feat: lab5

Author: YingMuo

.github/workflows/lab-autograding.yml

@@ -45,7 +45,8 @@ jobs:
                       const files = await github.rest.pulls.listFiles({ owner, repo, pull_number: issue_number });
                       const changedFiles = files.data.map((file) => file.filename);
                       const allowedFileRegex = /^lab\d+\/main_test.js$/;
-                      if (!changedFiles.every((file) => allowedFileRegex.test(file))) {
+                      const specialChangedFiles = ["lab5/Answer.md", "lab5/antiasan.c"];
+                      if (!changedFiles.every((file) => (allowedFileRegex.test(file) || specialChangedFiles.includes(file))) {
                         core.setFailed('The PR contains changes to files other than the allowed files.');
                       }
                       return labNumber;

lab2/main_test.js

@@ -1,75 +1,6 @@
 const test = require('node:test');
 const assert = require('assert');
-const fs = require('fs');
-
-// 模擬 fs.readFile 方法，返回假數據
-test.mock.method(fs, 'readFile', (file, options, callback) => {
-    callback(null, 'Alice\njohn\nBob');
-});
-
-// 從 main.js 導入 Application 和 MailSystem 類
 const { Application, MailSystem } = require('./main');
 
-// 測試 MailSystem_write() 方法
-test('MailSystem_write()', () => {
-    const ms = new MailSystem();
-    assert.strictEqual(ms.write('Alice'), 'Congrats, Alice!');        // 確認寫入郵件的功能
-    assert.strictEqual(ms.write(null), 'Congrats, null!');            // 確認處理空值的功能
-    assert.strictEqual(ms.write(512558014), 'Congrats, 512558014!');  // 確認處理數字名稱的功能
-});
-
-// 測試 MailSystem_send() 方法
-test('MailSystem_send()', () => {
-    const ms = new MailSystem();
-    const name = 'Alice';
-    test.mock.method(Math, 'random', () => 0.6);                      // 假設 Math.random() 始終返回 0.6
-    assert.strictEqual(ms.send(name, 'success'), true);               // 確認發送成功郵件的功能
-    test.mock.method(Math, 'random', () => 0.4);                      // 假設 Math.random() 始終返回 0.4
-    assert.strictEqual(ms.send(name, 'fail'), false);                 // 確認發送失敗郵件的功能
-});
-
-// 測試 Application_getNames() 方法
-test('Application_getNames()', async () => {
-    const app = new Application();
-    const name_list = ['Alice', 'john', 'Bob'];
-    const names = await app.getNames();
-    assert.deepStrictEqual(names, [name_list, []]);                   // 確認獲取名字列表的功能
-});
-
-// 測試 Application_getRandomPerson() 方法
-test('Application_getRandomPerson()', async () => {
-    const app = new Application();
-    const [names] = await app.getNames();                             // 等待獲取名字列表
-    const randomPerson = app.getRandomPerson();
-    assert.ok(names.includes(randomPerson));                          // 確認隨機獲取的人員在名字列表中
-});
-
-// 測試 Application_selectNextPerson() 方法
-test('Application_selectNextPerson()', async () => {
-    const app = new Application();
-    const [names] = await app.getNames();
-    app.selected = ['Alice'];
-    let cnt = 0;
-    test.mock.method(app, 'getRandomPerson', () => {
-        if (cnt <= names.length) { 
-            return names[cnt++]; 
-        }
-    });
-    assert.strictEqual(app.selectNextPerson(), 'john');               // 確認選擇下一個人員的功能
-    assert.deepStrictEqual(app.selected, ['Alice', 'john']);          // 確認已選擇的人員列表
-    assert.strictEqual(app.selectNextPerson(), 'Bob');                // 確認選擇下一個人員的功能
-    assert.deepStrictEqual(app.selected, ['Alice', 'john', 'Bob']);   // 確認已選擇的人員列表
-    assert.strictEqual(app.selectNextPerson(), null);                 // 確認已無可選擇的人員
-});
-
-// 測試 Application_notifySelected() 方法
-test('Application_notifySelected()', async () => {
-    const app = new Application();
-    const [people] = await app.getNames();
-    app.selected = [...people];
-    app.mailSystem.send = test.mock.fn(app.mailSystem.send);
-    app.mailSystem.write = test.mock.fn(app.mailSystem.write);
-    app.notifySelected();
-    assert.strictEqual(app.mailSystem.send.mock.calls.length, people.length);  // 確認發送郵件的次數
-    assert.strictEqual(app.mailSystem.write.mock.calls.length, people.length); // 確認編寫郵件的次數
-});
+// TODO: write your tests here
+// Remember to use Stub, Mock, and Spy when necessary

lab3/main_test.js

@@ -0,0 +1,5 @@
+const { describe, it } = require('node:test');
+const assert = require('assert');
+const { Calculator } = require('./main');
+
+// TODO: write your tests here

lab4/main_test.js

@@ -8,36 +8,15 @@ const puppeteer = require('puppeteer');
     // Navigate the page to a URL
     await page.goto('https://pptr.dev/');
 
