63 lines
2.6 KiB
63 lines
2.6 KiB
#!/usr/bin/env python2 |
|
# Copyright (c) 2015-2016 The Bitcoin Core developers |
|
# Distributed under the MIT software license, see the accompanying |
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php. |
|
''' |
|
Test script for security-check.py |
|
''' |
|
from __future__ import division,print_function |
|
import subprocess |
|
import sys |
|
import unittest |
|
|
|
def write_testcode(filename): |
|
with open(filename, 'w') as f: |
|
f.write(''' |
|
#include <stdio.h> |
|
int main() |
|
{ |
|
printf("the quick brown fox jumps over the lazy god\\n"); |
|
return 0; |
|
} |
|
''') |
|
|
|
def call_security_check(cc, source, executable, options): |
|
subprocess.check_call([cc,source,'-o',executable] + options) |
|
p = subprocess.Popen(['./security-check.py',executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) |
|
(stdout, stderr) = p.communicate() |
|
return (p.returncode, stdout.rstrip()) |
|
|
|
class TestSecurityChecks(unittest.TestCase): |
|
def test_ELF(self): |
|
source = 'test1.c' |
|
executable = 'test1' |
|
cc = 'gcc' |
|
write_testcode(source) |
|
|
|
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro']), |
|
(1, executable+': failed PIE NX RELRO Canary')) |
|
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro']), |
|
(1, executable+': failed PIE RELRO Canary')) |
|
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro']), |
|
(1, executable+': failed PIE RELRO')) |
|
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE']), |
|
(1, executable+': failed RELRO')) |
|
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE']), |
|
(0, '')) |
|
|
|
def test_PE(self): |
|
source = 'test1.c' |
|
executable = 'test1.exe' |
|
cc = 'i686-w64-mingw32-gcc' |
|
write_testcode(source) |
|
|
|
self.assertEqual(call_security_check(cc, source, executable, []), |
|
(1, executable+': failed PIE NX')) |
|
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat']), |
|
(1, executable+': failed PIE')) |
|
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase']), |
|
(0, '')) |
|
|
|
if __name__ == '__main__': |
|
unittest.main() |
|
|
|
|