aboutsummaryrefslogtreecommitdiff
path: root/contrib/devtools
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/devtools')
-rwxr-xr-xcontrib/devtools/security-check.py34
-rwxr-xr-xcontrib/devtools/symbol-check.py63
2 files changed, 49 insertions, 48 deletions
diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py
index 0319f739c4..301fea85c1 100755
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@@ -5,7 +5,7 @@ Exit status will be 0 if successful, and the program will be silent.
Otherwise the exit status will be 1 and it will log which executables failed which checks.
Needs `readelf` (for ELF) and `objdump` (for PE).
'''
-from __future__ import division,print_function
+from __future__ import division,print_function,unicode_literals
import subprocess
import sys
import os
@@ -23,9 +23,9 @@ def check_ELF_PIE(executable):
raise IOError('Error opening file')
ok = False
- for line in stdout.split('\n'):
+ for line in stdout.split(b'\n'):
line = line.split()
- if len(line)>=2 and line[0] == 'Type:' and line[1] == 'DYN':
+ if len(line)>=2 and line[0] == b'Type:' and line[1] == b'DYN':
ok = True
return ok
@@ -38,17 +38,17 @@ def get_ELF_program_headers(executable):
in_headers = False
count = 0
headers = []
- for line in stdout.split('\n'):
- if line.startswith('Program Headers:'):
+ for line in stdout.split(b'\n'):
+ if line.startswith(b'Program Headers:'):
in_headers = True
- if line == '':
+ if line == b'':
in_headers = False
if in_headers:
if count == 1: # header line
- ofs_typ = line.find('Type')
- ofs_offset = line.find('Offset')
- ofs_flags = line.find('Flg')
- ofs_align = line.find('Align')
+ ofs_typ = line.find(b'Type')
+ ofs_offset = line.find(b'Offset')
+ ofs_flags = line.find(b'Flg')
+ ofs_align = line.find(b'Align')
if ofs_typ == -1 or ofs_offset == -1 or ofs_flags == -1 or ofs_align == -1:
raise ValueError('Cannot parse elfread -lW output')
elif count > 1:
@@ -65,9 +65,9 @@ def check_ELF_NX(executable):
have_wx = False
have_gnu_stack = False
for (typ, flags) in get_ELF_program_headers(executable):
- if typ == 'GNU_STACK':
+ if typ == b'GNU_STACK':
have_gnu_stack = True
- if 'W' in flags and 'E' in flags: # section is both writable and executable
+ if b'W' in flags and b'E' in flags: # section is both writable and executable
have_wx = True
return have_gnu_stack and not have_wx
@@ -84,7 +84,7 @@ def check_ELF_RELRO(executable):
# However, the dynamic linker need to write to this area so these are RW.
# Glibc itself takes care of mprotecting this area R after relocations are finished.
# See also http://permalink.gmane.org/gmane.comp.gnu.binutils/71347
- if typ == 'GNU_RELRO':
+ if typ == b'GNU_RELRO':
have_gnu_relro = True
have_bindnow = False
@@ -92,9 +92,9 @@ def check_ELF_RELRO(executable):
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
- for line in stdout.split('\n'):
+ for line in stdout.split(b'\n'):
tokens = line.split()
- if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]):
+ if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2]):
have_bindnow = True
return have_gnu_relro and have_bindnow
@@ -107,8 +107,8 @@ def check_ELF_Canary(executable):
if p.returncode:
raise IOError('Error opening file')
ok = False
- for line in stdout.split('\n'):
- if '__stack_chk_fail' in line:
+ for line in stdout.split(b'\n'):
+ if b'__stack_chk_fail' in line:
ok = True
return ok
diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py
index 4ad5136f79..e26c0fbb94 100755
--- a/contrib/devtools/symbol-check.py
+++ b/contrib/devtools/symbol-check.py
@@ -11,7 +11,7 @@ Example usage:
find ../gitian-builder/build -type f -executable | xargs python contrib/devtools/symbol-check.py
'''
-from __future__ import division, print_function
+from __future__ import division, print_function, unicode_literals
import subprocess
import re
import sys
@@ -47,28 +47,28 @@ MAX_VERSIONS = {
# Ignore symbols that are exported as part of every executable
IGNORE_EXPORTS = {
-'_edata', '_end', '_init', '__bss_start', '_fini', '_IO_stdin_used'
+b'_edata', b'_end', b'_init', b'__bss_start', b'_fini', b'_IO_stdin_used'
}
