From 0f5d77c8e4db691733edb455dd9e31dabe933b8d Mon Sep 17 00:00:00 2001
From: fanquake <fanquake@gmail.com>
Date: Tue, 6 Apr 2021 10:13:06 +0800
Subject: contrib: add PE PIE check to security checks

---
 contrib/devtools/security-check.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'contrib/devtools')

diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py
index 2c44d67d33..4f4c9565fa 100755
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@@ -134,6 +134,14 @@ def check_ELF_separate_code(executable):
                 return False
     return True
 
+def check_PE_PIE(executable) -> bool:
+    '''
+    Check for position independent executable (PIE),
+    allowing for address space randomization.
+    '''
+    binary = lief.parse(executable)
+    return binary.is_pie
+
 def check_PE_DYNAMIC_BASE(executable) -> bool:
     '''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)'''
     binary = lief.parse(executable)
@@ -201,6 +209,7 @@ CHECKS = {
     ('separate_code', check_ELF_separate_code),
 ],
 'PE': [
+    ('PIE', check_PE_PIE),
     ('DYNAMIC_BASE', check_PE_DYNAMIC_BASE),
     ('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA),
     ('NX', check_PE_NX),
-- 
cgit v1.2.3