[arch-projects] [namcap][PATCH] implement FS#27485, warn on unstripped files

Jelle van der Waa jelle at vdwaa.nl
Mon Nov 4 15:25:29 EST 2013 

I've added a unit test to the patch, fixed formatting of the test file
and I forgot to close the file in ELFUnstrippedRule. 

-- 
Jelle van der Waa

On 11/04/13 at 09:23pm, Jelle van der Waa wrote:
> ---
>  Namcap/rules/elffiles.py              | 38 +++++++++++++++++++++++++++++++++++
>  Namcap/tests/package/test_elffiles.py | 38 ++++++++++++++++++++++++++++++++++-
>  namcap-tags                           |  1 +
>  3 files changed, 76 insertions(+), 1 deletion(-)
> 
> diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py
> index f8f16ac..b073cb7 100644
> --- a/Namcap/rules/elffiles.py
> +++ b/Namcap/rules/elffiles.py
> @@ -23,6 +23,7 @@ import tempfile
>  import subprocess
>  
>  from elftools.elf.elffile import ELFFile
> +from elftools.elf.sections import SymbolTableSection
>  
>  from Namcap.util import is_elf, clean_filename
>  from Namcap.ruleclass import *
> @@ -143,4 +144,41 @@ class ELFExecStackRule(TarballRule):
>  			self.warnings = [("elffile-with-execstack %s", i)
>  					for i in exec_stacks]
>  
> +class ELFUnstrippedRule(TarballRule):
> +	"""
> +	Checks for unstripped ELF files. Uses pyelftools to check if
> +	.symtab exists.
> +	"""
> +
> +	name = "elfunstripped"
> +	description = "Check for unstripped ELF files."
> +
> +	def analyze(self, pkginfo, tar):
> +		unstripped_binaries = []
> +
> +		for entry in tar:
> +			tmpname = _test_elf_and_extract(tar, entry)
> +			if not tmpname:
> +				continue
> +
> +			try:
> +				fp = open(tmpname, 'rb')
> +				elffile = ELFFile(fp)
> +				for section in elffile.iter_sections():
> +					if not isinstance(section, SymbolTableSection):
> +						continue
> +
> +					if section['sh_entsize'] == 0:
> +						print ('symbol table empty')
> +						continue
> +
> +					if section.name == b'.symtab':
> +						unstripped_binaries.append(entry.name)
> +				fp.close()
> +			finally:
> +				os.unlink(tmpname)
> +		if unstripped_binaries:
> +			self.warnings = [("elffile-unstripped %s", i)
> +					for i in unstripped_binaries]
> +
>  # vim: set ts=4 sw=4 noet:
> diff --git a/Namcap/tests/package/test_elffiles.py b/Namcap/tests/package/test_elffiles.py
> index 6362a58..3e8a307 100644
> --- a/Namcap/tests/package/test_elffiles.py
> +++ b/Namcap/tests/package/test_elffiles.py
> @@ -95,5 +95,41 @@ package() {
>  		])
>  		self.assertEqual(r.infos, [])
>  
> -# vim: set ts=4 sw=4 noet:
> +class TestUnstripped(MakepkgTest):
> +	pkgbuild = """
> +pkgname=__namcap_test_unstripped
> +pkgver=1.0
> +pkgrel=1
> +pkgdesc="A package"
> +arch=('i686' 'x86_64')
> +url="http://www.example.com/"
> +license=('GPL')
> +depends=('glibc')
> +source=()
> +options=(!purge !zipman !strip)
> +build() {
> +  cd "${srcdir}"
> +  echo "int main() { return 0; }" > main.c
> +  /usr/bin/gcc -o main -Wa,-execstack main.c
> +}
> +package() {
> +  install -D -m 644 "${srcdir}/main" "${pkgdir}/usr/bin/unstripped"
> +}
> +"""
> +	def test_unstripped(self):
> +		pkgfile = "__namcap_test_unstripped-1.0-1-%(arch)s.pkg.tar" % { "arch": self.arch }
> +		with open(os.path.join(self.tmpdir, "PKGBUILD"), "w") as f:
> +			f.write(self.pkgbuild)
> +		self.run_makepkg()
> +		pkg, r = self.run_rule_on_tarball(
> +				os.path.join(self.tmpdir, pkgfile),
> +				Namcap.rules.elffiles.ELFUnstrippedRule
> +				)
> +		self.assertEqual(r.errors, [])
> +		self.assertEqual(r.warnings, [
> +			("elffile-unstripped %s",
> +				"usr/bin/unstripped")
> +		])
> +		self.assertEqual(r.infos, [])
>  
> +# vim: set ts=4 sw=4 noet:
> diff --git a/namcap-tags b/namcap-tags
> index 818c7a5..1b681a6 100644
> --- a/namcap-tags
> +++ b/namcap-tags
> @@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package.
>  elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path.
>  elffile-with-textrel %s :: ELF file ('%s') has text relocations.
>  elffile-with-execstack %s :: ELF file ('%s') has executable stack.
> +elffile-unstripped %s :: ELF file ('%s') is unstripped.
>  empty-directory %s :: Directory (%s) is empty
>  error-running-rule %s :: Error running rule '%s'
>  extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore
> -- 
> 1.8.4.2
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20131104/b3c087da/attachment.asc>

More information about the arch-projects mailing list