READELF_CMD = os.getenv('READELF', '/usr/bin/readelf')
CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt')
# Allowed NEEDED libraries
ALLOWED_LIBRARIES = {
# bitcoind and bitcoin-qt
-'libgcc_s.so.1', # GCC base support
-'libc.so.6', # C library
-'libpthread.so.0', # threading
-'libanl.so.1', # DNS resolve
-'libm.so.6', # math library
-'librt.so.1', # real-time (clock)
-'ld-linux-x86-64.so.2', # 64-bit dynamic linker
-'ld-linux.so.2', # 32-bit dynamic linker
+b'libgcc_s.so.1', # GCC base support
+b'libc.so.6', # C library
+b'libpthread.so.0', # threading
+b'libanl.so.1', # DNS resolve
+b'libm.so.6', # math library
+b'librt.so.1', # real-time (clock)
+b'ld-linux-x86-64.so.2', # 64-bit dynamic linker
+b'ld-linux.so.2', # 32-bit dynamic linker
# bitcoin-qt only
-'libX11-xcb.so.1', # part of X11
-'libX11.so.6', # part of X11
-'libxcb.so.1', # part of X11
-'libfontconfig.so.1', # font support
-'libfreetype.so.6', # font parsing
-'libdl.so.2' # programming interface to dynamic linker
+b'libX11-xcb.so.1', # part of X11
+b'libX11.so.6', # part of X11
+b'libxcb.so.1', # part of X11
+b'libfontconfig.so.1', # font support
+b'libfreetype.so.6', # font parsing
+b'libdl.so.2' # programming interface to dynamic linker
}
class CPPFilt(object):
@@ -81,7 +81,8 @@ class CPPFilt(object):
self.proc = subprocess.Popen(CPPFILT_CMD, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
def __call__(self, mangled):
- self.proc.stdin.write(mangled + '\n')
+ self.proc.stdin.write(mangled + b'\n')
+ self.proc.stdin.flush()
return self.proc.stdout.readline().rstrip()
def close(self):
@@ -99,24 +100,24 @@ def read_symbols(executable, imports=True):
if p.returncode:
raise IOError('Could not read symbols for %s: %s' % (executable, stderr.strip()))
syms = []
- for line in stdout.split('\n'):
+ for line in stdout.split(b'\n'):
line = line.split()
- if len(line)>7 and re.match('[0-9]+:$', line[0]):
- (sym, _, version) = line[7].partition('@')
- is_import = line[6] == 'UND'
- if version.startswith('@'):
+ if len(line)>7 and re.match(b'[0-9]+:$', line[0]):
+ (sym, _, version) = line[7].partition(b'@')
+ is_import = line[6] == b'UND'
+ if version.startswith(b'@'):
version = version[1:]
if is_import == imports:
syms.append((sym, version))
return syms
def check_version(max_versions, version):
- if '_' in version:
- (lib, _, ver) = version.rpartition('_')
+ if b'_' in version:
+ (lib, _, ver) = version.rpartition(b'_')
else:
lib = version
ver = '0'
- ver = tuple([int(x) for x in ver.split('.')])
+ ver = tuple([int(x) for x in ver.split(b'.')])
if not lib in max_versions:
return False
return ver <= max_versions[lib]
@@ -127,10 +128,10 @@ def read_libraries(filename):
if p.returncode:
raise IOError('Error opening file')
libraries = []
- for line in stdout.split('\n'):
+ for line in stdout.split(b'\n'):
tokens = line.split()
- if len(tokens)>2 and tokens[1] == '(NEEDED)':
- match = re.match('^Shared library: \[(.*)\]$', ' '.join(tokens[2:]))
+ if len(tokens)>2 and tokens[1] == b'(NEEDED)':
+ match = re.match(b'^Shared library: \[(.*)\]$', b' '.join(tokens[2:]))
if match:
libraries.append(match.group(1))
else:
@@ -144,18 +145,18 @@ if __name__ == '__main__':
# Check imported symbols
for sym,version in read_symbols(filename, True):
if version and not check_version(MAX_VERSIONS, version):
- print('%s: symbol %s from unsupported version %s' % (filename, cppfilt(sym), version))
+ print('%s: symbol %s from unsupported version %s' % (filename, cppfilt(sym).decode('utf-8'), version.decode('utf-8')))
retval = 1
# Check exported symbols
for sym,version in read_symbols(filename, False):
if sym in IGNORE_EXPORTS:
continue
- print('%s: export of symbol %s not allowed' % (filename, cppfilt(sym)))
+ print('%s: export of symbol %s not allowed' % (filename, cppfilt(sym).decode('utf-8')))
retval = 1
# Check dependency libraries
for library_name in read_libraries(filename):
if library_name not in ALLOWED_LIBRARIES:
- print('%s: NEEDED library %s is not allowed' % (filename, library_name))
+ print('%s: NEEDED library %s is not allowed' % (filename, library_name.decode('utf-8')))
retval = 1
exit(retval)