on a ZCU106 board with MPSoC Zynq Ultrascale+, I have developed a simple test application that performs reads and writes to a memory-mapped device register. The device in question is a GPIO peripheral, synthesized to fpga and accessed in memory with address (0xA0010000) configured via Vivado tool. The application does not use MMU. If I try to launch and run my application from the Vitis debugger, everything works correctly, with no problems. However, I need to launch the application from Lauterbach's Trace32. By doing the launch with a practice script (Lauterbach's scripting language), the application loads correctly, but upon reading or writing to the memory address where the synthesized device is mapped to fpga, a "debug port fail" type problem is returned. I therefore analyzed the tcl script automatically generated by Vitis to see if there are any hardware configurations that are made in tcl, but which I do not predict with the practice script (Lauterbach). My suspicion is that there are special instructions to enable the mapping of memory addresses that a processor can access. I attach the tcl script generated by Vitis, perhaps the "offending" instruction is the 'loadhw -hw'? Thanks in advance to anyone who can help me.
# In Vitis IDE create a Single Application Debug launch configuration,
# change the debug type to 'Attach to running target' and provide this
# tcl script in 'Execute Script' option.
# Path of this script: /home/daniele/vitis_workspace/interr_measurement_test_system/_ide/scripts/debugger_interr_measurement_test-default.tcl
#
#
# Usage with xsct:
# To debug using xsct, launch xsct and run below command
# source /home/daniele/vitis_workspace/interr_measurement_test_system/_ide/scripts/debugger_interr_measurement_test-default.tcl
#
connect -url tcp:127.0.0.1:3121
source /tools/Xilinx/Vitis/2021.2/scripts/vitis/util/zynqmp_utils.tcl
targets -set -nocase -filter {name =~"APU*"}
rst -system
after 3000
targets -set -filter {jtag_cable_name =~ "Xilinx HW-FTDI-TEST FT232H 49619" && level==0 && jtag_device_ctx=="jsn-HW-FTDI-TEST FT232H-49619-14730093-0"}
fpga -file /home/daniele/vitis_workspace/interr_measurement_test/_ide/bitstream/zcu106_int_meas_plat_wrapper.bit
targets -set -nocase -filter {name =~"APU*"}
loadhw -hw /home/daniele/vitis_workspace/zcu106_int_meas_plat_wrapper/export/zcu106_int_meas_pp
lat_wrapper/hw/zcu106_int_meas_plat_wrapper.xsa -mem-ranges [list {0x80000000 0xbfffffff} {0x400000000 0x5ffffffff} {0x1000000000 0x7fffffffff}] -regs
configparams force-mem-access 1
targets -set -nocase -filter {name =~"APU*"}
set mode [expr [mrd -value 0xFF5E0200] & 0xf]
targets -set -nocase -filter {name =~ "*A53*#0"}
rst -processor
dow /home/daniele/vitis_workspace/zcu106_int_meas_plat_wrapper/export/zcu106_int_meas_plat_wrapper/sw/zcu106_int_meas_plat_wrapper/boot/fsbl.elf
set bp_30_4_fsbl_bp [bpadd -addr &XFsbl_Exit]
con -block -timeout 60
bpremove $bp_30_4_fsbl_bp
targets -set -nocase -filter {name =~ "*A53*#0"}
rst -processor
dow /home/daniele/vitis_workspace/interr_measurement_test/Debug/interr_measurement_test.elf
configparams force-mem-access 0
bpadd -addr &main
Related
How can I use the netcat program for bidirectional communication with a networked postscript printer? Postscript programs frequently send information to the STDOUT and that is difficult to capture over the network. I need bidirectional communication with the printer 9100 port. My answer is below. Does anybody know of a better way?
The netcat program can be used for bidirectional communication with a postscript printer.
I have been using some simple programs to send print jobs directly to a network postscript printer and haven't gotten any return info from the printer until now. I like to communicate directly with the printer instead of sending jobs to a spooler.
There is a little information a few places about printing with netcat just very sparse so I am making this report.
