Upgraded library to support Python 3

wdahlenburg · Feb 19, 2021 · 46addd3 · 46addd3
1 parent 586d149
commit 46addd3
Show file tree

Hide file tree

Showing 6 changed files with 78 additions and 137 deletions.
diff --git a/hexdump-3.3.zip b/hexdump-3.3.zip
diff --git a/pyhprof/blocks.py b/pyhprof/blocks.py
@@ -2,7 +2,6 @@
 """
 
 import time
-import pdb
 from contextlib import contextmanager
 
 from .constants import TAGS
@@ -32,61 +31,6 @@ def __str__(self):
 class GenericBlock(BaseBlock):
     pass
 
-class StackFrameBlock(BaseBlock):
-
-    def read_contents(self):
-        with self.parser.goto(self.start):
-            pdb.set_trace()
-            try:
-                s_id = self.parser.read_id()
-                contents = self.parser.f.read(self.length - self.parser.id_size)
-                contents = contents.decode('utf-8')
-            except:
-                # pdb.set_trace()
-                contents = str(contents)
-        self._id = s_id
-        self._contents = contents
-
-class StackTraceBlock(BaseBlock):
-    _id = None
-    _stack_frames = []
-
-    def read_contents(self):
-        with self.parser.goto(self.start):
-            try:
-                s_id = self.parser.read_id()
-                t_id = self.parser.i4()
-                numFrames = self.parser.i4()
-                stack_frames = []
-                for i in range(numFrames):
-                    # pdb.set_trace()
-                    val = self.parser.i4()
-                    stack_frames.append(val)
-                # contents = self.parser.f.read(self.length - self.parser.id_size)
-                # contents = contents.decode('utf-8')
-            except:
-                # pdb.set_trace()
-                contents = str(contents)
-        self._id = s_id
-        self._tid = t_id
-        self._nframes = numFrames
-        self._stack_frames = stack_frames
-
-    @property
-    def id(self):
-        if self._id is None:
-            self.read_contents()
-        return self._id
-
-    @property
-    def stack_frames(self):
-        if self._stack_frames is []:
-            self.read_contents()
-        return self._stack_frames
-
-    def __str__(self):
-        return '%s %d %r' % (self.tag_name, self.id, self.stack_frames)
-
 class StringBlock(BaseBlock):
     _id = _contents = None
 
@@ -97,7 +41,6 @@ def read_contents(self):
                 contents = self.parser.f.read(self.length - self.parser.id_size)
                 contents = contents.decode('utf-8')
             except:
-                # pdb.set_trace()
                 contents = str(contents)
         self._id = s_id
         self._contents = contents
@@ -157,7 +100,5 @@ def __iter__(self):
 BLOCK_CLASSES_BY_TAG = {
     'STRING': StringBlock,
     'LOAD_CLASS': LoadClass,
-    'HEAP_DUMP': HeapDump,
-    'STACK_FRAME': StackFrameBlock#,
-    # 'STACK_TRACE': StackTraceBlock
+    'HEAP_DUMP': HeapDump
 }
diff --git a/pyhprof/heap_blocks.py b/pyhprof/heap_blocks.py
@@ -1,5 +1,3 @@
-import pdb
-
 class BaseHeapDumpBlock(object):
     def __init__(self, id):
         self.id = id
@@ -108,13 +106,9 @@ def parse(cls, p):
         reserved1 = p.read_id()
         reserved2 = p.read_id()
         instance_size = p.i4()
-        constants = [cls.read_constant(p) for _ in xrange(p.i2())]
-        static_fields = [cls.read_static_field(p) for _ in xrange(p.i2())]
-        instance_fields = [cls.read_instance_field(p) for _ in xrange(p.i2())]
-
-        if id == 3940593480 or id == 4019559632:
-            pdb.set_trace()
-            print("Block found")
+        constants = [cls.read_constant(p) for _ in range(p.i2())]
+        static_fields = [cls.read_static_field(p) for _ in range(p.i2())]
+        instance_fields = [cls.read_instance_field(p) for _ in range(p.i2())]
 
         return cls(id, stack_trace_serial_number, super_class_id, class_loader_id, signers_object_id,
                    protection_domain_object_id,
@@ -125,19 +119,13 @@ def read_constant(cls, p):
         pool_index = p.i2()
         tp = p.read_value_type()
         value = p.read_value(tp)
-        if value == 3940593480 or value == 4019559632:
-            pdb.set_trace()
-            print("Block found")
         return [pool_index, tp, value]
 
