aboutsummaryrefslogtreecommitdiff
path: root/contrib/devtools
diff options
context:
space:
mode:
authorfanquake <fanquake@gmail.com>2021-04-06 10:13:06 +0800
committerfanquake <fanquake@gmail.com>2021-05-04 20:48:00 +0800
commit0f5d77c8e4db691733edb455dd9e31dabe933b8d (patch)
tree6b8f817a1690eb7413b9282a6d004ccfe1749579 /contrib/devtools
parent8e1f40dd9a5135dbdec2c25961fbd0729a42254c (diff)
contrib: add PE PIE check to security checks
Diffstat (limited to 'contrib/devtools')
-rwxr-xr-xcontrib/devtools/security-check.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py
index 2c44d67d33..4f4c9565fa 100755
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@@ -134,6 +134,14 @@ def check_ELF_separate_code(executable):
return False
return True
+def check_PE_PIE(executable) -> bool:
+ '''
+ Check for position independent executable (PIE),
+ allowing for address space randomization.
+ '''
+ binary = lief.parse(executable)
+ return binary.is_pie
+
def check_PE_DYNAMIC_BASE(executable) -> bool:
'''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)'''
binary = lief.parse(executable)
@@ -201,6 +209,7 @@ CHECKS = {
('separate_code', check_ELF_separate_code),
],
'PE': [
+ ('PIE', check_PE_PIE),
('DYNAMIC_BASE', check_PE_DYNAMIC_BASE),
('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA),
('NX', check_PE_NX),