2

I am currently playing with format string attacks in C. I have a toy program that prints (to stdout) the address of a variable that I want to access, then accepts a line from stdin and printfs it..

Using Turtle, I'd like to be able to:

  • execute the program
  • parse the first few lines of stdout to retrieve the address
  • using the address, craft a format string for printf (I know how to do this bit)
  • write the attack string to stdin

However, I can't see how to do this. Using a function like inshell :: Text -> Shell Line -> Shell Line, I can supply some lines to stdin and get back a stream from stdout. However, I don't know how to inject new lines to stdin after having read a couple of lines from stdout.

rossng
  • 318
  • 3
  • 11
  • I don't see why one would need Turtle for this; it's just basic IO. Since you know how to do step 3 already, your program is simply `getContents >>= putStrLn . makeFormatString`. Furthermore, `Shell` is an instance of `MonadIO` so if you really need a `Shell` you can convert the aforementioned program to a `Shell`. – user2407038 Nov 02 '17 at 17:03
  • I guess the attraction of Turtle was that it makes it easy to run the test program from inside Haskell. With this method, my understanding is that I would have to redirect the `stdout` of the test program into my Haskell program, and supply the `stdin` of the test program from a named pipe which I redirect the output of the Haskell program into. Is there an easy was to do this from Haskell itself? – rossng Nov 02 '17 at 17:48
  • If your goal is to test your program which performs IO, Turtle is the wrong tool for this. See for example [this](https://making.pusher.com/unit-testing-io-in-haskell/). – user2407038 Nov 02 '17 at 19:04

1 Answers1

0

If your goal is to test your program which performs IO you can use shelltestrunner (project written in Haskell) if you want to test I/O scenarios for every project (non necessarily written in Haskell).

Shersh
  • 9,019
  • 3
  • 33
  • 61