kevacoin/contrib/devtools/test-security-check.py

#!/usr/bin/env python2
# Copyright (c) 2015-2016 The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
'''
Test script for security-check.py
'''
from __future__ import division,print_function
import subprocess
import sys
import unittest

def write_testcode(filename):
    with open(filename, 'w') as f:
        f.write('''
    #include <stdio.h>
    int main()
    {
        printf("the quick brown fox jumps over the lazy god\\n");
        return 0;
    }
    ''')

def call_security_check(cc, source, executable, options):
    subprocess.check_call([cc,source,'-o',executable] + options)
    p = subprocess.Popen(['./security-check.py',executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
    (stdout, stderr) = p.communicate()
    return (p.returncode, stdout.rstrip())

class TestSecurityChecks(unittest.TestCase):
    def test_ELF(self):
        source = 'test1.c'
        executable = 'test1'
        cc = 'gcc'
        write_testcode(source)

        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro']), 
                (1, executable+': failed PIE NX RELRO Canary'))
        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro']), 
                (1, executable+': failed PIE RELRO Canary'))
        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro']), 
                (1, executable+': failed PIE RELRO'))
        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE']), 
                (1, executable+': failed RELRO'))
        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE']), 
                (0, ''))

    def test_PE(self):
        source = 'test1.c'
        executable = 'test1.exe'
        cc = 'i686-w64-mingw32-gcc'
        write_testcode(source)

        self.assertEqual(call_security_check(cc, source, executable, []), 
                (1, executable+': failed PIE NX'))
        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat']), 
                (1, executable+': failed PIE'))
        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase']), 
                (0, ''))

if __name__ == '__main__':
    unittest.main()
Use portable #! in python scripts (/usr/bin/env) 8 years ago			`#!/usr/bin/env python2`
[copyright] add MIT License copyright header to remaining Python files 8 years ago			`# Copyright (c) 2015-2016 The Bitcoin Core developers`
			`# Distributed under the MIT software license, see the accompanying`
			`# file COPYING or http://www.opensource.org/licenses/mit-license.php.`
devtools: Add security-check.py Perform the following ELF security checks: - PIE: Check for position independent executable (PIE), allowing for address space randomization - NX: Check that no sections are writable and executable (including the stack) - RELRO: Check for read-only relocations, binding at startup - Canary: Check for use of stack canary Also add a check to symbol-check.py that checks that only the subset of allowed libraries is imported (to avoid incompatibilities). 9 years ago			`'''`
			`Test script for security-check.py`
			`'''`
			`from __future__ import division,print_function`
			`import subprocess`
			`import sys`
			`import unittest`

			`def write_testcode(filename):`
			`with open(filename, 'w') as f:`
			`f.write('''`
			`#include <stdio.h>`
			`int main()`
			`{`
			`printf("the quick brown fox jumps over the lazy god\\n");`
			`return 0;`
			`}`
			`''')`

			`def call_security_check(cc, source, executable, options):`
			`subprocess.check_call([cc,source,'-o',executable] + options)`
			`p = subprocess.Popen(['./security-check.py',executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)`
			`(stdout, stderr) = p.communicate()`
			`return (p.returncode, stdout.rstrip())`

			`class TestSecurityChecks(unittest.TestCase):`
			`def test_ELF(self):`
			`source = 'test1.c'`
			`executable = 'test1'`
			`cc = 'gcc'`
			`write_testcode(source)`

			`self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro']),`
			`(1, executable+': failed PIE NX RELRO Canary'))`
			`self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro']),`
			`(1, executable+': failed PIE RELRO Canary'))`
			`self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro']),`
			`(1, executable+': failed PIE RELRO'))`
			`self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE']),`
			`(1, executable+': failed RELRO'))`
			`self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE']),`
			`(0, ''))`

			`def test_PE(self):`
			`source = 'test1.c'`
			`executable = 'test1.exe'`
			`cc = 'i686-w64-mingw32-gcc'`
			`write_testcode(source)`

			`self.assertEqual(call_security_check(cc, source, executable, []),`
			`(1, executable+': failed PIE NX'))`
			`self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat']),`
			`(1, executable+': failed PIE'))`
			`self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase']),`
			`(0, ''))`

			`if __name__ == '__main__':`
			`unittest.main()`