Changeset View
Changeset View
Standalone View
Standalone View
contrib/devtools/test-security-check.py
| Show All 30 Lines | |||||
| class TestSecurityChecks(unittest.TestCase): | class TestSecurityChecks(unittest.TestCase): | ||||
| def test_ELF(self): | def test_ELF(self): | ||||
| source = 'test1.c' | source = 'test1.c' | ||||
| executable = 'test1' | executable = 'test1' | ||||
| cc = 'gcc' | cc = 'gcc' | ||||
| write_testcode(source) | write_testcode(source) | ||||
| self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack', '-fno-stack-protector', '-Wl,-znorelro']), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack', '-fno-stack-protector', '-Wl,-znorelro', '-no-pie', '-fno-PIE']), | ||||
| (1, executable + ': failed PIE NX RELRO Canary')) | (1, executable + ': failed PIE NX RELRO Canary')) | ||||
| self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fno-stack-protector', '-Wl,-znorelro']), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fno-stack-protector', '-Wl,-znorelro', '-no-pie', '-fno-PIE']), | ||||
| (1, executable + ': failed PIE RELRO Canary')) | (1, executable + ': failed PIE RELRO Canary')) | ||||
| self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fstack-protector-all', '-Wl,-znorelro']), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fstack-protector-all', '-Wl,-znorelro', '-no-pie', '-fno-PIE']), | ||||
| (1, executable + ': failed PIE RELRO')) | (1, executable + ': failed PIE RELRO')) | ||||
| self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fstack-protector-all', '-Wl,-znorelro', '-pie', '-fPIE']), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fstack-protector-all', '-Wl,-znorelro', '-pie', '-fPIE']), | ||||
| (1, executable + ': failed RELRO')) | (1, executable + ': failed RELRO')) | ||||
| self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fstack-protector-all', '-Wl,-zrelro', '-Wl,-z,now', '-pie', '-fPIE']), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack', '-fstack-protector-all', '-Wl,-zrelro', '-Wl,-z,now', '-pie', '-fPIE']), | ||||
| (0, '')) | (0, '')) | ||||
| def test_32bit_PE(self): | def test_32bit_PE(self): | ||||
| source = 'test1.c' | source = 'test1.c' | ||||
| executable = 'test1.exe' | executable = 'test1.exe' | ||||
| cc = 'i686-w64-mingw32-gcc' | cc = 'i686-w64-mingw32-gcc' | ||||
| write_testcode(source) | write_testcode(source) | ||||
| self.assertEqual(call_security_check(cc, source, executable, []), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--no-nxcompat', '-Wl,--no-dynamicbase']), | ||||
| (1, executable + ': failed DYNAMIC_BASE NX')) | (1, executable + ': failed DYNAMIC_BASE NX')) | ||||
| self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat']), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat', '-Wl,--no-dynamicbase']), | ||||
| (1, executable + ': failed DYNAMIC_BASE')) | (1, executable + ': failed DYNAMIC_BASE')) | ||||
| self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat', '-Wl,--dynamicbase']), | self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat', '-Wl,--dynamicbase']), | ||||
| (0, '')) | (0, '')) | ||||
| def test_64bit_PE(self): | def test_64bit_PE(self): | ||||
| source = 'test1.c' | source = 'test1.c' | ||||
| executable = 'test1.exe' | executable = 'test1.exe' | ||||
| cc = 'x86_64-w64-mingw32-gcc' | cc = 'x86_64-w64-mingw32-gcc' | ||||
| write_testcode(source) | write_testcode(source) | ||||
| self.assertEqual( | self.assertEqual( | ||||
| call_security_check( | call_security_check( | ||||
| cc, | cc, | ||||
| source, | source, | ||||
| executable, | executable, | ||||
| []), | ['-Wl,--no-nxcompat', '-Wl,--no-dynamicbase', '-Wl,--no-high-entropy-va']), | ||||
| (1, | (1, | ||||
| executable + ': failed DYNAMIC_BASE NX\n' + executable + ': warning HIGH_ENTROPY_VA')) | executable + ': failed DYNAMIC_BASE HIGH_ENTROPY_VA NX')) | ||||
| self.assertEqual( | self.assertEqual( | ||||
| call_security_check( | call_security_check( | ||||
| cc, | cc, | ||||
| source, | source, | ||||
| executable, | executable, | ||||
| ['-Wl,--nxcompat']), | ['-Wl,--nxcompat', '-Wl,--no-dynamicbase', '-Wl,--no-high-entropy-va']), | ||||
| (1, | (1, | ||||
| executable + ': failed DYNAMIC_BASE\n' + executable + ': warning HIGH_ENTROPY_VA')) | executable + ': failed DYNAMIC_BASE HIGH_ENTROPY_VA')) | ||||
| self.assertEqual( | self.assertEqual( | ||||
| call_security_check( | call_security_check( | ||||
| cc, source, executable, [ | cc, source, executable, [ | ||||
| '-Wl,--nxcompat', '-Wl,--dynamicbase']), (0, executable + ': warning HIGH_ENTROPY_VA')) | '-Wl,--nxcompat', '-Wl,--dynamicbase', '-Wl,--no-high-entropy-va']), (1, executable + ': failed HIGH_ENTROPY_VA')) | ||||
| self.assertEqual( | self.assertEqual( | ||||
| call_security_check( | call_security_check( | ||||
| cc, source, executable, [ | cc, source, executable, [ | ||||
| '-Wl,--nxcompat', '-Wl,--dynamicbase', '-Wl,--high-entropy-va']), (0, '')) | '-Wl,--nxcompat', '-Wl,--dynamicbase', '-Wl,--high-entropy-va']), (0, '')) | ||||
| if __name__ == '__main__': | if __name__ == '__main__': | ||||
| unittest.main() | unittest.main() | ||||