Please let us create UefiRule and UefiAnalyzer using a blob, not a file

[hughsie]

On the LVFS we currently write hundreds of thousands of temporary files to run each uefi_r2 rule. Rather than do:

with tempfile.NamedTemporaryFile(
    mode="wb", prefix="uefi_scanner_", suffix=".efi", dir=None, delete=True
) as f:
    f.write(shard.blob)
    f.flush()
    uefi_analyzer = UefiAnalyzer(image_path=f.name)

what I really want to do is:

uefi_analyzer = UefiAnalyzer(blob=shard.blob)

... and the same thing for UefiRule (although we only call that one once...) -- many thanks.

[yeggor]

Hi. It appears that there is currently no mechanism to locally initialize the radare2 analysis without using a file path. So I don't see any solutions to fix UefiAnalyzer (even if we provide an API like this: UefiAnalyzer(blob=shard.blob), we have to create a temporary file inside UefiAnalyzer. But we can easily fix UefiRule.

Do you have any ideas on this?

[hughsie]

Do you have any ideas on this?

Does radare need a filename or is it reading from a file descriptor? I wondered if we could give it a BytesIO or something?

[yeggor]

radare2 requires a filename. But it also has IO-plugins for alternative ways for reading content: https://github.com/radareorg/radare2/tree/master/libr/io/p. Among them are fd://, shm:// and others. But I tested almost all of them and found no normal way to pass a buffer through them from python. So far, still in search of a good solution for you. Write if you have ideas.

[hughsie]

But I tested almost all of them and found no normal way to pass a buffer through them from python.

Okay, I appreciate you doing that for me. I'll have a look at the python bindings later tonight. Thanks.

[yeggor]

Richard, here the version of uefi_r2 that works on rizin engine (instead of radare2). Currently, we cannot send data for analysis via shm:// to the radare2, because it does not work the way we would like. Rizin team recently made an improvement to the shm plugin (https://github.com/rizinorg/rizin/pull/1759) and to the analysing the contents of a PE file passed through shm (https://github.com/rizinorg/rizin/pull/1763).

Thus, in order to use uefi_r2 as you described, I suggest testing this version: https://github.com/binarly-io/uefi_r2/tree/rizin-dev. So far, the rizin will have to be build from this branch: https://github.com/rizinorg/rizin/tree/asan-pe-refactor, but soon the improvements will be in the main branch.

[XVilka]

I merged this branch in dev - it passed all tests and got through the reviews. Thanks for reporting the bug!

[hughsie]

@yeggor does that mean I just have to s/r2pipe/rzpipe on the LVFS, and install rizin in the docker container rather than radare2? The latter is more tricky as rizin doesn't seem available in epel8 and so I'd need to build it myself in a copr or something.

[hughsie]

Heh, the RHEL8 version built fine. https://copr.fedorainfracloud.org/coprs/rhughes/lvfs-website/build/2862976/

[yeggor]

@hughsie s/r2pipe/rzpipe should work without additional problems, at least that's what I did in uefi_r2. I can release a rizin based version in pypi if you need.

[yeggor]

Uploaded a new release with support for the requested feature and other multiple improvements: https://pypi.org/project/uefi-r2/1.1.0/ @hughsie

[hughsie]

@yeggor is this expected?

uefi_analyzer = UefiAnalyzer(image_path=f.name, radare2home=radare2home)
TypeError: UefiAnalyzer.__init__() got an unexpected keyword argument 'radare2home'

[yeggor]

Yes, use rizinhome instead of radare2home (https://github.com/binarly-io/uefi_r2/blob/master/uefi_r2/uefi_analyzer.py#L68)

[hughsie]

@yeggor excellent, thanks!