My printer is a Xerox 6500n connected to a router by ethernet cable. I can send postscript programs or pdf files directly to the printer in a variety of ways. Sometimes I want to get answers from the printer and so have a test program to use the printer to convert the input using 'pathforall' and send back the answer. The netcat does this nicely:
nc -n 192.168.1.111 9100 < pathforall.ps
I then get the desired response. This has been checked and is similar to ghostscript output only slightly off for some reason:
$ nc -v -w 5 -n 192.168.1.111 9100 < pathforall.ps
192.168.1.111 9100 (hp-pdl-datastr) open
28.6998 12.2999 moveto
28.6998 9.29996 28.3998 8.09995 25.2998 6.59998 curveto
24.3998 6.09998 21.2999 4.79999 19.0999 4.79999 curveto
15.3999 4.79999 12.4999 7.89996 12.4999 12.5999 curveto
12.4999 12.7999 lineto
12.4999 16.1999 13.5999 21.7999 28.6998 26.7999 curveto
closepath
$ gs pathforall.ps
GPL Ghostscript 9.50 (2019-10-15)
Copyright (C) 2019 Artifex Software, Inc. All rights reserved.
This software is supplied under the GNU AGPLv3 and comes with NO WARRANTY:
see the file COPYING for details.
Loading Times-Roman font from /usr/share/ghostscript/fonts/Times-Roman.pfa... 4824712 3114962 3833824 2546359 1 done.
28.6184 12.2615 moveto
28.6184 9.27632 28.3224 8.07977 25.2262 6.57484 curveto
24.3257 6.08141 21.2418 4.78618 19.0461 4.78618 curveto
15.3577 4.78618 12.4589 7.8824 12.4589 12.5576 curveto
12.4589 12.7673 lineto
12.4589 16.1472 13.5567 21.7352 28.6184 26.7188 curveto
28.6184 12.2615 lineto
closepath
The netcat allows me to communicate with my printer similar to ghostscript except I don't have the executive mode working yet. Also, be sure to include a 'flush' command in the postscript to get the entire answer sent back.
This can be used for many purposes to get information from the printer.
EDIT: Here is a simple test to see if the printer STDOUT is getting back to the computer:
%!
(Hello World\n) print flush
EDIT3: Postscript executive mode works using telnet for the Xerox 6500n as suggested by luser droog. See comments below.
Here is a bash /dev/tcp alternative for printing without netcat.
This sends to a network PostScript printer using bash if built with --enable-net-redirections. This works with my Void bash and with my Xerox Phaser 6500n and switches between PJL and PostScript. Testing results with other printers would be helpful.
#!/bin/bash
#
# ++++ driverless postscript printing ++++
# bash needs --enable-net-redirections build option
#
# for postscript programs with postscript printer only
#
# bash escape is \033 or \e or \E or \x1B
exec 5<>/dev/tcp/192.168.1.111/9100 || exit 1 # change ip as needed
{
echo -e "\E%-12345X#PJL" # PJL entrance
echo #PJL ECHO "$(date)"
echo #PJL ECHO "setting up printer ..."
echo #PJL COMMENT Change Printer Settings
echo #PJL SET COPIES = 1 # modify environment settings
echo #PJL SET MANUALFEED = off
echo #PJL ECHO "Starting PostScript Program ..."
echo #PJL ENTER LANGUAGE = POSTSCRIPT
echo "%!" # optional
cat "$1" || echo -E "(Hello World\n) print flush" # if input.ps missing
echo -e "\004" # ctrl-D for end of file
echo -e "\e%-12345X#PJL" # back to PJL
echo #PJL ECHO "Finished PostScript Program."
echo #PJL RESET # unset modified environment settings
echo #PJL ECHO BYE.
echo -e "\033%-12345X" # PJL universal exit
} >&5 # send to printer
while read -t 122 -r LINE # timeout after 122 seconds of silence
do
echo "$LINE"
if [[ "$LINE" =~ #PJL\ ECHO\ BYE. ]]; then break; fi
done <&5
echo "Finished reading printer"
exec 5>&- # close
exec 5<&- # close both
exit 0
Here is the result in my terminal. Be sure to send a file like "print.sh input.ps" or this will happen:
$ ./print.sh
cat: '': No such file or directory
#PJL ECHO Mon 20 Apr 2020 07:10:03 AM PDT
#PJL ECHO setting up printer ...