-    // Wait for the search button to appear
-    await page.waitForSelector('.DocSearch.DocSearch-Button');
-
+    // Hints:
     // Click search button
-    await page.click('.DocSearch.DocSearch-Button');
-
-    // Wait for the search input box to appear
-    await page.waitForSelector('#docsearch-input');
-
     // Type into search box
-    await page.type('#docsearch-input', 'chipi chipi chapa chapa');
-
     // Wait for search result
-    await page.waitForSelector('.devsite-result-item-link');
-
     // Get the `Docs` result section
-    const docSection = await page.$('.devsite-result-item-link');
-
     // Click on first result in `Docs` section
-    await docSection.click();
-
     // Locate the title
-    const titleElement = await page.waitForSelector('h1');
-
-    // Get the text content of the title element
-    const title = await page.evaluate(titleElement => titleElement.textContent, titleElement);
-
     // Print the title
-    console.log(title);
 
     // Close the browser
     await browser.close();
-})();
+})();

lab5/Answer.md

@@ -0,0 +1,92 @@
+# Answer
+
+Name: 
+ID: 
+
+## Test Valgrind and ASan
+### Result
+|                      | Valgrind | Asan |
+| -------------------- | -------- | ---- |
+| Heap out-of-bounds   |          |      |
+| Stack out-of-bounds  |          |      |
+| Global out-of-bounds |          |      |
+| Use-after-free       |          |      |
+| Use-after-return     |          |      |
+
+### Heap out-of-bounds
+#### Source code
+```
+
+```
+#### Valgrind Report
+```
+
+```
+### ASan Report
+```
+
+```
+
+### Stack out-of-bounds
+#### Source code
+```
+
+```
+#### Valgrind Report
+```
+
+```
+### ASan Report
+```
+
+```
+
+### Global out-of-bounds
+#### Source code
+```
+
+```
+#### Valgrind Report
+```
+
+```
+### ASan Report
+```
+
+```
+
+### Use-after-free
+#### Source code
+```
+
+```
+#### Valgrind Report
+```
+
+```
+### ASan Report
+```
+
+```
+
+### Use-after-return
+#### Source code
+```
+
+```
+#### Valgrind Report
+```
+
+```
+### ASan Report
+```
+
+```
+
+## ASan Out-of-bound Write bypass Redzone
+### Source code
+```
+
+```
+### Why
+

lab5/Makefile

@@ -0,0 +1,17 @@
+.PHONY: all
+all: uaf_asan
+
+uaf_asan: uaf.c libantiasan.so
+	gcc -fsanitize=address -Og -g -o $@ $< -lantiasan -L.
+
+libantiasan.so: antiasan.c
+	gcc -g -fPIC -c antiasan.c
+	gcc -shared antiasan.o -o libantiasan.so
+
+.PHINY: run
+run:
+	LD_LIBRARY_PATH=. ./uaf_asan
+
+.PHONY: clean
+clean:
+	rm uaf_asan antiasan.o libantiasan.so

lab5/README.md

@@ -0,0 +1,29 @@
+# Lab4
+
+## Introduction
+
+In this lab, you will write tests in `main_test.js`. You can learn how to use [Puppeteer](https://pptr.dev/) to tests a web UI.
+
+## Preparation (Important!!!)
+
+1. Sync fork your branch (e.g., `SQLab:311XXXXXX`)
+2. `git checkout -b lab4` (**NOT** your student ID !!!)
+
+## Requirement
+
+1. (100%) Goto https://pptr.dev/, type `chipi chipi chapa chapa` into the search box, click on **1st** result in the **Docs** section, and print the title.
+
+For the detailed steps and hints, please check the slide of this lab.
+
+You can run `validate.sh` in your local to test if you satisfy the requirements.
+
+Please note that you must not alter files other than `main_test.js`. You will get 0 points if
+
+1. you modify other files to achieve requirements.
+2. you can't pass all CI on your PR.
+
+## Submission
+
+You need to open a pull request to your branch (e.g. 311XXXXXX, your student number) and contain the code that satisfies the abovementioned requirements.
+
+Moreover, please submit the URL of your PR to E3. Your submission will only be accepted when you present at both places.

lab5/ans

@@ -0,0 +1,3 @@
+LD_LIBRARY_PATH=. ./uaf_asan
+s[0x10] = H
+s[0x10] = H

lab5/antiasan.c

@@ -0,0 +1,5 @@
+// TODO:
+void antiasan(unsigned long addr)
+{
+
+}

lab5/antiasan.h

@@ -0,0 +1,6 @@
+#ifndef HIJACK_H
+#define HIJACK_H
+
+void antiasan(unsigned long);
+
+#endif