2006-08-02 13:59:57 +01:00
|
|
|
#!/usr/bin/python
|
2007-06-11 13:09:24 +01:00
|
|
|
"""
|
|
|
|
Scyther : An automatic verifier for security protocols.
|
|
|
|
Copyright (C) 2007 Cas Cremers
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU General Public License
|
|
|
|
as published by the Free Software Foundation; either version 2
|
|
|
|
of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
"""
|
|
|
|
|
2006-08-02 13:59:57 +01:00
|
|
|
#
|
|
|
|
# Scyther interface
|
|
|
|
#
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
""" Import externals """
|
|
|
|
import os
|
2006-08-07 11:42:34 +01:00
|
|
|
import os.path
|
2006-08-02 13:59:57 +01:00
|
|
|
import sys
|
|
|
|
import StringIO
|
2006-12-11 09:40:57 +00:00
|
|
|
import tempfile
|
2007-05-19 13:29:32 +01:00
|
|
|
|
2006-08-02 13:59:57 +01:00
|
|
|
|
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
""" Import scyther components """
|
|
|
|
import XMLReader
|
2006-12-14 14:06:50 +00:00
|
|
|
import Error
|
2007-01-27 13:08:24 +00:00
|
|
|
import Claim
|
2006-08-02 13:59:57 +01:00
|
|
|
from Misc import *
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
2006-12-14 14:06:50 +00:00
|
|
|
"""
|
|
|
|
Globals
|
|
|
|
"""
|
|
|
|
|
|
|
|
FirstCheck = True
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
"""
|
|
|
|
The default path for the binaries is set in __init__.py in the (current)
|
|
|
|
directory 'Scyther'.
|
|
|
|
"""
|
2006-08-09 10:26:15 +01:00
|
|
|
|
2006-08-09 12:39:35 +01:00
|
|
|
def setBinDir(dir):
|
2006-08-09 10:26:15 +01:00
|
|
|
global bindir
|
|
|
|
|
|
|
|
bindir = dir
|
|
|
|
|
2006-08-09 12:54:37 +01:00
|
|
|
def getBinDir():
|
|
|
|
global bindir
|
|
|
|
|
|
|
|
return bindir
|
|
|
|
|
2006-08-09 10:26:15 +01:00
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
2006-12-14 14:06:50 +00:00
|
|
|
def Check():
|
|
|
|
"""
|
|
|
|
Various dynamic checks that can be performed before starting the
|
|
|
|
backend.
|
|
|
|
"""
|
|
|
|
|
|
|
|
global FirstCheck
|
|
|
|
|
|
|
|
# First time
|
|
|
|
if FirstCheck:
|
|
|
|
"""
|
|
|
|
Perform any checks that only need to be done the first time.
|
|
|
|
"""
|
|
|
|
FirstCheck = False
|
|
|
|
|
|
|
|
# Every time
|
|
|
|
|
|
|
|
# Check Scyther backend program availability
|
|
|
|
program = getScytherBackend()
|
|
|
|
CheckSanity(program)
|
|
|
|
|
2007-05-18 13:06:29 +01:00
|
|
|
|
2006-12-14 14:06:50 +00:00
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
def CheckSanity(program):
|
|
|
|
"""
|
|
|
|
This is where the existence is checked of the Scyther backend.
|
|
|
|
"""
|
|
|
|
|
|
|
|
if not os.path.isfile(program):
|
|
|
|
raise Error.BinaryError, program
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
2007-01-27 12:53:19 +00:00
|
|
|
def EnsureString(x,sep=" "):
|
|
|
|
"""
|
|
|
|
Takes a thing that is either a list or a string.
|
|
|
|
Turns it into a string. If it was a list, <sep> is inserted, and the
|
|
|
|
process iterats.
|
2007-05-18 13:06:29 +01:00
|
|
|
|
|
|
|
TODO does not accept unicode yet, that is something that must be
|
|
|
|
handled to or we run into wxPython problems eventually.