#PJL ECHO Starting PostScript Program ...
Hello World
#PJL ECHO Finished PostScript Program.
#PJL ECHO BYE.
Finished reading printer
UPDATE: I have added this here: github
I can control P8_3, P8_4, but P8_5 stays stuck at 3V3.
I've booted the BB with this configuration to disable HDMI:
# cat /proc/cmdline
optargs=quiet capemgr.disable_partno=BB-BONELT-HDMI,BB-BONELT-HDMIN
Then I enabled GPIO 34+38+39 (P8_{5,3,4}):
# echo 34 > /sys/class/gpio/export
# echo 38 > /sys/class/gpio/export
# echo 39 > /sys/class/gpio/export
And set them as outputs:
# echo out > /sys/class/gpio/gpio34/direction
# echo out > /sys/class/gpio/gpio38/direction
# echo out > /sys/class/gpio/gpio39/direction
Then I'm setting them to alternate between HIGH/LOW at 1Hz using a script which writes as so:
# value is 0/1, pin is 34/38/39
# echo $value > /sys/class/gpio/gpio$pin/value
I measure P8_{3,4} alternating between 0V and 3V3, but P8_5 is stuck at 3V3.
I've tried compiling the devicetree overlay for gpio-P8.5 from here and adding it, but with the same result.
I'm aware that these pins are used by HDMI, but I thought I'd disabled HDMI with that kernel command-line, and I ideally need to use those specific pins due to the board I'm connecting the BBB to.
A colleague using my SD image also had the same issue on a BB green (which I believe doesn't have HDMI).
It seems the device tree files provided with the BBB were trying to configure GPIO#2 instead of GPIO#34 (gpio0_2 instead of gpio1_2).
I generated a new device-tree overlay for P8_5 (gpio1_2 / gpio34) with this and it all works now.
I have the script run_md.py which produces the file test.dcd from the input file named test.pdb.
I want to execute the same command on multiple input files (test*.pdb) on a remote server using GNU parallel and transfer the result back to the local computer. Therefore, I'm using the following command:
parallel --trc {.}.dcd -j 2 -S $SERVER1 './run_md.py {} 1000' ::: test*.pdb
The command is running as expected on the server using 2 slots. However, the files are not transferred back and I get the following error:
rsync: link_stat "/home/bougui/{.}.dcd" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1655) [Receiver=3.1.1]
It looks like the replacement string is not working. How can I make it works?
Below is the output of parallel --version:
GNU parallel 20130922
Copyright (C) 2007,2008,2009,2010,2011,2012,2013 Ole Tange and Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
GNU parallel comes with no warranty.
Web site: http://www.gnu.org/software/parallel
When using GNU Parallel for a publication please cite:
O. Tange (2011): GNU Parallel - The Command-Line Power Tool,
;login: The USENIX Magazine, February 2011:42-47.
What you are doing is 100% correct. So something on your system is breaking this. Please try this on another system and if possible follow REPORTING BUGS from man parallel.
The bug reported in that thread has been fixed and this feature works well with the latest version of GNU parallel (20160622). The GNU parallel version 20130922 packaged with Debian 8.5 is buggy for the usage of {.} string replacement, as described below:
With more test I found that the output file must be specified with a replacement string in the command run in parallel.
For testing purpose, you can find below a complete example that others can run:
echo This is input_file > input_file && parallel --trc {}.out -S $SERVER1 cat {} ">"{}.out ::: input_file
The example above works well. When I use the substitution string {.} as below:
echo This is input_file > input_file.in && parallel --trc {.}.out -S $SERVER1 cat {} ">"{.}.out ::: input_file
It works, as well. However, if I didn't specify {.}.out in the command run in parallel as below:
echo This is input_file > input_file.in && parallel --trc {.}.out -S $SERVER1 cat {} ">"input_file.out ::: input_file
... I reproduce the error:
rsync: link_stat "/home/bouvier/{.}.out" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1655) [Receiver=3.1.1]
rsync: [Receiver] write error: Broken pipe (32)
Therefore the output file must be specified in the command run in parallel.
