diff options
author | Wladimir J. van der Laan <laanwj@protonmail.com> | 2020-11-24 13:02:08 +0100 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@protonmail.com> | 2020-12-03 12:15:12 +0100 |
commit | 5bab08df175db3a4283596515e498fc5a4d0dab9 (patch) | |
tree | 95ec579d3e339c89affc428edbbecd027b47aae9 | |
parent | 0918eb49d5afabdf811da5eeb89f4f2c22d12de2 (diff) |
contrib: Add test for ELF symbol-check
Check both failure cases:
- Use a glibc symbol from a version that is too new
- Use a symbol from a library that is not in the allowlist
And also check a conforming binary.
Adding a similar check for Windows PE can be done in a separate PR.
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rwxr-xr-x | contrib/devtools/test-symbol-check.py | 88 |
3 files changed, 91 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index c8af4228f3..798f8b3524 100644 --- a/Makefile.am +++ b/Makefile.am @@ -359,4 +359,5 @@ if TARGET_WINDOWS endif if TARGET_LINUX $(AM_V_at) $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_ELF + $(AM_V_at) $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_ELF endif diff --git a/configure.ac b/configure.ac index a512fce83e..215144129f 100644 --- a/configure.ac +++ b/configure.ac @@ -1695,7 +1695,9 @@ AC_CONFIG_FILES([Makefile src/Makefile doc/man/Makefile share/setup.nsi share/qt AC_CONFIG_FILES([contrib/devtools/split-debug.sh],[chmod +x contrib/devtools/split-debug.sh]) AM_COND_IF([HAVE_DOXYGEN], [AC_CONFIG_FILES([doc/Doxyfile])]) AC_CONFIG_LINKS([contrib/devtools/security-check.py:contrib/devtools/security-check.py]) +AC_CONFIG_LINKS([contrib/devtools/symbol-check.py:contrib/devtools/symbol-check.py]) AC_CONFIG_LINKS([contrib/devtools/test-security-check.py:contrib/devtools/test-security-check.py]) +AC_CONFIG_LINKS([contrib/devtools/test-symbol-check.py:contrib/devtools/test-symbol-check.py]) AC_CONFIG_LINKS([contrib/filter-lcov.py:contrib/filter-lcov.py]) AC_CONFIG_LINKS([test/functional/test_runner.py:test/functional/test_runner.py]) AC_CONFIG_LINKS([test/fuzz/test_runner.py:test/fuzz/test_runner.py]) diff --git a/contrib/devtools/test-symbol-check.py b/contrib/devtools/test-symbol-check.py new file mode 100755 index 0000000000..48abf60039 --- /dev/null +++ b/contrib/devtools/test-symbol-check.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python3 +# Copyright (c) 2020 The Bitcoin Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. +''' +Test script for symbol-check.py +''' +import subprocess +import unittest + +def call_symbol_check(cc, source, executable, options): + subprocess.run([cc,source,'-o',executable] + options, check=True) + p = subprocess.run(['./contrib/devtools/symbol-check.py',executable], stdout=subprocess.PIPE, universal_newlines=True) + return (p.returncode, p.stdout.rstrip()) + +def get_machine(cc): + p = subprocess.run([cc,'-dumpmachine'], stdout=subprocess.PIPE, universal_newlines=True) + return p.stdout.rstrip() + +class TestSymbolChecks(unittest.TestCase): + def test_ELF(self): + source = 'test1.c' + executable = 'test1' + cc = 'gcc' + + # there's no way to do this test for RISC-V at the moment; bionic's libc is 2.27 + # and we allow all symbols from 2.27. + if 'riscv' in get_machine(cc): + self.skipTest("test not available for RISC-V") + + # memfd_create was introduced in GLIBC 2.27, so is newer than the upper limit of + # all but RISC-V but still available on bionic + with open(source, 'w', encoding="utf8") as f: + f.write(''' + #define _GNU_SOURCE + #include <sys/mman.h> + + int memfd_create(const char *name, unsigned int flags); + + int main() + { + memfd_create("test", 0); + return 0; + } + ''') + + self.assertEqual(call_symbol_check(cc, source, executable, []), + (1, executable + ': symbol memfd_create from unsupported version GLIBC_2.27\n' + + executable + ': failed IMPORTED_SYMBOLS')) + + # -lutil is part of the libc6 package so a safe bet that it's installed + # it's also out of context enough that it's unlikely to ever become a real dependency + source = 'test2.c' + executable = 'test2' + with open(source, 'w', encoding="utf8") as f: + f.write(''' + #include <utmp.h> + + int main() + { + login(0); + return 0; + } + ''') + + self.assertEqual(call_symbol_check(cc, source, executable, ['-lutil']), + (1, executable + ': NEEDED library libutil.so.1 is not allowed\n' + + executable + ': failed LIBRARY_DEPENDENCIES')) + + # finally, check a conforming file that simply uses a math function + source = 'test3.c' + executable = 'test3' + with open(source, 'w', encoding="utf8") as f: + f.write(''' + #include <math.h> + + int main() + { + return (int)pow(2.0, 4.0); + } + ''') + + self.assertEqual(call_symbol_check(cc, source, executable, ['-lm']), + (0, '')) + +if __name__ == '__main__': + unittest.main() + |