diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2015-10-22 10:23:18 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2015-10-22 10:23:42 +0200 |
| commit | a09297010e171af28a7a3fcad65a4e0aefea53ba (patch) | |
| tree | 8dbc5a8ba29909f6832d7bbb456e7cc70b67c7d8 /contrib/devtools/test-security-check.py | |
| parent | 0fbfc5106cd9866325b4a1ab3b9db8e91e54f070 (diff) | |
| parent | 579b863cd7586b98974484ad55e19be2a54d241d (diff) | |
| download | bitcoin-a09297010e171af28a7a3fcad65a4e0aefea53ba.tar.xz | |
Merge pull request #6854
579b863 devtools: Add security-check.py (Wladimir J. van der Laan)
Diffstat (limited to 'contrib/devtools/test-security-check.py')
| -rwxr-xr-x | contrib/devtools/test-security-check.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py new file mode 100755 index 0000000000..fed7626aab --- /dev/null +++ b/contrib/devtools/test-security-check.py @@ -0,0 +1,60 @@ +#!/usr/bin/python2 +''' +Test script for security-check.py +''' +from __future__ import division,print_function +import subprocess +import sys +import unittest + +def write_testcode(filename): + with open(filename, 'w') as f: + f.write(''' + #include <stdio.h> + int main() + { + printf("the quick brown fox jumps over the lazy god\\n"); + return 0; + } + ''') + +def call_security_check(cc, source, executable, options): + subprocess.check_call([cc,source,'-o',executable] + options) + p = subprocess.Popen(['./security-check.py',executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) + (stdout, stderr) = p.communicate() + return (p.returncode, stdout.rstrip()) + +class TestSecurityChecks(unittest.TestCase): + def test_ELF(self): + source = 'test1.c' + executable = 'test1' + cc = 'gcc' + write_testcode(source) + + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro']), + (1, executable+': failed PIE NX RELRO Canary')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro']), + (1, executable+': failed PIE RELRO Canary')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro']), + (1, executable+': failed PIE RELRO')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE']), + (1, executable+': failed RELRO')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE']), + (0, '')) + + def test_PE(self): + source = 'test1.c' + executable = 'test1.exe' + cc = 'i686-w64-mingw32-gcc' + write_testcode(source) + + self.assertEqual(call_security_check(cc, source, executable, []), + (1, executable+': failed PIE NX')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat']), + (1, executable+': failed PIE')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase']), + (0, '')) + +if __name__ == '__main__': + unittest.main() + |