As part of automating the process of running secure code analysis, I have a Jenkins job which uses the sourceanalyzer command line tool to generate an .fpr results file. At the moment I'm opening this results file in Audit Workbench application to view the results and check if there's any newly introduced issues etc, and generating a report from there in PDF/XML format.
Does anyone is it possible to invoke Audit Workbench through the command line and generate a report on the issues, which we could then leverage through a Jenkins script and also then mail the results? Looking online the command line usage seems to stop at the fpr generation stage.
Thanks in advance!
There is a command-line utility to generate an Report from the FPR file.
Currently there are two report generators: Legacy and BIRT. The BIRT report engine was introduced into Audit Workbench with version 4.40.
Here is an example using the BIRT Report engine to generate a DISA STIG report
BIRTReportGenerator -template "DISA STIG" -source HelloWorld_second.fpr
-output BirtReport.pdf -format PDF -showSuppressed --Version "DISA STIG 3.9"
-UseFortifyPriorityOrder
Using the legacy one is a little more involved. The command is:
ReportGenerator -format pdf -f LegacyReport.pdf -source HelloWorld_second.fpr
-template DisaStig3.10.xml -showSuppressed -showHidden
You can either use one of the predefined template reports located in the <SCA Install Dir>/Core/config/reports directory or generate one using the Report Wizard and saving the template which gets stored in the C:\Users\<USER>\AppData\Local\Fortify\config\AWB-XX.XX\reports\ directory in Windows.
On Linux/Mac look at the configuration file <SCA Install Dir>/Core/config/fortify.properties for the com.fortify.WorkingDirectory property, this is where the reports will be stored
#SBurris,
If you don't want to show Suppressed/Hidden is it just -hideSuppressed and -hideHidden?
Also, is there a way to add custom filters to not show things like "nones" from the STIG/SANS/OWASP like you can create in the AWB GUI?
Basically, I need a command(s) to merge two FPRs and then compare them based on what is found new on the scanned code vs. the old FPR.
Merge should be:
FPRUtility -merge -project <newest_scan.fpr> -source <previous_scan.fpr> -f <BUILDXX_MergedWith_BUILDXY.fpr>
The custom filter I need after the merge is:
"[OWASP Top 10 2013]:!<none> OR [SANS Top 25 2011]:!<none> OR [STIG 3.9]:!<none> AND [Detected On]:!/^/"
Where the Detected On field is a custom tag that I need to carry through from the previous FPR file into the newly merged one.
AND THEN output the report from that newly merged fpr in pdf and xml format to a location/filename I specify. Something along the lines of:
~AWB_Installation_Dir/bin/ReportGenerator -format pdf -f [BUILDXX_MergedWith_BUILDXY].pdf -source output.fpr
-template DisaStig3.10.xml -hideSuppressed -hideHidden
Obviously this can be a multitude of commands as long as we can get it back to Bamboo. Any help would be greatly appreciated. Thanks.
FPRUtility interprets the space-separated conditions in the -information -search -query ... parameter by applying the boolean AND operator. To obtain a union of 2 conditions A || B, I figured I could intersect negations of other conditions that complement the former: !C && !D (where A || B || C || D always holds true). I.e., to find all high and critical issues, I use
FORTIFY_ROOT\jre\bin\java -d64 -Xmx4096M -jar FORTIFY_ROOT\Core\lib\exe\fpr-utility-exe.jar -project APP_VER_DATE.fpr -information -search -query "[OWASP Top 10 2017]:A [fortify priority order]:!low [fortify priority order]:!medium" -categoryIssueCounts -listIssues > issues.txt
In case of an audit, I figured I needed the older report generation utility to include suppressed issues (and their comments),
sed -e 's/\(IssueListing limit=\)"[^"]\+"/\1"-1"/' -i "FORTIFY_ROOT/Core/config/reports/DeveloperWorkbook.xml"
cmd /c call ReportGenerator -template DeveloperWorkbookAll.xml -format pdf -source APP_VER_DATE.fpr -showSuppressed -f "APP_VER_DATE_with_suppressed.pdf"
How we can generate FortiFy report using command ??? on linux.
