make pyright happy

angrop/chain_builder/mem_writer.py

@@ -18,8 +18,8 @@ class MemWriter(Builder):
     """
     def __init__(self, chain_builder):
         super().__init__(chain_builder)
-        self._mem_write_gadgets = None
-        self._good_mem_write_gadgets = None
+        self._mem_write_gadgets: set = None # type: ignore
+        self._good_mem_write_gadgets: set = None # type: ignore
 
     def update(self):
         self._mem_write_gadgets = self._get_all_mem_write_gadgets(self.chain_builder.gadgets)

angrop/chain_builder/pivot.py

@@ -30,7 +30,7 @@ class Pivot(Builder):
     """
     def __init__(self, chain_builder):
         super().__init__(chain_builder)
-        self._pivot_gadgets = None
+        self._pivot_gadgets: List = None # type: ignore
 
     def update(self):
         self._pivot_gadgets = self.filter_gadgets(self.chain_builder.pivot_gadgets)

angrop/gadget_finder/__init__.py

@@ -21,7 +21,7 @@
 logging.getLogger('pyvex.lifting').setLevel("ERROR")
 
 
-_global_gadget_analyzer = None
+_global_gadget_analyzer: gadget_analyzer.GadgetAnalyzer = None # type: ignore
 
 # disable loggers in each worker
 def _disable_loggers():
@@ -71,13 +71,16 @@ def __init__(self, project, fast_mode=None, only_check_near_rets=True, max_block
         if max_sym_mem_access:
             self.arch.max_sym_mem_access = max_sym_mem_access
         if is_thumb:
-            self.arch.set_thumb()
+            assert isinstance(self.arch, ARM), "is_thumb is only compatible with ARM binaries!"
+            arch: ARM = self.arch
+            arch.set_thumb()
 
         # internal stuff
-        self._ret_locations = None
-        self._syscall_locations = None
-        self._cache = None # cache seen blocks, dict(block_hash => sets of addresses)
-        self._gadget_analyzer = None
+        self._ret_locations: list = None # type: ignore
+        self._syscall_locations: list = None # type: ignore
+        # cache seen blocks, dict(block_hash => sets of addresses)
+        self._cache: dict = None # type: ignore
+        self._gadget_analyzer: gadget_analyzer.GadgetAnalyzer = None # type: ignore
         self._executable_ranges = None
 
         # silence annoying loggers
@@ -197,7 +200,13 @@ def find_gadgets_single_threaded(self, show_progress=True):
         assert self.gadget_analyzer is not None
 
         for addr in self._addresses_to_check_with_caching(show_progress):
-            gadgets.extend(self.gadget_analyzer.analyze_gadget(addr))
+            res = self.gadget_analyzer.analyze_gadget(addr)
+            if res is None:
+                continue
+            if isinstance(res, list):
+                gadgets.extend(res)
+                continue
+            gadgets.append(res)
 
         for g in gadgets:
             g.project = self.project

angrop/gadget_finder/gadget_analyzer.py

@@ -41,7 +41,7 @@ def __init__(self, project, fast_mode, kernel_mode=False, arch=None, stack_gsize
                                                     fast_mode=self._fast_mode)
         self._concrete_sp = self._state.solver.eval(self._state.regs.sp)
 
-    def analyze_gadget(self, addr, allow_conditional_branches=None):
+    def analyze_gadget(self, addr, allow_conditional_branches=None) -> list[RopGadget] | RopGadget | None:
         """
         Find gadgets at the given address.
 
@@ -662,7 +662,7 @@ def _compute_sp_change(self, init_state, final_state, gadget):
             final_state = rop_utils.step_to_unconstrained_successor(self.project, state=init_state, precise_action=True)
             dependencies = self._get_reg_dependencies(final_state, "sp")
             last_sp = None
-            init_sym_sp = None
+            init_sym_sp: frozenset = None # type: ignore
             prev_act = None
             for act in final_state.history.actions:
                 if act.type == 'reg' and act.action == 'write' and act.storage == self.arch.stack_pointer:
@@ -677,6 +677,8 @@ def _compute_sp_change(self, init_state, final_state, gadget):
             else:
                 gadget.stack_change = 0
 