|
2007-01-27 12:53:19 +00:00
|
|
|
"""
|
|
|
|
if type(x) is str:
|
|
|
|
return x
|
|
|
|
|
|
|
|
elif type(x) is list:
|
|
|
|
newlist = []
|
|
|
|
for el in x:
|
|
|
|
newlist.append(EnsureString(el,sep))
|
|
|
|
return sep.join(newlist)
|
|
|
|
|
|
|
|
else:
|
|
|
|
raise Error.StringListError, x
|
|
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
def getScytherBackend():
|
|
|
|
# Where is my executable?
|
|
|
|
#
|
|
|
|
# Auto-detect platform and infer executable name from that
|
|
|
|
#
|
|
|
|
if "linux" in sys.platform:
|
|
|
|
|
|
|
|
""" linux """
|
|
|
|
scythername = "scyther-linux"
|
|
|
|
|
2006-12-20 17:20:09 +00:00
|
|
|
elif "darwin" in sys.platform:
|
2006-08-04 23:00:22 +01:00
|
|
|
|
2006-12-20 17:20:09 +00:00
|
|
|
""" OS X """
|
2007-01-09 14:37:17 +00:00
|
|
|
scythername = "scyther-mac"
|
2006-09-21 14:19:22 +01:00
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
elif sys.platform.startswith('win'):
|
2006-09-21 14:19:22 +01:00
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
""" Windows """
|
2006-11-23 11:46:33 +00:00
|
|
|
scythername = "scyther-w32.exe"
|
2006-09-21 14:19:22 +01:00
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
else:
|
2006-09-21 14:19:22 +01:00
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
""" Unsupported"""
|
2006-12-14 14:06:50 +00:00
|
|
|
raise Error.UnknownPlatformError, sys.platform
|
2006-09-21 14:19:22 +01:00
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
program = os.path.join(getBinDir(),scythername)
|
|
|
|
return program
|
|
|
|
|
2006-12-14 19:46:36 +00:00
|
|
|
|
2006-11-23 11:28:51 +00:00
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
class Scyther(object):
|
|
|
|
def __init__ ( self):
|
2006-08-04 23:00:22 +01:00
|
|
|
|
2006-08-08 16:54:00 +01:00
|
|
|
# Init
|
2006-11-23 11:28:51 +00:00
|
|
|
self.program = getScytherBackend()
|
2006-08-02 13:59:57 +01:00
|
|
|
self.spdl = None
|
2006-08-02 14:44:45 +01:00
|
|
|
self.inputfile = None
|
2006-08-08 17:16:28 +01:00
|
|
|
self.options = ""
|
2006-08-02 13:59:57 +01:00
|
|
|
self.claims = None
|
2006-08-06 20:52:07 +01:00
|
|
|
self.errors = None
|
2006-08-06 22:16:14 +01:00
|
|
|
self.errorcount = 0
|
2007-01-12 10:02:56 +00:00
|
|
|
self.warnings = None
|
2006-08-07 11:52:48 +01:00
|
|
|
self.run = False
|
2006-08-08 16:54:00 +01:00
|
|
|
self.output = None
|
2007-01-02 15:22:25 +00:00
|
|
|
self.cmd = None
|
2006-08-08 16:54:00 +01:00
|
|
|
|
|
|
|
# defaults
|
|
|
|
self.xml = True # this results in a claim end, otherwise we simply get the output
|
2006-08-02 13:59:57 +01:00
|
|
|
|
|
|
|
def setInput(self,spdl):
|
|
|
|
self.spdl = spdl
|
2006-08-02 14:44:45 +01:00
|
|
|
self.inputfile = None
|
2006-08-02 13:59:57 +01:00
|
|
|
|
|
|
|
def setFile(self,filename):
|
2006-08-02 14:44:45 +01:00
|
|
|
self.inputfile = filename
|
2006-08-02 13:59:57 +01:00
|
|
|
self.spdl = ""
|
|
