Add ProgramAttributes from the GUI

[paulnoalhyt]

• I have reviewed the OFRAK contributor guide and attest that this pull request is in accordance with it.
• I have made or updated a changelog entry for the changes in this pull request.

One sentence summary of this PR (This should go in the CHANGELOG!)

Add ProgramAttributes from the OFRAK GUI. Rewrote the ihex components.

Please describe the changes in your request.

Allow users to add ProgramAttributes from the GUI:

Allow users to add ProgramAttributes to a resource in the OFRAK GUI. This is particularly useful when dealing with Intel Hex files which do not contain info about the CPU architecture, making them impossible to analyze in the GUI before.

• added 2 endpoints in the server to:
  • get all possible ProgramAttributes fields (InstructionSet, SubInstructionSet, BitWidth, Endianness, ProcessorType).
  • add ProgramAttributes to a resource.
• added tests for these 2 endpoints.
• test_pyghidra_components.py: added test for unpacking ihex file with pyghidra, after adding ProgramAttributes.

Rewriting of the ihex components (analyzer/packer/unpacker):

some context about how ELF files are handled in OFRAK:

• ELF file has the Program tag, so when we analyze an ELF with a backend, we give the backend the full ELF with headers, etc.
• The ELF unpacker creates CodeRegions that can be unpacked by the backend.

some context about how ihex files were handled before this PR:

• the Ihex is just considered as a GenericFile.
• the IhexProgram gets the Program tag. It's the binary content of all sections present in the ihex (binary blob of concatenated sections). This is given to the backend. The issue is that the backend doesn't receive the ihex file, so it has no idea about the sections present in this binary blob.
• the IhexUnpacker doesn't create CodeRegions but an IhexProgram (binary blob mentioned above).
  • the IhexProgramUnpacker then creates ProgramSections which are not really CodeRegions.
• it's harder to map the backend segments to these ProgramSections. For example, the PyGhidraCodeRegionUnpacker is made to run on CodeRegions and not ProgramSections.

proposed rewriting:

• the Ihex file gets the Program tag. That way the full ihex file is given to the backend for analysis.
• the IhexUnpacker created CodeRegions, like the ElfUnpacker. This makes sense because when loading an ihex file in Ghidra, it assumes that all sections are RWX.
• remove the binary blob intermediary representation, which doesn't add any value. The binary content is contained in the CodeRegions data.
• tests were updated.

Happy to discuss this rewriting in comments!

Bug fixes/improvements:

• pyghidra_components.py:
  • when running the PyGhidraAutoAnalyzer, the resource was flushed to disk, so it was packed. This removes all child resources that were created before running the PyGhidraAutoAnalyzer. This was an issue if for example, you load an ihex file, unpack it (so it creates CodeRegions), then run unpack_recursively(). As the binary was packed by the PyGhidraAutoAnalyzer, the CodeRegions were be deleted, and the unpack_recursively failed because the CodeRegions it was supposed to unpack disapeared. To avoid that, I put pack=False in flush_data_to_disk. This solves my issue, but is not ideal (what if the user modified some data in the ihex before running the PyGhidraAutoAnalyzer?!). Happy to discuss other ideas to solve this issue!
  • the PyGhidraAutoAnalyzer now checks for ProgramAttributes before running unpack.
• pyghidra_analysis.py: added better error message when hitting ghidra.app.util.opinion.LoadException: No load spec found, to give the user a hint that they should add ProgramAttributes.
• AddTagView.svelte and AddProgramAttributesView.svelte: updated refreshResource() so that the attribute panel in the GUI is actually refreshed with the new tag/ProgramAttributes.

Anyone you think should look at this, specifically?

No

[rbs-afflitto]

Looks good to me. Approved

[rbs-jacob]

Couple of minor suggestions

[rbs-jacob]

Suggested change

//console.log(r.json())

[rbs-jacob]

Since this whole function is async, you can await r.json() here without using a .then callback.

[rbs-jacob]

Since this whole function is async, you can await fetch here without using a .then callback.

[rbs-jacob]

In JavaScript, object field access is equivalent to dictionary-style field access. So selected_attribute.isa is the same as selected_attribute["isa"].

Might be worth changing these to the more concise syntax?

[rbs-jacob]

Suggested change

	except Exception as e:
	if "toString" in dir(e) and "No load spec found" in e.toString():
	raise Exception(
	e.toString()
	+ "\nTry adding ProgramAttributes to you binary before running a Ghidra analyzer/unpacker!"
	)
	else:
	raise e
	except <SOMETHING MORE SPECIFIC> as e:
	if "toString" in dir(e) and "No load spec found" in e.toString():
	raise <SOMETHING MORE SPECIFIC>(
	e.toString()
	+ "\nTry adding ProgramAttributes to you binary before running a Ghidra analyzer/unpacker!"
	)
	else:
	raise

We want to avoid catching raw Exceptions if possible. We also want to avoid raising them. We should probably replace these with a more specific Exception instance such as RuntimeError, ValueError, or something even more specific.

Worth changing in other parts of the code where you see this, as well.

[rbs-jacob]

Not worth blocking this PR for this, but I wonder if this function can be refactored to be a bit smaller? I think that might make it a bit easier to read.

There are helper functions like _unpack_basic_block that get called, but there is still a lot of logic before and after those calls. Can any of that logic before and after the helper function calls be moved into the helper functions themselves?

[rbs-jacob]

Suggested change

	- Look for `ProgramAttributes` before unpacking. Do not pack when flushing to disk. Better error message when Ghidra raises "No load spec found". Added test for unpacking ihex with `ofrak_pyghidra` ([#637](https://github.com/redballoonsecurity/ofrak/pull/637))
	- Improve unpacking logic, error messages, and testing for `ofrak_pyghidra` auto analyzer ([#637](https://github.com/redballoonsecurity/ofrak/pull/637))

[rbs-jacob]

Is it necessarily the case that all unpacked IHEX segments are code regions? No data segments? I don't know enough about IHEX to say for sure, but wanted to confirm.

I generally like that Ihex now inherits from Program, but am uncertain about this particular change.

[rbs-jacob]

Suggested change

	- rewrote intel hex components ([#637](https://github.com/redballoonsecurity/ofrak/pull/637))
	- Rewrote intel hex components ([#637](https://github.com/redballoonsecurity/ofrak/pull/637))

Might be worth adding a couple words on what justified the rewrite and/or what changed. Thinking from the perspective of someone reading the CHANGELOG, they're going to wonder whether and how this affects them, so we want to clarify that as much as possible up-front.

[whyitfor]

We need docstrings for these tests. Look at examples.