Commit Graph

56 Commits

Author SHA1 Message Date
Michael Buesch
60cf2c0959 tools/pyboard.py: Replace eval() of received data with alternative.
Prior to this commit, pyboard.py used eval() to "parse" file data received
from the board.  Using eval() on received data from a device is dangerous,
because a malicious device may inject arbitrary code execution on the PC
that is doing the operation.

Consider the following scenario:

Eve may write a malicious script to Bob's board in his absence.  On return
Bob notices that something is wrong with the board, because it doesn't work
as expected anymore.  He wants to read out boot.py (or any other file) to
see what is wrong.  What he gets is a remote code execution on his PC.

Proof of concept:

Eve:

  $ cat boot.py
  _print = print
  print = lambda *x, **y: _print("os.system('ls /; echo Pwned!')", end="\r\n\x04")
  $ ./pyboard.py -f cp boot.py :
  cp boot.py :boot.py

Bob:

  $ ./pyboard.py -f cp :boot.py /tmp/foo
  cp :boot.py /tmp/foo
  bin   chroot  dev  home  lib32  media  opt   root  sbin  sys  usr
  boot  config  etc  lib   lib64  mnt    proc  run   srv   tmp  var
  Pwned!

There's also the possibility that the device is malfunctioning and sends
random and possibly dangerous data back to the PC, to be eval'd.

Fix this problem by using ast.literal_eval() to parse the received bytes,
instead of eval().

Signed-off-by: Michael Buesch <m@bues.ch>
2020-08-21 16:08:03 +10:00
Lars Kellogg-Stedman
3a0f64fc7a tools/pyboard.py: Add -d as an alias for --device. 2020-03-30 11:37:32 +11:00
Lars Kellogg-Stedman
1cf994c48b tools/pyboard.py: Support setting device/baudrate from shell env vars.
Allow defaults for --device and --baudrate to be set in the environment
using PYBOARD_DEVICE and PYBOARD_BAUDRATE.
2020-03-30 11:37:32 +11:00
Damien George
69661f3343 all: Reformat C and Python source code with tools/codeformat.py.
This is run with uncrustify 0.70.1, and black 19.10b0.
2020-02-28 10:33:03 +11:00
Michael Buesch
1604606238 tools/pyboard.py: Change shebang to use python3.
This script still works with Python 2 but Python 3 is recommended.
2020-02-01 00:06:26 +11:00
Michael Buesch
1cadb12d1c tools/pyboard.py: Use slice del instead of list.clear() for Py2 compat.
Python 2 does not have list.clear().
2020-02-01 00:05:29 +11:00
Michael Buesch
83afd48ad9 tools/pyboard.py: Add option --no-follow to detach after sending script.
This option makes pyboard.py exit as soon as the script/command is
successfully sent to the device, ie it does not wait for any output.  This
can help to avoid hangs if the board is being rebooted with --comman (for
example).

Example usage:

    $ python3 ./tools/pyboard.py --device /dev/ttyUSB0 --no-follow \
        --command 'import machine; machine.reset()'
2020-02-01 00:03:37 +11:00
Damien George
b3b9b11596 tools/pyboard.py: Support executing .mpy files directly.
This patch allows executing .mpy files (including native ones) directly on
a target, eg a board over a serial connection.  So there's no need to copy
the file to its filesystem to test it.

For example:

    $ mpy-cross foo.py
    $ pyboard.py foo.mpy
2019-12-19 17:00:52 +11:00
Damien George
4d94fae833 tools/pyboard.py: Add filesystem commands to ls/cat/cp/rm remote files.
Use "-f" to select filesystem mode, followed by the command to execute.
Optionally put ":" at the start of a filename to indicate that it's on the
remote device, if it would otherwise be ambiguous.

Examples:

    $ pyboard.py -f ls
    $ pyboard.py -f cat main.py
    $ pyboard.py -f cp :main.py .   # get from device
    $ pyboard.py -f cp main.py :    # put to device
    $ pyboard.py -f rm main.py
2019-07-25 15:56:01 +10:00
Damien George
56f6ceba7f tools/pyboard.py: Don't accumulate output data if data_consumer used.
Prior to this patch, when a lot of data was output by a running script
pyboard.py would try to capture all of this output into the "data"
variable, which would gradually slow down pyboard.py to the point where it
would have large CPU and memory usage (on the host) and potentially lose
data.