|
|
fp = open(filename,"r")
|
|
|
|
for l in fp.readlines():
|
|
|
|
self.spdl += l
|
|
|
|
fp.close()
|
|
|
|
|
2006-08-07 19:23:30 +01:00
|
|
|
def addFile(self,filename):
|
|
|
|
self.inputfile = None
|
|
|
|
if not self.spdl:
|
|
|
|
self.spdl = ""
|
|
|
|
fp = open(filename,"r")
|
|
|
|
for l in fp.readlines():
|
|
|
|
self.spdl += l
|
|
|
|
fp.close()
|
|
|
|
|
2007-01-02 15:22:25 +00:00
|
|
|
def addArglist(self,arglist):
|
|
|
|
for arg in arglist:
|
|
|
|
self.options += " %s" % (arg)
|
|
|
|
|
2006-12-14 19:46:36 +00:00
|
|
|
def doScytherCommand(self, spdl, args):
|
|
|
|
"""
|
|
|
|
Run Scyther backend on the input
|
|
|
|
|
|
|
|
Arguments:
|
|
|
|
spdl -- string describing the spdl text
|
|
|
|
args -- arguments for the command-line
|
|
|
|
Returns:
|
|
|
|
(output,errors)
|
|
|
|
output -- string which is the real output
|
|
|
|
errors -- string which captures the errors
|
|
|
|
"""
|
2006-11-23 11:28:51 +00:00
|
|
|
|
|
|
|
if self.program == None:
|
2006-12-14 19:46:36 +00:00
|
|
|
raise Error.NoBinaryError
|
2006-08-02 13:59:57 +01:00
|
|
|
|
2006-12-14 20:32:24 +00:00
|
|
|
# Sanitize input somewhat
|
2007-01-27 21:42:16 +00:00
|
|
|
if spdl == "":
|
2006-12-14 20:32:24 +00:00
|
|
|
# Scyther hickups on completely empty input
|
2007-01-27 21:42:16 +00:00
|
|
|
spdl = "\n"
|
2006-12-14 20:32:24 +00:00
|
|
|
|
2007-01-02 15:34:58 +00:00
|
|
|
# Generate temporary files for the output.
|
2006-12-14 20:08:34 +00:00
|
|
|
# Requires Python 2.3 though.
|
|
|
|
(fde,fne) = tempfile.mkstemp() # errors
|
|
|
|
(fdo,fno) = tempfile.mkstemp() # output
|
2007-01-02 15:22:25 +00:00
|
|
|
if spdl:
|
|
|
|
(fdi,fni) = tempfile.mkstemp() # input
|
2006-12-14 20:08:34 +00:00
|
|
|
|
2007-01-02 15:22:25 +00:00
|
|
|
# Write (input) file
|
|
|
|
fhi = os.fdopen(fdi,'w+b')
|
|
|
|
fhi.write(spdl)
|
|
|
|
fhi.close()
|
2006-12-11 09:40:57 +00:00
|
|
|
|
|
|
|
# Generate command line for the Scyther process
|
2006-12-14 19:46:36 +00:00
|
|
|
self.cmd = ""
|
|
|
|
self.cmd += "\"%s\"" % self.program
|
2006-12-14 20:08:34 +00:00
|
|
|
self.cmd += " --append-errors=%s" % fne
|
|
|
|
self.cmd += " --append-output=%s" % fno
|
2007-01-02 15:22:25 +00:00
|
|
|
self.cmd += " %s" % args
|
2006-12-14 20:08:34 +00:00
|
|
|
if spdl:
|
|
|
|
self.cmd += " %s" % fni
|
|
|
|
|
2007-01-02 15:34:58 +00:00
|
|
|
# Only for debugging, really
|
|
|
|
##print self.cmd
|
2007-01-02 15:22:25 +00:00
|
|
|
|
2006-12-14 20:08:34 +00:00
|
|
|
# Start the process
|
2007-05-19 14:32:58 +01:00
|
|
|
safeCommand(self.cmd)
|
2006-12-14 20:08:34 +00:00
|
|
|
|
|
|
|
# reseek
|
|
|
|
fhe = os.fdopen(fde)
|
|
|
|
fho = os.fdopen(fdo)
|
|
|
|
errors = fhe.read()
|
|
|
|
output = fho.read()
|
|
|
|
|
|
|
|
# clean up files
|
|
|
|
fhe.close()
|
|
|
|
fho.close()
|
|
|
|
os.remove(fne)
|
|
|
|
os.remove(fno)
|
2007-01-02 15:22:25 +00:00
|
|
|
if spdl:
|
|
|
|
os.remove(fni)
