basic rst support

--HG--
branch : pmacs2
This commit is contained in:
moculus 2007-07-23 19:28:27 +00:00
parent 6a79d35968
commit 1856149079
5 changed files with 117 additions and 7 deletions

View File

@ -15,6 +15,7 @@ import mode.blame, mode.diff, mode.dir
import mode.xml, mode.tt, mode.css, mode.javascript, mode.html
import mode.text, mode.mutt
import mode.bds, mode.life
import mode.rst
def run(buffers, jump_to_line=None, init_mode=None):
# save terminal state so we can restore it when the program exits
@ -103,7 +104,8 @@ class Application(object):
'javascript': mode.javascript.Javascript,
'sql': mode.sql.Sql,
'template': mode.tt.Template,
'bds': mode.bds.BDS
'bds': mode.bds.BDS,
'rst': mode.rst.RST,
}
# these are used in this order to determine which mode to open certain
@ -135,6 +137,7 @@ class Application(object):
'.sql': 'sql',
'.tt': 'template',
'.css': 'css',
'.rst': 'rst',
}
self.mode_detection = {
'python': 'python',

56
code_examples/cfi.rst Normal file
View File

@ -0,0 +1,56 @@
Control Flow Integrity
======================
Control-Flow Integrity is a technique used to insure a security
property, namely the targets of all instructions that alter control
flow (ie, branch instructions). To do this they use a combination of
static analysis and dynamic checks.
They then give a number of examples of how to one could use CFI to
improve other existing control flow based tools, including SFI and
shadow stacks. Finally, they give a brief look in at the formal theory
behind secure control flow.
Problem to be solved
--------------------
CFI is designed to handle malicious attacks against a
program. Particularly their threat model is that the adversary has
total control over the data memory. This covers a number of practical
attacks, including any that use a "stack smashing" technique to gain
control of the program. This includes many (all?) code injection
attacks, as well as arc-injection attacks.
Contributions
-------------
To enforce the control-flow integrity policy, they first use static
analysis to determine legitimate targets of indirect branches. Second,
they use binary rewriting to insert dynamic checks to insure the
runtime target is one of the acceptable targets. This can be done
because most functions are well behaved, in that the always return to
their callee.
Evaluation
----------
The main strength of this approach is that it offers a practical
defense against arc injection attacks. They used "hand examinations"
of some known windows arc injection attacks, specifically a GDI+ JPEG
flaw.
There are a number of downsides to their CFI prototype. First is the
relatively high overhead, 20% on SPEC without perl. Secondly, it seems
that there are potential problems with programs that use many function
pointers to point to a variety of different functions. Currently CFI
creates equivalence classes of functions (see the lt and gt example).
Next Step
---------
I believe the use of a SDT-based tool instead of the lightweight
binary instrumentation could address a number of the difficulties,
notably performance. I also think a better job could be done grouping
functions with better use of the control flow information to do a
better job partitioning the targets of function pointers.

13
lex3.py
View File

@ -75,6 +75,9 @@ class Rule:
t = Token(name, self, lexer.y, lexer.x, s, None, parent, matchd, link)
t.color = lexer.get_color(t)
lexer.x += len(s)
if lexer.x >= len(lexer.lines[lexer.y]):
lexer.x = 0
lexer.y += 1
return t
def get_line(self, lexer):
return lexer.lines[lexer.y] + '\n'
@ -142,17 +145,23 @@ class PatternGroupRule(PatternRule):
Rule.__init__(self, name)
self.pairs = tuple(pairs)
def match(self, lexer, parent):
x = lexer.x
(x, y) = (lexer.x, lexer.y)
matches = []
line = self.get_line(lexer)
for (tokname, tokre) in self.pairs:
if y >= len(lexer.lines):
return []
line = lexer.lines[y] + '\n'
m = tokre.match(line, x)
if m:
x += len(m.group(0))
if x >= len(line):
x = 0
y += 1
matches.append((tokname, m))
else:
return []
assert len(matches) == len(self.pairs)
#(lexer.x, lexer.y) = (x, y)
return matches
def lex(self, lexer, parent, matches):
if matches:

View File

@ -1,5 +1,7 @@
import commands
import color, mode2
from lex3 import Grammar, PatternRule, RegionRule, Grammar
from method import Method
from mode.perl import PerlGrammar
from mode.xml import TagGrammar
from mode.perl import StringGrammar
@ -27,10 +29,11 @@ class BDS(mode2.Fundamental):
closetokens = ('delimiter',)
closetags = {')': '(', ']': '[', '}': '{'}
colors = {
# comments
'comment.start': ('red', 'default'),
'comment.null': ('red', 'default'),
'comment.end': ('red', 'default'),
# xml tag
'tag.start': ('default', 'default'),
'tag.namespace': ('magenta', 'default'),
'tag.name': ('blue', 'default'),
@ -39,13 +42,13 @@ class BDS(mode2.Fundamental):
'tag.string.null': ('cyan', 'default'),
'tag.string.end': ('cyan', 'default'),
'tag.end': ('default', 'default'),
# strings
'string.start': ('green', 'default'),
'string.octal': ('magenta', 'default'),
'string.escaped': ('magenta', 'default'),
'string.null': ('green', 'default'),
'string.end': ('green', 'default'),
# keywords, etc
'derived': ('yellow', 'default'),
'question': ('yellow', 'default'),
'misquoted': ('yellow', 'red'),
@ -58,5 +61,24 @@ class BDS(mode2.Fundamental):
self.add_bindings('close-paren', (')',))
self.add_bindings('close-brace', ('}',))
self.add_bindings('close-bracket', (']',))
self.add_action(BDSMakeInstall())
self.add_action(BDSCompileResources())
self.add_action(BDSRestart())
def name(self):
return "BDS"
class BDSMakeInstall(Method):
def _execute(self, w, **vargs):
cmd = "perl Makefile.PL && make && make install"
(status, output) = commands.getstatusoutput(cmd)
if status == 0:
w.set_error("make succeeded")
else:
w.application.data_buffer("*bds-make-install*", output, switch_to=True)
w.set_error("make failed with %d" % status)
class BDSCompileResources(Method):
def _execute(self, w, **vargs):
pass
class BDSRestart(Method):
def _execute(self, w, **vargs):
pass

20
mode/rst.py Normal file
View File

@ -0,0 +1,20 @@
import color, mode2
from lex3 import Grammar, PatternRule, RegionRule, PatternGroupRule
class RSTGrammar(Grammar):
rules = [
PatternGroupRule(r'title', r'title', r'^.*?\n', r'titlesep', r'^=+\n'),
PatternGroupRule(r'subtitle', r'subtitle', r'^.*?\n', r'subtitlesep', r'^-+\n'),
PatternRule(r'line', r'^.*?\n'),
]
class RST(mode2.Fundamental):
grammar = RSTGrammar
colors = {
'title': ('blue', 'default'),
'titlesep': ('blue', 'default'),
'subtitle': ('cyan', 'default'),
'subtitlesep': ('cyan', 'default'),
}
def name(self):
return "RST"