+            assert init_sym_sp is None, "there is no sybmolic sp, how does the pivoting work?"
+
             # if is popped from stack, we need to compensate for the popped sp value on the stack
             # if it is a pop, then sp comes from stack and the previous action must be a mem read
             # and the data is the new sp

angrop/rop_gadget.py

@@ -98,7 +98,7 @@ def __init__(self, addr):
         self.project = None
         self.addr = addr
         self.block_length = None
-        self.stack_change = None
+        self.stack_change: int = None # type: ignore
 
         # register effect information
         self.changed_regs = set()
@@ -120,7 +120,7 @@ def __init__(self, addr):
         # it is just a register. With the register setting framework, we will be able to
         # utilize gadgets like `call qword ptr [rax+rbx]` because we have the dependency information.
         # transition information, i.e. how to pass the control flow to the next gadget
-        self.transit_type = None
+        self.transit_type: str = None # type: ignore
         self.pc_reg = None
         # pc_offset is exclusively used when transit_type is "pop_pc",
         # when pc_offset==stack_change-arch_bytes, transit_type is basically ret
@@ -131,8 +131,8 @@ def __init__(self, addr):
         # Registers that affect path constraints
         self.constraint_regs = set()
         # Instruction count to estimate complexity
-        self.isn_count = None
-        self.has_conditional_branch = None
+        self.isn_count: int = None # type: ignore
+        self.has_conditional_branch: bool = None # type: ignore
 
     @property
     def num_mem_access(self):
@@ -205,7 +205,7 @@ def __repr__(self):
         return "<Gadget %#x>" % self.addr
 
     def copy(self):
-        out = RopGadget(self.addr)
+        out = self.__class__(self.addr)
         out.project = self.project
         out.addr = self.addr
         out.changed_regs = set(self.changed_regs)
@@ -255,6 +255,7 @@ def __repr__(self):
         return f"<PivotGadget {self.addr:#x}>"
 
     def copy(self):
+
         new = super().copy()
         new.stack_change_after_pivot = self.stack_change_after_pivot
         new.sp_reg_controllers = set(self.sp_reg_controllers)

angrop/rop_utils.py

@@ -3,6 +3,7 @@
 
 import angr
 import claripy
+from angr.engines.successors import SimSuccessors
 
 from .errors import RegNotFoundException, RopException, RopTimeoutException
 from .rop_value import RopValue
@@ -12,7 +13,7 @@ def addr_to_asmstring(project, addr):
     return "; ".join(["%s %s" %(i.mnemonic, i.op_str) for i in block.capstone.insns])
 
 
-def get_ast_dependency(ast):
+def get_ast_dependency(ast) -> set:
     """
     ast must be created from a symbolic state where registers values are named "sreg_REG-"
     looks for registers that if we make the register symbolic then the ast becomes symbolic
@@ -29,7 +30,7 @@ def get_ast_dependency(ast):
     return dependencies
 
 
-def get_ast_controllers(state, ast, reg_deps):
+def get_ast_controllers(state, ast, reg_deps) -> set:
     """
     looks for registers that we can make symbolic then the ast can be "anything"
     :param state: the input state
@@ -40,7 +41,7 @@ def get_ast_controllers(state, ast, reg_deps):
 
     test_val = 0x4141414141414141 % (2 << state.arch.bits)
 
-    controllers = []
+    controllers = set()
     if not ast.symbolic:
         return controllers
 
@@ -62,7 +63,7 @@ def get_ast_controllers(state, ast, reg_deps):
             extra_constraints.append(state.registers.load(r) == test_val)
 
         if unconstrained_check(state, ast, extra_constraints=extra_constraints):
-            controllers.append(reg)
+            controllers.add(reg)
 
     return controllers
 
@@ -309,6 +310,7 @@ def step_to_unconstrained_successor(project, state, max_steps=2, allow_simproced
         # nums
         state.options.add(angr.options.BYPASS_UNSUPPORTED_SYSCALL)
 
+        succ: SimSuccessors = None # type: ignore
         if not precise_action:
             succ = project.factory.successors(state)
             if stop_at_syscall and succ.flat_successors: