diff options
author | fanquake <fanquake@gmail.com> | 2021-04-06 10:13:06 +0800 |
---|---|---|
committer | fanquake <fanquake@gmail.com> | 2021-05-04 20:48:00 +0800 |
commit | 0f5d77c8e4db691733edb455dd9e31dabe933b8d (patch) | |
tree | 6b8f817a1690eb7413b9282a6d004ccfe1749579 /contrib/devtools | |
parent | 8e1f40dd9a5135dbdec2c25961fbd0729a42254c (diff) |
contrib: add PE PIE check to security checks
Diffstat (limited to 'contrib/devtools')
-rwxr-xr-x | contrib/devtools/security-check.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 2c44d67d33..4f4c9565fa 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -134,6 +134,14 @@ def check_ELF_separate_code(executable): return False return True +def check_PE_PIE(executable) -> bool: + ''' + Check for position independent executable (PIE), + allowing for address space randomization. + ''' + binary = lief.parse(executable) + return binary.is_pie + def check_PE_DYNAMIC_BASE(executable) -> bool: '''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)''' binary = lief.parse(executable) @@ -201,6 +209,7 @@ CHECKS = { ('separate_code', check_ELF_separate_code), ], 'PE': [ + ('PIE', check_PE_PIE), ('DYNAMIC_BASE', check_PE_DYNAMIC_BASE), ('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA), ('NX', check_PE_NX), |