In command, how we can include only some folders or files for analyzing and how we can give the location to store the report. etc.
Please help....
Thanks,
Karthik
1. Step#1 (clean cache)
you need to plan scan structure before starting:
scanid = 9999 (can be anything you like)
ProjectRoot = /local/proj/9999/
WorkingDirectory = /local/proj/9999/working
(this dir is huge, you need to "rm -rf ./working && mkdir ./working" before every scan, or byte code piles underneath this dir and consume your harddisk fast)
log = /local/proj/9999/working/sca.log
source='/local/proj/9999/source/src/**.*'
classpath='local/proj/9999/source/WEB-INF/lib/*.jar; /local/proj/9999/source/jars/**.*; /local/proj/9999/source/classes/**.*'
./sourceanalyzer -b 9999 -Dcom.fortify.sca.ProjectRoot=/local/proj/9999/ -Dcom.fortify.WorkingDirectory=/local/proj/9999/working -logfile /local/proj/working/9999/working/sca.log -clean
It is important to specify ProjectRoot, if not overwrite this system default, it will put under your /home/user.fortify
sca.log location is very important, if fortify does not find this file, it cannot find byte code to scan.
You can alter the ProjectRoot and Working Directory once for all if your are the only user: FORTIFY_HOME/Core/config/fortify_sca.properties).
In such case, your command line would be ./sourceanalyzer -b 9999 -clean
2. Step#2 (translate source code to byte code)
nohup ./sourceanalyzer -b 9999 -verbose -64 -Xmx8000M -Xss24M -XX:MaxPermSize=128M -XX:+CMSClassUnloadingEnabled -XX:+UseConcMarkSweepGC -XX:+UseParallelGC -Dcom.fortify.sca.ProjectRoot=/local/proj/9999/ -Dcom.fortify.WorkingDirectory=/local/proj/9999/working -logfile /local/proj/9999/sca.log -source 1.5 -classpath '/local/proj/9999/source/WEB-INF/lib/*.jar:/local/proj/9999/source/jars/**/*.jar:/local/proj/9999/source/classes/**/*.class' -extdirs '/local/proj/9999/source/wars/*.war' '/local/proj/9999/source/src/**/*' &
always unix background job (&) in case your session to server is timeout, it will keep working.
cp : put all your known classpath here for fortify to resolve the functiodfn calls. If function not found, fortify will skip the source code translation, so this part will not be scanned later. You will get a poor scan quality but FPR looks good (low issue reported). It is important to have all dependency jars in place.
-extdir: put all directories/files you don't want to be scanned here.
the last section, files between ' ' are your source.
-64 is to use 64-bit java, if not specified, 32-bit will be used and the max heap should be <1.3 GB (-Xmx1200M is safe).
-XX: are the same meaning as in launch application server. only use these to control the class heap and garbage collection. This is to tweak performance.
-source is java version (1.5 to 1.8)
3. Step#3 (scan with rulepack, custom rules, filters, etc)
nohup ./sourceanalyzer -b 9999 -64 -Xmx8000M -Dcom.fortify.sca.ProjectRoot=/local/proj/9999 -Dcom.fortify.WorkingDirectory=/local/proj/9999/working -logfile /local/ssap/proj/9999/working/sca.log **-scan** -filter '/local/other/filter.txt' -rules '/local/other/custom/*.xml -f '/local/proj/9999.fpr' &
-filter: file name must be filter.txt, any ruleguid in this file will not be reported.
rules: this is the custom rule you wrote. the HP rulepack is in FORTIFY_HOME/Core/config/rules directory
-scan : keyword to tell fortify engine to scan existing scanid. You can skip step#2 and only do step#3 if you did notchange code, just want to play with different filter/custom rules
4. Step#4 Generate PDF from the FPR file (if required)
./ReportGenerator -format pdf -f '/local/proj/9999.pdf' -source '/local/proj/9999.fpr'