heatherm/gist:5916523df2c5cc4db0e72a5c5c0413a9

## gistfile1.txt
"""
This security layer inadequately handles A/B storage for files in RepyV2.


Note:
    This security layer uses encasementlib.r2py, restrictions.default, repy.py and Python
    Also you need to give it an application to run.
    python repy.py restrictions.default encasementlib.r2py [security_layer].r2py [attack_program].r2py

    """
TYPE = "type"
ARGS = "args"
RETURN = "return"
EXCP = "exceptions"
TARGET = "target"
FUNC = "func"
OBJC = "objc"

class ABFile():
    def __init__(self, filename, create):
        self.rLock = createlock()
        self.wLock = createlock()

        mycontext['debug'] = False
        self.Afn = filename + '.a'
        self.Bfn = filename + '.b'

        a_exists = self.Afn in listfiles()
        b_exists = self.Bfn in listfiles()

        if a_exists:
            self.Afile = openfile(self.Afn, False)

        if b_exists:
            self.Bfile = openfile(self.Bfn, False)

        if not a_exists:
            self.Afile = openfile(self.Afn, True)
            self.Afile.writeat('SE', 0)

        if not b_exists:
            self.Bfile = openfile(self.Bfn, True)


    def writeat(self, data, offset):
        self.Bfile.writeat(data, offset)

    def readat(self, bytes, offset):
        return self.Afile.readat(bytes, offset)

    def close(self):
        self.rLock.acquire(True)
        b_contents = self.Bfile.readat(None, 0)
        self.rLock.release()
        if self.b_is_valid(b_contents):
            self.write_b_to_a(b_contents)

        self.remove_b()

    def b_is_valid(self, b_contents):
        if len(b_contents) < 1:
            return False
        start = b_contents[0]
        end = b_contents[len(b_contents) - 1]
        return start == 'S' and end == 'E'

    def write_b_to_a(self, b_contents):
        self.reset_a()
        self.wLock.acquire(True)
        self.Afile.writeat(b_contents, 0)
        self.wLock.release()
        self.Afile.close()

    def reset_a(self):
        self.remove_a()
        self.Afile = openfile(self.Afn, True)

    def remove_a(self):
        self.Afile.close()
        removefile(self.Afn)

    def remove_b(self):
        self.Bfile.close()
        removefile(self.Bfn)


def ABopenfile(filename, create):
    return ABFile(filename, create)


# The code here sets up type checking and variable hiding for you.  You
# should not need to change anything below here.
sec_file_def = {"obj-type": ABFile,
                "name": "ABFile",
                "writeat": {"type": "func", "args": (str, (int, long)), "exceptions": Exception,
                            "return": (int, type(None)), "target": ABFile.writeat},
                "readat": {"type": "func", "args": ((int, long, type(None)), (int, long)), "exceptions": Exception,
                           "return": str, "target": ABFile.readat},
                "close": {"type": "func", "args": None, "exceptions": None, "return": (bool, type(None)),
                          "target": ABFile.close}
                }

CHILD_CONTEXT_DEF["ABopenfile"] = {TYPE: OBJC, ARGS: (str, bool), EXCP: Exception, RETURN: sec_file_def,
                                   TARGET: ABopenfile}

# Execute the user code
secure_dispatch_module()
	"""
	This security layer inadequately handles A/B storage for files in RepyV2.



	Note:
	This security layer uses encasementlib.r2py, restrictions.default, repy.py and Python
	Also you need to give it an application to run.
	python repy.py restrictions.default encasementlib.r2py [security_layer].r2py [attack_program].r2py

	"""
	TYPE = "type"
	ARGS = "args"
	RETURN = "return"
	EXCP = "exceptions"
	TARGET = "target"
	FUNC = "func"
	OBJC = "objc"

	class ABFile():
	def __init__(self, filename, create):
	self.rLock = createlock()
	self.wLock = createlock()

	mycontext['debug'] = False
	self.Afn = filename + '.a'
	self.Bfn = filename + '.b'

	a_exists = self.Afn in listfiles()
	b_exists = self.Bfn in listfiles()

	if a_exists:
	self.Afile = openfile(self.Afn, False)

	if b_exists:
	self.Bfile = openfile(self.Bfn, False)

	if not a_exists:
	self.Afile = openfile(self.Afn, True)
	self.Afile.writeat('SE', 0)

	if not b_exists:
	self.Bfile = openfile(self.Bfn, True)


	def writeat(self, data, offset):
	self.Bfile.writeat(data, offset)

	def readat(self, bytes, offset):
	return self.Afile.readat(bytes, offset)

	def close(self):
	self.rLock.acquire(True)
	b_contents = self.Bfile.readat(None, 0)
	self.rLock.release()
	if self.b_is_valid(b_contents):
	self.write_b_to_a(b_contents)

	self.remove_b()

	def b_is_valid(self, b_contents):
	if len(b_contents) < 1:
	return False
	start = b_contents[0]
	end = b_contents[len(b_contents) - 1]
	return start == 'S' and end == 'E'

	def write_b_to_a(self, b_contents):
	self.reset_a()
	self.wLock.acquire(True)
	self.Afile.writeat(b_contents, 0)
	self.wLock.release()
	self.Afile.close()

	def reset_a(self):
	self.remove_a()
	self.Afile = openfile(self.Afn, True)

	def remove_a(self):
	self.Afile.close()
	removefile(self.Afn)

	def remove_b(self):
	self.Bfile.close()
	removefile(self.Bfn)


	def ABopenfile(filename, create):
	return ABFile(filename, create)


	# The code here sets up type checking and variable hiding for you. You
	# should not need to change anything below here.
	sec_file_def = {"obj-type": ABFile,
	"name": "ABFile",
	"writeat": {"type": "func", "args": (str, (int, long)), "exceptions": Exception,
	"return": (int, type(None)), "target": ABFile.writeat},
	"readat": {"type": "func", "args": ((int, long, type(None)), (int, long)), "exceptions": Exception,
	"return": str, "target": ABFile.readat},
	"close": {"type": "func", "args": None, "exceptions": None, "return": (bool, type(None)),
	"target": ABFile.close}
	}

	CHILD_CONTEXT_DEF["ABopenfile"] = {TYPE: OBJC, ARGS: (str, bool), EXCP: Exception, RETURN: sec_file_def,
	TARGET: ABopenfile}

	# Execute the user code
	secure_dispatch_module()