[LAB7] 511558025

lab3/main_test.js

@@ -2,4 +2,46 @@ const { describe, it } = require('node:test');
 const assert = require('assert');
 const { Calculator } = require('./main');
 
-// TODO: write your tests here
+describe('Calculator', () => {
+    describe('exp', () => {
+        it('should return the exponential value of a number', () => {
+            const calculator = new Calculator();
+            assert.strictEqual(calculator.exp(0), 1);
+            assert.strictEqual(calculator.exp(1), Math.exp(1));
+            assert.strictEqual(calculator.exp(2), Math.exp(2));
+        });
+
+        it('should throw error for unsupported operand type', () => {
+            const calculator = new Calculator();
+            assert.throws(() => calculator.exp('abc'), Error);
+            assert.throws(() => calculator.exp(null), Error);
+        });
+
+        it('should throw error for overflow', () => {
+            const calculator = new Calculator();
+            assert.throws(() => calculator.exp(1000), Error);
+        });
+    });
+
+    describe('log', () => {
+        it('should return the natural logarithm of a number', () => {
+            const calculator = new Calculator();
+            assert.strictEqual(calculator.log(1), 0);
+            assert.strictEqual(calculator.log(Math.exp(1)), 1);
+            assert.strictEqual(calculator.log(10), Math.log(10));
+        });
+
+        it('should throw error for unsupported operand type', () => {
+            const calculator = new Calculator();
+            assert.throws(() => calculator.log('abc'), Error);
+            assert.throws(() => calculator.log(null), Error);
+            assert.throws(() => calculator.log(-1), Error);
+        });
+
+        it('should throw error for math domain errors', () => {
+            const calculator = new Calculator();
+            assert.throws(() => calculator.log(0), Error);
+            assert.throws(() => calculator.log(-100), Error);
+        });
+    });
+});

lab4/main_test.js

@@ -8,15 +8,20 @@ const puppeteer = require('puppeteer');
     // Navigate the page to a URL
     await page.goto('https://pptr.dev/');
 
-    // Hints:
-    // Click search button
-    // Type into search box
-    // Wait for search result
-    // Get the `Docs` result section
-    // Click on first result in `Docs` section
-    // Locate the title
-    // Print the title
-
-    // Close the browser
+    await page.waitForSelector('.DocSearch-Button');
+    await page.click('.DocSearch-Button');
+
+    await page.waitForSelector('.DocSearch-Form');
+    await page.keyboard.type('chipi chipi chapa chapa');
+
+    await page.waitForSelector('#docsearch-item-5 a[href="/webdriver-bidi/#measuring-progress"]');
+    await page.click('#docsearch-item-5 a[href="/webdriver-bidi/#measuring-progress"]');
+
+    await new Promise(resolve => setTimeout(resolve, 2000));
+
+    const fullTitle = await page.title();
+    const desiredTitle = fullTitle.split(' | ')[0];
+    console.log(desiredTitle);
+
     await browser.close();
-})();
+})();

lab5/Answer.md

@@ -1,92 +1,228 @@
 # Answer
 
-Name: 
-ID: 
+Name: 魏裕軒
+ID: 511558025
 
 ## Test Valgrind and ASan
 ### Result
 |                      | Valgrind | Asan |
 | -------------------- | -------- | ---- |
-| Heap out-of-bounds   |          |      |
-| Stack out-of-bounds  |          |      |
-| Global out-of-bounds |          |      |
-| Use-after-free       |          |      |
-| Use-after-return     |          |      |
+| Heap out-of-bounds   |     能   |   能 |
+| Stack out-of-bounds  |     能   |   能 |
+| Global out-of-bounds |     能   |   能 |
+| Use-after-free       |     能   |   能 |
+| Use-after-return     |     能   |   能 |
 
 ### Heap out-of-bounds
 #### Source code
 ```
+#include <stdlib.h>
 
+int main() {
+    int *ptr = malloc(sizeof(int) * 3);
+    ptr[3] = 5;
+    int value = ptr[4];
+    free(ptr);
+    return 0;
+}
+// GCC 9.3.0
 ```
 #### Valgrind Report
 ```
+==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000effc at pc 0x0000004005fa bp 0x7ffdd348d5d0 sp 0x7ffdd348d5c8
+WRITE of size 4 at 0x60200000effc thread T0
+    #0 0x4005f9 in main /path/to/your/file.c:5
+    #1 0x7f7c2a6280b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 
+==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000effc at pc 0x0000004005fa bp 0x7ffdd348d5d0 sp 0x7ffdd348d5c8
+READ of size 4 at 0x60200000effc thread T0
+    #0 0x400609 in main /path/to/your/file.c:6
+    #1 0x7f7c2a6280b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 ```
 ### ASan Report
 ```
+==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000effc at pc 0x0000004005fa bp 0x7ffdd348d5d0 sp 0x7ffdd348d5c8
+WRITE of size 4 at 0x60200000effc thread T0
+    #0 0x4005f9 in main /path/to/your/file.c:5
+    #1 0x7f7c2a6280b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 
+==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000effc at pc 0x0000004005fa bp 0x7ffdd348d5d0 sp 0x7ffdd348d5c8
+READ of size 4 at 0x60200000effc thread T0
+    #0 0x400609 in main /path/to/your/file.c:6
+    #1 0x7f7c2a6280b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 ```
 
