[arch-projects] [namcap][PATCH] implement FS#27485, warn on unstripped files
--- Namcap/rules/elffiles.py | 37 +++++++++++++++++++++++++++++++++++++ namcap-tags | 1 + 2 files changed, 38 insertions(+) diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index f8f16ac..20d117f 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -23,6 +23,7 @@ import tempfile import subprocess from elftools.elf.elffile import ELFFile +from elftools.elf.sections import SymbolTableSection from Namcap.util import is_elf, clean_filename from Namcap.ruleclass import * @@ -143,4 +144,40 @@ class ELFExecStackRule(TarballRule): self.warnings = [("elffile-with-execstack %s", i) for i in exec_stacks] +class ELFUnstrippedRule(TarballRule): + """ + Checks for unstripped ELF files. Uses pyelftools to check if + .symtab exists. + """ + + name = "elfunstripped" + description = "Check for unstripped ELF files." + + def analyze(self, pkginfo, tar): + unstripped_binaries = [] + + for entry in tar: + tmpname = _test_elf_and_extract(tar, entry) + if not tmpname: + continue + + try: + fp = open(tmpname, 'rb') + elffile = ELFFile(fp) + for section in elffile.iter_sections(): + if not isinstance(section, SymbolTableSection): + continue + + if section['sh_entsize'] == 0: + print ('symbol table empty') + continue + + if section.name == b'.symtab': + unstripped_binaries.append(entry.name) + finally: + os.unlink(tmpname) + if unstripped_binaries: + self.warnings = [("elffile-unstripped %s", i) + for i in unstripped_binaries] + # vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..1b681a6 100644 --- a/namcap-tags +++ b/namcap-tags @@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package. elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path. elffile-with-textrel %s :: ELF file ('%s') has text relocations. elffile-with-execstack %s :: ELF file ('%s') has executable stack. +elffile-unstripped %s :: ELF file ('%s') is unstripped. empty-directory %s :: Directory (%s) is empty error-running-rule %s :: Error running rule '%s' extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore -- 1.8.4.2
--- Namcap/rules/elffiles.py | 38 +++++++++++++++++++++++++++++++++++ Namcap/tests/package/test_elffiles.py | 38 ++++++++++++++++++++++++++++++++++- namcap-tags | 1 + 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index f8f16ac..b073cb7 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -23,6 +23,7 @@ import tempfile import subprocess from elftools.elf.elffile import ELFFile +from elftools.elf.sections import SymbolTableSection from Namcap.util import is_elf, clean_filename from Namcap.ruleclass import * @@ -143,4 +144,41 @@ class ELFExecStackRule(TarballRule): self.warnings = [("elffile-with-execstack %s", i) for i in exec_stacks] +class ELFUnstrippedRule(TarballRule): + """ + Checks for unstripped ELF files. Uses pyelftools to check if + .symtab exists. + """ + + name = "elfunstripped" + description = "Check for unstripped ELF files." + + def analyze(self, pkginfo, tar): + unstripped_binaries = [] + + for entry in tar: + tmpname = _test_elf_and_extract(tar, entry) + if not tmpname: + continue + + try: + fp = open(tmpname, 'rb') + elffile = ELFFile(fp) + for section in elffile.iter_sections(): + if not isinstance(section, SymbolTableSection): + continue + + if section['sh_entsize'] == 0: + print ('symbol table empty') + continue + + if section.name == b'.symtab': + unstripped_binaries.append(entry.name) + fp.close() + finally: + os.unlink(tmpname) + if unstripped_binaries: + self.warnings = [("elffile-unstripped %s", i) + for i in unstripped_binaries] + # vim: set ts=4 sw=4 noet: diff --git a/Namcap/tests/package/test_elffiles.py b/Namcap/tests/package/test_elffiles.py index 6362a58..3e8a307 100644 --- a/Namcap/tests/package/test_elffiles.py +++ b/Namcap/tests/package/test_elffiles.py @@ -95,5 +95,41 @@ package() { ]) self.assertEqual(r.infos, []) -# vim: set ts=4 sw=4 noet: +class TestUnstripped(MakepkgTest): + pkgbuild = """ +pkgname=__namcap_test_unstripped +pkgver=1.0 +pkgrel=1 +pkgdesc="A package" +arch=('i686' 'x86_64') +url="http://www.example.com/" +license=('GPL') +depends=('glibc') +source=() +options=(!purge !zipman !strip) +build() { + cd "${srcdir}" + echo "int main() { return 0; }" > main.c + /usr/bin/gcc -o main -Wa,-execstack main.c +} +package() { + install -D -m 644 "${srcdir}/main" "${pkgdir}/usr/bin/unstripped" +} +""" + def test_unstripped(self): + pkgfile = "__namcap_test_unstripped-1.0-1-%(arch)s.pkg.tar" % { "arch": self.arch } + with open(os.path.join(self.tmpdir, "PKGBUILD"), "w") as