scripts: add PE .reloc section check to security-check.py

author: fanquake <fanquake@gmail.com> 2020-04-13 20:32:19 +0800
committer: fanquake <fanquake@gmail.com> 2020-04-23 08:40:24 +0800
commit: 3e38023af724a76972d39cbccfb0bba4c54a0323 (patch)
tree: 0c2704053585fd93d6b1c40dc5942a3061f8ab36 /contrib/devtools/test-security-check.py
parent: 47b94a337e1aad0c347fdfecba999b963ab51006 (diff)
1 files changed, 9 insertions, 7 deletions
diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py
index d09f1d0064..ea70b27941 100755
--- a/contrib/devtools/test-security-check.py
+++ b/contrib/devtools/test-security-check.py
@@ -49,13 +49,15 @@ class TestSecurityChecks(unittest.TestCase):
         cc = 'x86_64-w64-mingw32-gcc'
         write_testcode(source)
 
-        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--no-nxcompat','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va']),
-            (1, executable+': failed DYNAMIC_BASE HIGH_ENTROPY_VA NX'))
-        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va']),
-            (1, executable+': failed DYNAMIC_BASE HIGH_ENTROPY_VA'))
-        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--no-high-entropy-va']),
-            (1, executable+': failed HIGH_ENTROPY_VA'))
-        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--high-entropy-va']),
+        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--no-nxcompat','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
+            (1, executable+': failed DYNAMIC_BASE HIGH_ENTROPY_VA NX RELOC_SECTION'))
+        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
+            (1, executable+': failed DYNAMIC_BASE HIGH_ENTROPY_VA RELOC_SECTION'))
+        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
+            (1, executable+': failed HIGH_ENTROPY_VA RELOC_SECTION'))
+        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--high-entropy-va','-no-pie','-fno-PIE']),
+            (1, executable+': failed RELOC_SECTION'))
+        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE']),
             (0, ''))
 
     def test_MACHO(self):
author	fanquake <fanquake@gmail.com>	2020-04-13 20:32:19 +0800
committer	fanquake <fanquake@gmail.com>	2020-04-23 08:40:24 +0800
commit	3e38023af724a76972d39cbccfb0bba4c54a0323 (patch)
tree	0c2704053585fd93d6b1c40dc5942a3061f8ab36 /contrib/devtools/test-security-check.py
parent	47b94a337e1aad0c347fdfecba999b963ab51006 (diff)