This patch fixes this problem by not accumulating the data in the case that
the data is not needed, which is when "data_consumer" is used.
2019-04-25 13:24:32 +10:00
rhubarbdog
869a8b70ce tools/pyboard.py: Add missing line from example usage comments. 2019-03-26 16:52:41 +11:00
Martin Dybdal
7795b2e5c3 tools/pyboard.py: In TelnetToSerial.close replace try/except with if.
Some Python linters don't like unconditional except clauses because they
catch SystemExit and KeyboardInterrupt, which usually is not the intended
behaviour.
2018-10-19 23:46:10 +11:00
Martin Dybdal
5ed8226e02 tools/pyboard.py: Change base class of PyboardError to Exception.
Following standard practice for defining custom exceptions.
2018-08-10 16:23:38 +10:00
Ayke van Laethem
0d7a088039 tools/pyboard: Run exec: command as a string.
The Python documentation recommends to pass the command as a string when
using Popen(..., shell=True).  This is because "sh -c <string>" is used to
execute the command and additional arguments after the command string are
passed to the shell itself (not the executing command).

https://docs.python.org/3.5/library/subprocess.html#subprocess.Popen
2018-08-04 15:45:23 +10:00
Paul Sokolovsky
c15be989ee tools/pyboard: Update docstring for additional device support. 2017-10-08 00:04:57 +03:00
Paul Sokolovsky
ea6692a83e tools/pyboard: Use repr() when quoting data in error messages.
As it may contain newlines, etc.
2017-10-05 23:40:19 +03:00
Paul Sokolovsky
7901741bf1 tools/pyboard: Add license header. 2017-07-22 17:12:15 +03:00
Ville Skyttä
ca16c38210 various: Spelling fixes 2017-05-29 11:36:05 +03:00
Paul Sokolovsky
3e1310d6e2 tools/pyboard: Provide more details when expected reply not received.
When trying to execute a command via raw REPL and expected "OK" reply
not received, show what was received instead.
2017-04-07 01:04:47 +03:00
Paul Sokolovsky
2cbe997834 tools/pyboard: ProcessPtyToTerminal: Add workaround for PySerial bug.
When working with a "virtual" port, like PTY. The issue described in
http://stackoverflow.com/questions/34831131/pyserial-does-not-play-well-with-virtual-port
2017-04-05 12:30:39 +03:00
Paul Sokolovsky
546ef301a1 tools/pyboard: execpty: Use shell=False to workaround some curdir issues.
Without this, Zephyr's port "make test" doesn't work.
2017-04-05 00:46:12 +03:00
Paul Sokolovsky
647e72ca63 tools/pyboard: Add "exec" and "execpty" pseudo-devices support.
This allows to execute a command and communicate with its stdin/stdout
via pipes ("exec") or with command-created pseudo-terminal ("execpty"),
to emulate serial access. Immediate usecase is controlling a QEMU process
which emulates board's serial via normal console, but it could be used
e.g. with helper binaries to access real board over other hadware
protocols, etc.

An example of device specification for these cases is:

	--device exec:../zephyr/qemu.sh
	--device execpty:../zephyr/qemu2.sh

Where qemu.sh contains long-long qemu startup line, or calls another
command. There's a special support in this patch for running the command
in a new terminal session, to support shell wrappers like that (without
new terminal session, only wrapper script would be terminated, but its
child processes would continue to run).
2017-04-04 17:46:02 +03:00
Paul Sokolovsky
9b3f423c14 tools/pyboard: Tighten up Pyboard object closure on errors.
Some "device" implementations may be sensitive to this.
2017-04-02 20:48:53 +03:00
Damien George
29b5879613 tools/pyboard.py: Refactor so target is not reset between scripts/cmd.
Previous to this patch pyboard.py would open a new serial connection to
the target for each script that was run, and for any command that was run.
Apart from being inefficient, this meant that the board was soft-reset
between scripts/commands, which precludes scripts from accessing variables
set in a previous one.

This patch changes the behaviour of pyboard.py so that the connection to
the target is created only once, and it's not reset between scripts or any
command that is sent with the -c option.
2016-12-15 11:29:33 +11:00
Damien George
bbe2e22fcb tools: Fix pyboard.py to work under Python 3. 2015-12-08 12:55:28 +00:00
Peter Hinch
f4fcc14cfb tools: Add option to pyboard.py to wait for serial device to be ready.
Also prints a nicer error message if the serial connection could not be
established.
2015-12-08 11:10:09 +00:00
Dave Hylands
519cef813e tools: Allow pyboard.py to work when boot.py prints things. 2015-12-06 21:45:10 +00:00
Paul Sokolovsky
89f2ddd2d0 tools/pyboard.py: Don't add terminating \x04 character to stdout output. 2015-11-07 13:48:35 +00:00
Paul Sokolovsky
e6dccaf18e tools/pyboard.py: Make -c (inline Python code) option compatible with python2. 2015-11-07 12:16:11 +03:00
Tom Soulanille
a787467569 tools/pyboard: Add -c argument to run a program passed as a string. 2015-10-19 23:20:59 +01:00
Damien George
e86b47175f tools: Make pyboard.py Python2 compatible. 2015-08-08 13:03:08 +01:00
Damien George
7ccdf8be77 tools/pyboard.py: Fix read timeout calc to work with shorter sleep. 2015-07-29 00:21:22 +01:00
Daniel Campora
cd14188bc8 tools: Add telnet support to pyboard.py.
The adapter class "TelnetToSerial" is used to access the Telnet
connection using the same API as with the serial connection. The
function pyboard.run-test() has been removed to made the module
generic and because this small test is no longer needed.
2015-07-26 14:02:34 +01:00
Damien George
db109ca0fc tools/pyboard.py: Speed up reading of chars by decreasing sleep period. 2015-07-25 22:49:25 +01:00
Damien George
f1236734bb tools/pyboard.py: Make enter_raw_repl stricter and more reliable.
When looking for chars to indicate raw repl is active, look for the full
string of chars to improve reliability of entering raw repl correctly.

