author

whyitfor commented Oct 28, 2022

@EdwardLarson I think this is ready for review. I've updated the PR description with more details.

@EdwardLarson EdwardLarson merged commit f35b914 into redballoonsecurity:master Oct 28, 2022
@whyitfor whyitfor deleted the maintenance/elf branch October 29, 2022 00:18
EdwardLarson pushed a commit to EdwardLarson/ofrak that referenced this pull request Aug 8, 2023
@dannyp303
Merge pull request redballoonsecurity#71 from EdwardLarson/feature/pr…
f5ab597 
…oject-tests

remove empty test, use HTTPS instead of git URLs, fix project id to s…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@EdwardLarson EdwardLarson EdwardLarson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@whyitfor @EdwardLarson