aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@protonmail.com>2020-11-24 13:02:08 +0100
committerWladimir J. van der Laan <laanwj@protonmail.com>2020-12-03 12:15:12 +0100
commit5bab08df175db3a4283596515e498fc5a4d0dab9 (patch)
tree95ec579d3e339c89affc428edbbecd027b47aae9
parent0918eb49d5afabdf811da5eeb89f4f2c22d12de2 (diff)
contrib: Add test for ELF symbol-check
Check both failure cases: - Use a glibc symbol from a version that is too new - Use a symbol from a library that is not in the allowlist And also check a conforming binary. Adding a similar check for Windows PE can be done in a separate PR.
-rw-r--r--Makefile.am1
-rw-r--r--configure.ac2
-rwxr-xr-xcontrib/devtools/test-symbol-check.py88
3 files changed, 91 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am
index c8af4228f3..798f8b3524 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -359,4 +359,5 @@ if TARGET_WINDOWS
endif
if TARGET_LINUX
$(AM_V_at) $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_ELF
+ $(AM_V_at) $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_ELF
endif
diff --git a/configure.ac b/configure.ac
index a512fce83e..215144129f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1695,7 +1695,9 @@ AC_CONFIG_FILES([Makefile src/Makefile doc/man/Makefile share/setup.nsi share/qt
AC_CONFIG_FILES([contrib/devtools/split-debug.sh],[chmod +x contrib/devtools/split-debug.sh])
AM_COND_IF([HAVE_DOXYGEN], [AC_CONFIG_FILES([doc/Doxyfile])])
AC_CONFIG_LINKS([contrib/devtools/security-check.py:contrib/devtools/security-check.py])
+AC_CONFIG_LINKS([contrib/devtools/symbol-check.py:contrib/devtools/symbol-check.py])
AC_CONFIG_LINKS([contrib/devtools/test-security-check.py:contrib/devtools/test-security-check.py])
+AC_CONFIG_LINKS([contrib/devtools/test-symbol-check.py:contrib/devtools/test-symbol-check.py])
AC_CONFIG_LINKS([contrib/filter-lcov.py:contrib/filter-lcov.py])
AC_CONFIG_LINKS([test/functional/test_runner.py:test/functional/test_runner.py])
AC_CONFIG_LINKS([test/fuzz/test_runner.py:test/fuzz/test_runner.py])
diff --git a/contrib/devtools/test-symbol-check.py b/contrib/devtools/test-symbol-check.py
new file mode 100755
index 0000000000..48abf60039
--- /dev/null
+++ b/contrib/devtools/test-symbol-check.py
@@ -0,0 +1,88 @@
+#!/usr/bin/env python3
+# Copyright (c) 2020 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+'''
+Test script for symbol-check.py
+'''
+import subprocess
+import unittest
+
+def call_symbol_check(cc, source, executable, options):
+ subprocess.run([cc,source,'-o',executable] + options, check=True)
+ p = subprocess.run(['./contrib/devtools/symbol-check.py',executable], stdout=subprocess.PIPE, universal_newlines=True)
+ return (p.returncode, p.stdout.rstrip())
+
+def get_machine(cc):
+ p = subprocess.run([cc,'-dumpmachine'], stdout=subprocess.PIPE, universal_newlines=True)
+ return p.stdout.rstrip()
+
+class TestSymbolChecks(unittest.TestCase):
+ def test_ELF(self):
+ source = 'test1.c'
+ executable = 'test1'
+ cc = 'gcc'
+
+ # there's no way to do this test for RISC-V at the moment; bionic's libc is 2.27
+ # and we allow all symbols from 2.27.
+ if 'riscv' in get_machine(cc):
+ self.skipTest("test not available for RISC-V")
+
+ # memfd_create was introduced in GLIBC 2.27, so is newer than the upper limit of
+ # all but RISC-V but still available on bionic
+ with open(source, 'w', encoding="utf8") as f:
+ f.write('''
+ #define _GNU_SOURCE
+ #include <sys/mman.h>
+
+ int memfd_create(const char *name, unsigned int flags);
+
+ int main()
+ {
+ memfd_create("test", 0);
+ return 0;
+ }
+ ''')
+
+ self.assertEqual(call_symbol_check(cc, source, executable, []),
+ (1, executable + ': symbol memfd_create from unsupported version GLIBC_2.27\n' +
+ executable + ': failed IMPORTED_SYMBOLS'))
+
+ # -lutil is part of the libc6 package so a safe bet that it's installed
+ # it's also out of context enough that it's unlikely to ever become a real dependency
+ source = 'test2.c'
+ executable = 'test2'
+ with open(source, 'w', encoding="utf8") as f:
+ f.write('''
+ #include <utmp.h>
+
+ int main()
+ {
+ login(0);
+ return 0;
+ }
+ ''')
+
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-lutil']),
+ (1, executable + ': NEEDED library libutil.so.1 is not allowed\n' +
+ executable + ': failed LIBRARY_DEPENDENCIES'))
+
+ # finally, check a conforming file that simply uses a math function
+ source = 'test3.c'
+ executable = 'test3'
+ with open(source, 'w', encoding="utf8") as f:
+ f.write('''
+ #include <math.h>
+
+ int main()
+ {
+ return (int)pow(2.0, 4.0);
+ }
+ ''')
+
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-lm']),
+ (0, ''))
+
+if __name__ == '__main__':
+ unittest.main()
+