Previous to this patch there was the possibility that raw repl was
entered in a dirty state, where not all input chars from previous
invocation were drained.
2015-07-25 22:46:07 +01:00
Damien George
9de53bf788 tools/pyboard.py: Fix parsing of returned error so last chr is not lost. 2015-07-25 22:44:56 +01:00
Damien George
d59ca4efdb tools/pyboard.py: Change logic for when raw ">" prompt is parsed.
In raw REPL ">" indicates the prompt.  We originally read this character
upon entering the raw REPL, and after reading the last bit of the
output.  This patch changes the logic so the ">" is read only just
before trying to send the next command.  To make this work (and as an
added feature) the input buffer is now flushed upon entering raw REPL.

The main reason for this change is so that pyboard.py recognises the EOF
when sys.exit() is called on the pyboard.  Ie, if you run pyboard.py
with a script that calls sys.exit(), then pyboard.py will exit after
the sys.exit() is called.
2015-06-15 23:28:04 +01:00
Dave Hylands
669dbca959 tools: Allow pyboard constructor to take a baudrate parameter.
This allows pyboard.py to be used over a UART interface
rather than just over a USB serial interface.
2015-05-27 23:01:28 +01:00
Dave Hylands
97ce883217 tools: Add exec_raw_no_follow to pyboard.py. 2015-05-18 11:39:57 +01:00
Damien George
4865a22f78 tools/pyboard.py: Add "--follow" option to wait for output indefinitely.
Also flush stdout so you can see output as it comes.
2015-05-07 10:14:51 +01:00
Damien George
2bb5f41611 tools/pyboard.py: Make it 8-bit clean, so it works with unicode chars.
Addresses issue #1190.
2015-04-19 21:31:28 +01:00
Damien George
4fd7c1a2ac tools, pyboard.py: Write data to pyboard in chunks of 256 bytes.
This speeds up writes significantly.
2014-12-20 18:09:04 +00:00
Damien George
17c5ce3727 tools: Make pyboard.py have infinite timeout when running script.
This makes pyboard.py much more useful for long running scripts.  When
running a script via pyboard.py, it now waits until the script finishes,
with no timeout.  CTRL-C can be used to break out of the waiting if
needed.
2014-11-30 21:30:53 +00:00
Damien George
bc1488a05f stmhal: Improve REPL control codes; improve pyboard.py script.
Improvements are:

2 ctrl-C's are now needed to truly kill running script on pyboard, so
make CDC interface allow multiple ctrl-C's through at once (ie sending
b'\x03\x03' to pyboard now counts as 2 ctrl-C's).

ctrl-C in friendly-repl can now stop multi-line input.

In raw-repl mode, use ctrl-D to indicate end of running script, and also
end of any error message.  Thus, output of raw-repl is always at least 2
ctrl-D's and it's much easier to parse.

pyboard.py is now a bit faster, handles exceptions from pyboard better
(prints them and exits with exit code 1), prints out the pyboard output
while the script is running (instead of waiting till the end), and
allows to follow the output of a previous script when run with no
arguments.
2014-10-26 15:39:22 +00:00
Damien George
9c9db3a7a1 tools, pyboard.py: Allow exec argument to be bytes or str. 2014-10-19 14:54:52 +01:00
blmorris
3b064370f8 Enable device keyword option when running pyboard.py --tests and run-tests --pyboard 2014-10-01 23:31:52 +01:00
Damien George
3244123031 tools: pyboard.py now acts as a command-line program to run scripts.
You can run a local script on the pyboard using:

    python pyboard.py test.py

where test.py is the local script you want to run.
2014-05-03 18:14:34 +01:00
Damien George
e88814a274 Merge pull request #543 from lurch/patch-4
Make pyboard.enter_raw_repl more robust
2014-05-03 13:09:16 +01:00
Craig Barnes
71a1e35206 Fix pyboard.py tests. 2014-05-02 21:36:07 +01:00
Andrew Scheller
1f740bdaf4 Make pyboard.enter_raw_repl more robust
In case there's a program in the microcontroller's main.py running in an infinite loop
2014-05-01 20:42:23 +01:00