     @classmethod
     def read_static_field(cls, p):
         name_id = p.read_id()
         tp = p.read_value_type()
         value = p.read_value(tp)
-        if value == 3940593480 or value == 4019559632:
-            pdb.set_trace()
-            print("Block found")
         return [name_id, tp, value]
 
     @classmethod
@@ -177,19 +165,8 @@ def parse(cls, p):
         stack_trace_serial_number = p.i4()
         n_elements = p.i4()
         array_class_object_id = p.read_id()
-        elements = []
-        for i in range(n_elements):
-            tid = p.read_id()
-            if tid == 3940593480 or tid == 4019559632:
-                pdb.set_trace()
-                print("Block found")
-            elements.append(tid)
-
-        # elements = [p.read_id() for _ in xrange(n_elements)]
-        # for i in elements:
-        #     if id == 3940593480:
-        #         pdb.set_trace()
-        #         print("Block found")
+        elements = [p.read_id() for _ in range(n_elements)]
+
         return cls(id, stack_trace_serial_number, array_class_object_id, elements)
 
 

diff --git a/pyhprof/parsers.py b/pyhprof/parsers.py
@@ -7,7 +7,6 @@
 import os
 import struct
 from contextlib import contextmanager
-import pdb
 
 from .constants import TAGS, HEAP_DUMP_SUB_TAGS, OBJECT_TYPES, TYPE_SIZES
 from .blocks import BLOCK_CLASSES_BY_TAG, GenericBlock
@@ -117,23 +116,19 @@ def __init__(self, f):
         self.read_header()
 
     def read_header(self):
-        f = ""
+        f = b""
         while True:
             u1 = self.u1()
-            if not u1 != '\0':
+            if not u1 != b'\0':
                 break
             f += u1
         self.format = f
         self.set_id_size(self.i4())
         self.start_time = self.i8()
 
     def read_next_block(self):
-        # pdb.set_trace()
         tag = ord(self.u1())
         tag_name = TAGS.get(tag, 'UNKOWN')
-        # if tag_name == 'HEAP_DUMP':
-        #     pdb.set_trace()
-        #     print("starting heapdump")
         record_time = self.i4()
         length = self.i4()
         start = self.f.tell()
@@ -162,18 +157,12 @@ def check_position_in_bound(self):
         assert self.length is None or self.position <= self.length
 
     def read(self, n):
-        # if self.f.tell() < 128506688 and (self.f.tell() + n) >= 128506688:
-        #     pdb.set_trace()
-        #     print("Identified Encryption block")
         content = super(HeapDumpParser, self).read(n)
         self.position += n
         self.check_position_in_bound()
         return content
 
     def seek(self, n):
-        # if self.f.tell() < 110763104 and (self.f.tell() + n) >= 110763104:
-        #     pdb.set_trace()
-        #     print("Identified Encryption block")
 
         super(HeapDumpParser, self).seek(n)
         self.position += n
@@ -184,20 +173,3 @@ def read_next_block(self):
             return None
         tag = self.u1()
         return HEAP_BLOCK_CLASSES_BY_TAG[HEAP_DUMP_SUB_TAGS[ord(tag)]].parse(self)
-
-
-'''
-Starting at
-128731078
-128747999
-
-Size: 16921
-'''
-
-'''
-Starting at
-110757296
-110774212
-
-Size: 16916
-'''
diff --git a/pyhprof/references.py b/pyhprof/references.py
@@ -23,16 +23,16 @@ def __init__(self, base_size, children=None):
         self.children = children or {}
 
     def resolve_children(self, references):
-        for k, c in self.children.iteritems():
-            self.children[k] = references.get(c)
+        for k in self.children.keys():
+            self.children[k] = references.get(self.children[k])
 
