[arch-projects] [namcap][PATCH] implement FS#27485, warn on unstripped files
Jelle van der Waa
jelle at vdwaa.nl
Mon Nov 4 15:25:29 EST 2013
I've added a unit test to the patch, fixed formatting of the test file
and I forgot to close the file in ELFUnstrippedRule.
--
Jelle van der Waa
On 11/04/13 at 09:23pm, Jelle van der Waa wrote:
> ---
> Namcap/rules/elffiles.py | 38 +++++++++++++++++++++++++++++++++++
> Namcap/tests/package/test_elffiles.py | 38 ++++++++++++++++++++++++++++++++++-
> namcap-tags | 1 +
> 3 files changed, 76 insertions(+), 1 deletion(-)
>
> diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py
> index f8f16ac..b073cb7 100644
> --- a/Namcap/rules/elffiles.py
> +++ b/Namcap/rules/elffiles.py
> @@ -23,6 +23,7 @@ import tempfile
> import subprocess
>
> from elftools.elf.elffile import ELFFile
> +from elftools.elf.sections import SymbolTableSection
>
> from Namcap.util import is_elf, clean_filename
> from Namcap.ruleclass import *
> @@ -143,4 +144,41 @@ class ELFExecStackRule(TarballRule):
> self.warnings = [("elffile-with-execstack %s", i)
> for i in exec_stacks]
>
> +class ELFUnstrippedRule(TarballRule):
> + """
> + Checks for unstripped ELF files. Uses pyelftools to check if
> + .symtab exists.
> + """
> +
> + name = "elfunstripped"
> + description = "Check for unstripped ELF files."
> +
> + def analyze(self, pkginfo, tar):
> + unstripped_binaries = []
> +
> + for entry in tar:
> + tmpname = _test_elf_and_extract(tar, entry)
> + if not tmpname:
> + continue
> +
> + try:
> + fp = open(tmpname, 'rb')
> + elffile = ELFFile(fp)
> + for section in elffile.iter_sections():
> + if not isinstance(section, SymbolTableSection):
> + continue
> +
> + if section['sh_entsize'] == 0:
> + print ('symbol table empty')
> + continue
> +
> + if section.name == b'.symtab':
> + unstripped_binaries.append(entry.name)
> + fp.close()
> + finally:
> + os.unlink(tmpname)
> + if unstripped_binaries:
> + self.warnings = [("elffile-unstripped %s", i)
> + for i in unstripped_binaries]
> +
> # vim: set ts=4 sw=4 noet:
> diff --git a/Namcap/tests/package/test_elffiles.py b/Namcap/tests/package/test_elffiles.py
> index 6362a58..3e8a307 100644
> --- a/Namcap/tests/package/test_elffiles.py
> +++ b/Namcap/tests/package/test_elffiles.py
> @@ -95,5 +95,41 @@ package() {
> ])
> self.assertEqual(r.infos, [])
>
> -# vim: set ts=4 sw=4 noet:
> +class TestUnstripped(MakepkgTest):
> + pkgbuild = """
> +pkgname=__namcap_test_unstripped
> +pkgver=1.0
> +pkgrel=1
> +pkgdesc="A package"
> +arch=('i686' 'x86_64')
> +url="http://www.example.com/"
> +license=('GPL')
> +depends=('glibc')
> +source=()
> +options=(!purge !zipman !strip)
> +build() {
> + cd "${srcdir}"
> + echo "int main() { return 0; }" > main.c
> + /usr/bin/gcc -o main -Wa,-execstack main.c
> +}
> +package() {
> + install -D -m 644 "${srcdir}/main" "${pkgdir}/usr/bin/unstripped"
> +}
> +"""
> + def test_unstripped(self):
> + pkgfile = "__namcap_test_unstripped-1.0-1-%(arch)s.pkg.tar" % { "arch": self.arch }
> + with open(os.path.join(self.tmpdir, "PKGBUILD"), "w") as f:
> + f.write(self.pkgbuild)
> + self.run_makepkg()
> + pkg, r = self.run_rule_on_tarball(
> + os.path.join(self.tmpdir, pkgfile),
> + Namcap.rules.elffiles.ELFUnstrippedRule
> + )
> + self.assertEqual(r.errors, [])
> + self.assertEqual(r.warnings, [
> + ("elffile-unstripped %s",
> + "usr/bin/unstripped")
> + ])
> + self.assertEqual(r.infos, [])
>
> +# vim: set ts=4 sw=4 noet:
> diff --git a/namcap-tags b/namcap-tags
> index 818c7a5..1b681a6 100644
> --- a/namcap-tags
> +++ b/namcap-tags
> @@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package.
> elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path.
> elffile-with-textrel %s :: ELF file ('%s') has text relocations.
> elffile-with-execstack %s :: ELF file ('%s') has executable stack.
> +elffile-unstripped %s :: ELF file ('%s') is unstripped.
> empty-directory %s :: Directory (%s) is empty
> error-running-rule %s :: Error running rule '%s'
> extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore
> --
> 1.8.4.2
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20131104/b3c087da/attachment.asc>
More information about the arch-projects
mailing list