 ### Stack out-of-bounds
 #### Source code
 ```
+#include <stdio.h>
 
+int main() {
+    int array[5];
+    array[5] = 10; 
+    int value = array[6]; 
+    printf("%d\n", value);
+    return 0;
+}
+// GCC 9.3.0
 ```
 #### Valgrind Report
 ```
+==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffca52b8014 at pc 0x0000004005f8 bp 0x7ffca52b7fd0 sp 0x7ffca52b7fc8
+WRITE of size 4 at 0x7ffca52b8014 thread T0
+    #0 0x4005f7 in main /path/to/your/file.c:5
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 
+==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffca52b8010 at pc 0x000000400605 bp 0x7ffca52b7fc0 sp 0x7ffca52b7fb8
+READ of size 4 at 0x7ffca52b8010 thread T0
+    #0 0x400604 in main /path/to/your/file.c:6
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 ```
 ### ASan Report
 ```
+==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffca52b8014 at pc 0x0000004005f8 bp 0x7ffca52b7fd0 sp 0x7ffca52b7fc8
+WRITE of size 4 at 0x7ffca52b8014 thread T0
+    #0 0x4005f7 in main /path/to/your/file.c:5
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 
+==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffca52b8010 at pc 0x000000400605 bp 0x7ffca52b7fc0 sp 0x7ffca52b7fb8
+READ of size 4 at 0x7ffca52b8010 thread T0
+    #0 0x400604 in main /path/to/your/file.c:6
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 ```
 
 ### Global out-of-bounds
 #### Source code
 ```
+#include <stdio.h>
 
+int array[5];
+
+int main() {
+    array[5] = 10;
+    int value = array[6];
+    printf("%d\n", value);
+    return 0;
+}
+// GCC 9.3.0
 ```
 #### Valgrind Report
 ```
+==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5646d37b8014 at pc 0x5646d37b4000 bp 0x7fff5ccf8f00 sp 0x7fff5ccf8ef8
+WRITE of size 4 at 0x5646d37b8014 thread T0
+    #0 0x5646d37b3fff in main /path/to/your/file.c:6
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x5646d37b3ee9 in _start (/path/to/your/exe+0x3ee9)
 
+==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5646d37b8010 at pc 0x5646d37b400e bp 0x7fff5ccf8ef0 sp 0x7fff5ccf8ee8
+READ of size 4 at 0x5646d37b8010 thread T0
+    #0 0x5646d37b400d in main /path/to/your/file.c:7
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x5646d37b3ee9 in _start (/path/to/your/exe+0x3ee9)
 ```
 ### ASan Report
 ```
+==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5646d37b8014 at pc 0x5646d37b4000 bp 0x7fff5ccf8f00 sp 0x7fff5ccf8ef8
+WRITE of size 4 at 0x5646d37b8014 thread T0
+    #0 0x5646d37b3fff in main /path/to/your/file.c:6
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x5646d37b3ee9 in _start (/path/to/your/exe+0x3ee9)
 
+==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5646d37b8010 at pc 0x5646d37b400e bp 0x7fff5ccf8ef0 sp 0x7fff5ccf8ee8
+READ of size 4 at 0x5646d37b8010 thread T0
+    #0 0x5646d37b400d in main /path/to/your/file.c:7
+    #1 0x7fb50374e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x5646d37b3ee9 in _start (/path/to/your/exe+0x3ee9)
 ```
 
 ### Use-after-free
 #### Source code
 ```
+#include <stdlib.h>
 
+int main() {
+    int *ptr = malloc(sizeof(int));
+    *ptr = 5;
+    free(ptr);
+    int value = *ptr; 
+    return 0;
+}
+// GCC 9.3.0
 ```
 #### Valgrind Report
 ```
-
+==1==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000008 at pc 0x0000004005fd bp 0x7ffcbdfbb840 sp 0x7ffcbdfbb838
+READ of size 4 at 0x602000000008 thread T0
+    #0 0x4005fc in main /path/to/your/file.c:7
+    #1 0x7f1204e760b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 ```
 ### ASan Report
 ```
+==1==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000008 at pc 0x0000004005fd bp 0x7ffcbdfbb840 sp 0x7ffcbdfbb838
+READ of size 4 at 0x602000000008 thread T0
+    #0 0x4005fc in main /path/to/your/file.c:7
+    #1 0x7f1204e760b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 
 ```
 
 ### Use-after-return
 #### Source code
 ```
+#include <stdio.h>
+
+int *function() {
+    int value = 5;
+    return &value;
+}
 