|
2006-12-14 19:46:36 +00:00
|
|
|
|
2007-01-02 15:34:58 +00:00
|
|
|
# Now if there is no output and no errors, weird things might
|
|
|
|
# happen, and we report the command used.
|
|
|
|
if errors == "" and output == "":
|
|
|
|
errors = "Scyther backend did not yield any output, "
|
|
|
|
errors += "returning no errors and no output.\n"
|
|
|
|
errors += "Command: [%s]" % self.cmd
|
|
|
|
|
2006-12-14 19:46:36 +00:00
|
|
|
return (output,errors)
|
|
|
|
|
2007-01-27 12:53:19 +00:00
|
|
|
def sanitize(self):
|
|
|
|
""" Sanitize some of the input """
|
|
|
|
self.options = EnsureString(self.options)
|
|
|
|
|
|
|
|
def verify(self,extraoptions=None):
|
2006-12-14 19:46:36 +00:00
|
|
|
""" Should return a list of results """
|
2007-01-27 12:53:19 +00:00
|
|
|
|
|
|
|
# Cleanup first
|
|
|
|
self.sanitize()
|
2006-12-14 19:46:36 +00:00
|
|
|
|
|
|
|
# prepare arguments
|
|
|
|
args = ""
|
|
|
|
if self.xml:
|
|
|
|
args += " --dot-output --xml-output --plain"
|
|
|
|
args += " %s" % self.options
|
2007-01-27 12:53:19 +00:00
|
|
|
if extraoptions:
|
|
|
|
# extraoptions might need sanitizing
|
|
|
|
args += " %s" % EnsureString(extraoptions)
|
2006-12-14 19:46:36 +00:00
|
|
|
|
|
|
|
# execute
|
|
|
|
(output,errors) = self.doScytherCommand(self.spdl, args)
|
|
|
|
self.run = True
|
|
|
|
|
|
|
|
# process errors
|
|
|
|
self.errors = []
|
2007-01-12 10:02:56 +00:00
|
|
|
self.warnings = []
|
2006-12-14 19:46:36 +00:00
|
|
|
for l in errors.splitlines():
|
2007-01-12 10:02:56 +00:00
|
|
|
line = l.strip()
|
2007-01-27 21:42:16 +00:00
|
|
|
if len(line) > 0:
|
|
|
|
# filter out any non-errors (say maybe only claim etc) and count
|
|
|
|
# them.
|
|
|
|
if line.startswith("claim\t"):
|
|
|
|
# Claims are lost, reconstructed from the XML output
|
2007-01-30 17:43:58 +00:00
|
|
|
pass
|
|
|
|
elif line.startswith("warning"):
|
2007-01-27 21:42:16 +00:00
|
|
|
# Warnings are stored seperately
|
|
|
|
self.warnings.append(line)
|
2007-01-30 17:43:58 +00:00
|
|
|
else:
|
|
|
|
# otherwise it is an error
|
|
|
|
self.errors.append(line)
|
2007-01-12 10:02:56 +00:00
|
|
|
|
2006-08-06 22:16:14 +01:00
|
|
|
self.errorcount = len(self.errors)
|
2007-01-27 21:42:16 +00:00
|
|
|
if self.errorcount > 0:
|
|
|
|
raise Error.ScytherError(self.errors)
|
2006-08-06 20:52:07 +01:00
|
|
|
|
2006-12-14 19:46:36 +00:00
|
|
|
# process output
|
|
|
|
self.output = output
|
|
|
|
self.validxml = False
|
|
|
|
self.claims = []
|
2006-08-08 16:54:00 +01:00
|
|
|
if self.xml:
|
|
|
|
if len(output) > 0:
|
2006-08-08 17:16:28 +01:00
|
|
|
if output.startswith("<scyther>"):
|
2006-12-14 19:46:36 +00:00
|
|
|
|
|
|
|
# whoohee, xml
|
2006-08-08 17:16:28 +01:00
|
|
|
self.validxml = True
|
|
|
|
|
2006-12-14 19:46:36 +00:00
|
|
|
xmlfile = StringIO.StringIO(output)
|
|
|
|
reader = XMLReader.XMLReader()
|
|
|
|
self.claims = reader.readXML(xmlfile)
|
2006-08-02 13:59:57 +01:00
|
|
|
|
2006-12-14 19:46:36 +00:00
|
|
|
# Determine what should be the result
|
|
|
|
if self.xml:
|
|
|
|
return self.claims
|
|
|
|
else:
|
|
|
|
return self.output
|
2006-08-02 13:59:57 +01:00
|
|
|
|
2007-01-27 21:42:16 +00:00
|
|
|
def verifyOne(self,cl=None):
|
2007-01-27 12:53:19 +00:00
|
|
|
"""
|
|
|
|
Verify just a single claim with an ID retrieved from the
|
2007-01-27 13:08:24 +00:00
|
|
|
procedure below, 'scanClaims', or a full claim object
|
2007-01-27 12:53:19 +00:00
|
|
|
"""
|
2007-01-27 21:42:16 +00:00
|
|
|
if cl:
|
|
|
|
# We accept either a claim or a claim id
|
|
|
|
if isinstance(cl,Claim.Claim):
|
|
|
|
cl = cl.id
|
|
|
|
return self.verify("--filter=%s" % cl)
|
|
|
|
else:
|
|
|
|
# If no claim, then its just normal verification
|
|
|
|
return self.verify()
|
2007-01-27 12:53:19 +00:00
|
|
|
|
|
|
|
def scanClaims(self):
|
|
|
|
"""
|
2007-01-27 13:08:24 +00:00
|
|
|
Retrieve the list of claims. Of each element (a claim), claim.id
|
|
|
|
can be passed to --filter=X or 'verifyOne' later.