f: + f.write(self.pkgbuild) + self.run_makepkg() + pkg, r = self.run_rule_on_tarball( + os.path.join(self.tmpdir, pkgfile), + Namcap.rules.elffiles.ELFUnstrippedRule + ) + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [ + ("elffile-unstripped %s", + "usr/bin/unstripped") + ]) + self.assertEqual(r.infos, []) +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..1b681a6 100644 --- a/namcap-tags +++ b/namcap-tags @@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package. elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path. elffile-with-textrel %s :: ELF file ('%s') has text relocations. elffile-with-execstack %s :: ELF file ('%s') has executable stack. +elffile-unstripped %s :: ELF file ('%s') is unstripped. empty-directory %s :: Directory (%s) is empty error-running-rule %s :: Error running rule '%s' extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore -- 1.8.4.2
I've added a unit test to the patch, fixed formatting of the test file and I forgot to close the file in ELFUnstrippedRule. -- Jelle van der Waa On 11/04/13 at 09:23pm, Jelle van der Waa wrote:
--- Namcap/rules/elffiles.py | 38 +++++++++++++++++++++++++++++++++++ Namcap/tests/package/test_elffiles.py | 38 ++++++++++++++++++++++++++++++++++- namcap-tags | 1 + 3 files changed, 76 insertions(+), 1 deletion(-)
diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index f8f16ac..b073cb7 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -23,6 +23,7 @@ import tempfile import subprocess
from elftools.elf.elffile import ELFFile +from elftools.elf.sections import SymbolTableSection
from Namcap.util import is_elf, clean_filename from Namcap.ruleclass import * @@ -143,4 +144,41 @@ class ELFExecStackRule(TarballRule): self.warnings = [("elffile-with-execstack %s", i) for i in exec_stacks]
+class ELFUnstrippedRule(TarballRule): + """ + Checks for unstripped ELF files. Uses pyelftools to check if + .symtab exists. + """ + + name = "elfunstripped" + description = "Check for unstripped ELF files." + + def analyze(self, pkginfo, tar): + unstripped_binaries = [] + + for entry in tar: + tmpname = _test_elf_and_extract(tar, entry) + if not tmpname: + continue + + try: + fp = open(tmpname, 'rb') + elffile = ELFFile(fp) + for section in elffile.iter_sections(): + if not isinstance(section, SymbolTableSection): + continue + + if section['sh_entsize'] == 0: + print ('symbol table empty') + continue + + if section.name == b'.symtab': + unstripped_binaries.append(entry.name) + fp.close() + finally: + os.unlink(tmpname) + if unstripped_binaries: + self.warnings = [("elffile-unstripped %s", i) + for i in unstripped_binaries] + # vim: set ts=4 sw=4 noet: diff --git a/Namcap/tests/package/test_elffiles.py b/Namcap/tests/package/test_elffiles.py index 6362a58..3e8a307 100644 --- a/Namcap/tests/package/test_elffiles.py +++ b/Namcap/tests/package/test_elffiles.py @@ -95,5 +95,41 @@ package() { ]) self.assertEqual(r.infos, [])
-# vim: set ts=4 sw=4 noet: +class TestUnstripped(MakepkgTest): + pkgbuild = """ +pkgname=__namcap_test_unstripped +pkgver=1.0 +pkgrel=1 +pkgdesc="A package" +arch=('i686' 'x86_64') +url="http://www.example.com/" +license=('GPL') +depends=('glibc') +source=() +options=(!purge !zipman !strip) +build() { + cd "${srcdir}" + echo "int main() { return 0; }" > main.c + /usr/bin/gcc -o main -Wa,-execstack main.c +} +package() { + install -D -m 644 "${srcdir}/main" "${pkgdir}/usr/bin/unstripped" +} +""" + def test_unstripped(self): + pkgfile = "__namcap_test_unstripped-1.0-1-%(arch)s.pkg.tar" % { "arch": self.arch } + with open(os.path.join(self.tmpdir, "PKGBUILD"), "w") as f: + f.write(self.pkgbuild) + self.run_makepkg() + pkg, r = self.run_rule_on_tarball( + os.path.join(self.tmpdir, pkgfile), + Namcap.rules.elffiles.ELFUnstrippedRule + ) + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [ + ("elffile-unstripped %s", + "usr/bin/unstripped") + ]) + self.assertEqual(r.infos, [])
+# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..1b681a6 100644 --- a/namcap-tags +++ b/namcap-tags @@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package. elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path. elffile-with-textrel %s :: ELF file ('%s') has text relocations. elffile-with-execstack %s :: ELF file ('%s') has executable stack. +elffile-unstripped %s :: ELF file ('%s') is unstripped. empty-directory %s :: Directory (%s) is empty error-running-rule %s :: Error running rule '%s' extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore -- 1.8.4.2
participants (1)
-
Jelle van der Waa