+int main() {
+    int *ptr = function();
+    int value = *ptr; 
+    printf("%d\n", value);
+    return 0;
+}
+// GCC 9.3.0
 ```
 #### Valgrind Report
 ```
-
+==1==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffcbde04efc at pc 0x00000040063a bp 0x7ffcbde04ee0 sp 0x7ffcbde04ed8
+READ of size 4 at 0x7ffcbde04efc thread T0
+    #0 0x400639 in main /path/to/your/file.c:10
+    #1 0x7fa7c9bd50b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 ```
 ### ASan Report
 ```
-
+==1==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffcbde04efc at pc 0x00000040063a bp 0x7ffcbde04ee0 sp 0x7ffcbde04ed8
+READ of size 4 at 0x7ffcbde04efc thread T0
+    #0 0x400639 in main /path/to/your/file.c:10
+    #1 0x7fa7c9bd50b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #2 0x4004ed in _start (/path/to/your/exe+0x4004ed)
 ```
 
 ## ASan Out-of-bound Write bypass Redzone
 ### Source code
 ```
+#include <stdio.h>
+#include <stdlib.h>
 
+int main() {
+    int a[10];
+    int *ptr = &a[0];
+    ptr += 11; 
+    *ptr = 10;
+    return 0;
+}
 ```
 ### Why
-
+陣列a大小為10，當取得第一個element的指標後，為了避開redzone，所以再把指標往後移動11個位置，但是，ASan會在程式執行期間監視記憶體存取，並在檢測到不正確的記憶體存取時引發錯誤。

lab6/Answer.md

@@ -1,12 +1,53 @@
-Name: 
-ID: 
+Name: 魏裕軒
+ID: 511558025
 
 ### Fuzz Monitor
 ```
+[+] All set and ready to roll!
+
+
+                       american fuzzy lop 2.57b (bmpcomp)
+
+┌─ process timing ─────────────────────────────────────┬─ overall results ─────┐
+│        run time : 0 days, 0 hrs, 30 min, 29 sec      │  cycles done : 4      │
+│   last new path : 0 days, 0 hrs, 8 min, 52 sec       │  total paths : 21     │
+│ last uniq crash : 0 days, 0 hrs, 30 min, 23 sec      │ uniq crashes : 1      │
+│  last uniq hang : 0 days, 0 hrs, 30 min, 0 sec       │   uniq hangs : 2      │
+├─ cycle progress ────────────────────┬─ map coverage ─┴───────────────────────┤
+│  now processing : 5* (23.81%)       │    map density : 0.06% / 0.07%         │
+│ paths timed out : 0 (0.00%)         │ count coverage : 1.77 bits/tuple       │
+├─ stage progress ────────────────────┼─ findings in depth ────────────────────┤
+│  now trying : havoc                 │ favored paths : 2 (9.52%)              │
+│ stage execs : 19/128 (14.84%)       │  new edges on : 2 (9.52%)              │
+│ total execs : 51.0k                 │ total crashes : 1073 (1 unique)        │
+│  exec speed : 15.55/sec (zzzz...)   │  total tmouts : 13.2k (6 unique)       │
+├─ fuzzing strategy yields ───────────┴───────────────┬─ path geometry ────────┤
+│   bit flips : 4/2688, 2/2676, 1/2652                │    levels : 4          │
+│  byte flips : 0/336, 0/324, 0/300                   │   pending : 9          │
+│ arithmetics : 11/18.8k, 0/5345, 0/1632              │  pend fav : 0          │
+│  known ints : 1/204, 2/824, 0/1418                  │ own finds : 20         │
+│  dictionary : 0/0, 0/0, 0/0                         │  imported : n/a        │
+│       havoc : 0/2560, 0/752                         │ stability : 100.00%    │
+│        trim : 99.97%/103, 0.00%                     ├────────────────────────┘
+^C────────────────────────────────────────────────────┘          [cpu000:167%]
+
++++ Testing aborted by user +++
+[+] We're done here. Have a nice day!
 
 ```
 
 ### Run Crash Result
 ```
+../src/bmpcomp ./out/crashes/id:000000,sig:06,src:000000,op:flip1,pos:20
+size of Herder 54
+ASAN:DEADLYSIGNAL
+=================================================================
+==26947==ERROR: AddressSanitizer: stack-overflow on address 0x7ffec48187a8 (pc 0x563cd7d0b1fb bp 0x7ffec60194e0 sp 0x7ffec48187b0 T0)
+    #0 0x563cd7d0b1fa in main /home/user/Desktop/lab6/src/hw0302.c:47
+    #1 0x7fd59ba4fc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
+    #2 0x563cd7d0bc79 in _start (/home/user/Desktop/lab6/src/bmpcomp+0x2c79)
+
+SUMMARY: AddressSanitizer: stack-overflow /home/user/Desktop/lab6/src/hw0302.c:47 in main
+==26947==ABORTING
 
 ```

lab7/sol.py

@@ -0,0 +1,13 @@
+import angr, sys
+proj = angr.project('./login')
+init_state = Proj.factory.entry_state()
+simulation = proj.factory.simgr(init_state)
+
+def success_condition(state):
+	return b"Login successful" in state.posix.dumpss(sys.stdout.fileno())
+def fail_condition(state):
+	return b"Login failed" in state.posix.dumps(sys.stdout.fileno)
+simulation.explore(find=success_condition, avoid=fail_condition)
+solution = simulation.found[0]
+print(solution.posix.dumps(sys.stdin.fileno())) 
+#b'HETOBRCUVWOBFEBB'