|
2007-01-27 12:53:19 +00:00
|
|
|
A result of 'None' means that some errors occurred.
|
|
|
|
"""
|
|
|
|
self.verify("--scan-claims")
|
|
|
|
if self.errorcount > 0:
|
|
|
|
return None
|
|
|
|
else:
|
|
|
|
self.validxml = False # Signal that we should not interpret the output as XML
|
2007-01-27 13:08:24 +00:00
|
|
|
return self.claims
|
2007-01-27 12:53:19 +00:00
|
|
|
|
2006-08-07 19:23:30 +01:00
|
|
|
def getClaim(self,claimid):
|
|
|
|
if self.claims:
|
|
|
|
for cl in self.claims:
|
|
|
|
if cl.id == claimid:
|
|
|
|
return cl
|
|
|
|
return None
|
|
|
|
|
2006-08-02 13:59:57 +01:00
|
|
|
def __str__(self):
|
2006-08-07 11:52:48 +01:00
|
|
|
if self.run:
|
|
|
|
if self.errorcount > 0:
|
2006-08-07 17:40:46 +01:00
|
|
|
return "%i errors:\n%s" % (self.errorcount, "\n".join(self.errors))
|
2006-08-07 11:52:48 +01:00
|
|
|
else:
|
2006-08-08 17:16:28 +01:00
|
|
|
if self.xml and self.validxml:
|
|
|
|
s = "Verification results:\n"
|
2006-08-08 16:54:00 +01:00
|
|
|
for cl in self.claims:
|
|
|
|
s += str(cl) + "\n"
|
|
|
|
return s
|
|
|
|
else:
|
|
|
|
return self.output
|
2006-08-02 13:59:57 +01:00
|
|
|
else:
|
|
|
|
return "Scyther has not been run yet."
|
|
|
|
|
2007-05-18 13:06:29 +01:00
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
def GetInfo(html=False):
|
|
|
|
"""
|
|
|
|
Retrieve a tuple (location,string) with information about the tool,
|
|
|
|
retrieved from the --expert --version data
|
|
|
|
"""
|
|
|
|
|
|
|
|
program = getScytherBackend()
|
|
|
|
arg = "--expert --version"
|
|
|
|
sc = Scyther()
|
|
|
|
(output,errors) = sc.doScytherCommand(spdl=None, args=arg)
|
|
|
|
if not html:
|
|
|
|
return (program,output)
|
|
|
|
else:
|
|
|
|
sep = "<br>\n"
|
|
|
|
html = "Backend: %s%s" % (program,sep)
|
|
|
|
for l in output.splitlines():
|
|
|
|
l.strip()
|
|
|
|
html += "%s%s" % (l,sep)
|
|
|
|
return html
|
|
|
|
|
|
|
|
|
2007-10-08 13:52:50 +01:00
|
|
|
def GetLicense():
|
|
|
|
"""
|
|
|
|
Retrieve license information.
|
|
|
|
"""
|
|
|
|
|
|
|
|
program = getScytherBackend()
|
|
|
|
arg = "--license"
|
|
|
|
sc = Scyther()
|
|
|
|
(output,errors) = sc.doScytherCommand(spdl=None, args=arg)
|
|
|
|
return output
|
|
|
|
|
|
|
|
|
2007-05-18 13:06:29 +01:00
|
|
|
#---------------------------------------------------------------------------
|
|
|
|
|
2006-12-14 19:46:36 +00:00
|
|
|
# vim: set ts=4 sw=4 et list lcs=tab\:>-:
|