     def bfs_transverse(self):
         seen = {self}
         queue = deque([self])
         while queue:
             n = queue.popleft()
             yield n
-            for child in n.children.itervalues():
+            for child in n.children.values():
                 if child is not None and child not in seen:
                     seen.add(n)
                     queue.append(child)
@@ -84,13 +84,9 @@ def build_from_instance_dump(cls, strings, instance_cls, instance):
                     offset += ID_SIZE
                 else:
                     offset += TYPE_SIZES[tp]
-            # if len(fields.keys()) != 0:
-            #     pdb.set_trace()
-            #     print()
             return cls(id, instance_cls, len(instance.bytes), fields, instance.bytes)
         except:
-            pdb.set_trace()
-            print("foo")
+            pass
 
     def __str__(self):
         return 'Instance<%s>' % self.cls.name
@@ -140,7 +136,7 @@ def hexdump_data(self):
 
     def ascii_data(self):
         # Ascii is [^\x00-\x7f], but printable is 0x20-0x7e
-        ascii_str = re.sub(r'[^\x0a\x0d\x20-\x7e]',r'',self.data)
+        ascii_str = re.sub(b'[^\x0a\x0d\x20-\x7e]',b'',bytes(self.data))
         return ascii_str
 
 
@@ -187,9 +183,9 @@ def read_references(self, heap_dump, mx=None):
             references.append(el)
 
         if self.variable_type == 0:
-            if '1.0.2' in self.p.format:
+            if b'1.0.2' in self.p.format:
                 self.parse_type_two_references(heap_dump, mx, p, references)
-            elif '1.0.1' in self.p.format:
+            elif b'1.0.1' in self.p.format:
                 self.parse_type_one_references(heap_dump, mx, p, references)
             else:
                 raise ValueError("Error: Unhandled HPROF format: " + self.p.format)

diff --git a/spring_heapdumper.py b/spring_heapdumper.py
@@ -1,17 +1,72 @@
-#!/bin/python2
+#!/bin/python3
 
 from pyhprof.parsers import HProfParser
 from pyhprof.references import ReferenceBuilder
 import pyhprof
+import argparse
 import sys
 
+# Use truffleHog to parse any references for common API keys
+from truffleHogRegexes.regexChecks import regexes
+import re
 
-filename = sys.argv[1]
-fp = open(filename, 'rb')
-refs = ReferenceBuilder(fp)
+def main():
+	flags = {}
+	parser = argparse.ArgumentParser(description='Parse JAVA HPROF files')
+	parser.add_argument('-f', '--filename', dest='filename', required=True,
+	                    help='HPROF file to parse')
+	parser.add_argument('-t1', '--type-one', action='store_true',
+	                    help='Force Type 1 parsing of variables')
+	parser.add_argument('-t2', '--type-two', action='store_true',
+	                    help='Force Type 2 parsing of variables')
 
-refs.build()
+	args = parser.parse_args()
 
-for i in refs.references.keys():
-	if type(refs.references[i]) == pyhprof.references.PrimitiveArrayReference:
-		print(refs.references[i].ascii_data())
+	if args.type_one == True and args.type_two == True:
+		print("Error: Use -t1 or -t2, but not both")
+		sys.exit(1)
+	else:
+		if args.type_one == True:
+			flags['type_one'] = True
+		else:
+			flags['type_one'] = False
+		if args.type_two == True:
+			flags['type_two'] = True
+		else:
+			flags['type_two'] = False
+
+	filename = args.filename
+	fp = open(filename, 'rb')
+	refs = ReferenceBuilder(fp, flags)
+
+	refs.build()
+
+	print("\n\nVariables:\n\n")
+
+	for i in refs.variables.keys():
+		key = i.decode("utf-8")
+		for v in refs.variables[i]:
+			print("%s: %s" % (key, v.decode("utf-8")))
+
+	http_references = []
+	secrets = []
+
+	for i in refs.references.keys():
+		if type(refs.references[i]) == pyhprof.references.PrimitiveArrayReference:
+			data = refs.references[i].ascii_data().decode("utf-8")
+			if 'HTTP/1.1' in data:
+				http_references.append(data)
+			for k in regexes.keys():
+				matches = regexes[k].findall(data)
+				if len(matches) != 0:
+					secrets.append("TruffleHog (%s): %s. Identified from: \n%s" % (k, matches, data))
+
+	print("\n\nHTTP References:\n\n")
+	for i in http_references:
+		print(i + "\n")
+
+	print("\n\nSecret References:\n\n")
+	for i in secrets:
+		print(i + "\n")
+
+main()