def test_executable_stack_package(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('executable-stack'), 'a.out') run_elf_checks(test, FakePkg('fake'), pkgfile) out = output.print_results(output.results) assert 'W: missing-mandatory-optflags a.out -fno-PIE -g -Ofast' in out assert 'E: forbidden-optflags a.out -frounding-math' in out
def test_missing_dependency(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('no-dependency.so'), '/lib64/no-dependency.so') out = output.print_results(output.results) assert 'E: statically-linked-binary' in out test.is_shobj = True test.run_elf_checks(FakePkg('fake'), get_full_path('no-dependency.so'), '/lib64/no-dependency.so') out = output.print_results(output.results) assert 'E: shared-library-without-dependency-information' in out
def test_non_pic_code_library(binariescheck): output, test = binariescheck run_elf_checks(test, FakePkg('fake'), get_full_path('non-pic-shared-m32.so'), '/usr/lib/non-pic-shared-m32.so') out = output.print_results(output.results) assert 'E: shlib-with-non-pic-code' in out
def test_readelf_single_error_message(binariescheck): output, test = binariescheck run_elf_checks(test, FakePkg('fake'), get_full_path('small_archive.a'), '/lib64/small_archive.a') out = output.print_results(output.results) filtered = [line for line in out.splitlines() if 'Not an ELF file' in line] assert len(filtered) == 1
def test_missing_dependency(binariescheck): output, test = binariescheck run_elf_checks(test, FakePkg('fake'), get_full_path('no-dependency.so'), '/lib64/no-dependency.so') out = output.print_results(output.results) assert 'E: shared-library-without-dependency-information' in out
def test_call_setgroups(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('call-setgroups'), '/bin/call-setgroups') out = output.print_results(output.results) assert 'E: missing-call-to-setgroups-before-setuid /bin/call-setgroups' in out
def test_stripped_archive(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('stripped-archive.a'), 'x.a') run_elf_checks(test, pkg, pkgfile) out = output.print_results(output.results) assert 'E: static-library-without-symtab' in out
def test_lto_archive_init_array(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('libbsd-ctor.a'), 'x.a') run_elf_checks(test, pkg, pkgfile) assert 'E: lto-no-text-in-archive' not in output.print_results( output.results)
def test_lto_archive_preinit_array(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('libclang_rt.asan-preinit-x86_64.a'), 'x.a') assert 'E: lto-no-text-in-archive' not in output.print_results( output.results)
def test_call_gethostbyname(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('hostname'), '/usr/bin/hostname') out = output.print_results(output.results) assert 'W: binary-or-shlib-calls-gethostbyname' in out
def test_executable_stack(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('executable-stack'), '/lib64/my/a.out') run_elf_checks(test, pkg, pkgfile) assert 'E: executable-stack /lib64/my/a.out' in output.results[0]
def test_invalid_soname(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('invalid-soname.so'), '/lib64/invalid-soname.so') out = output.print_results(output.results) assert 'invalid-soname /lib64/invalid-soname.so' in out assert 'E: shlib-with-non-pic-code /lib64/invalid-soname.so' in out
def test_lto_archive_text(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('stripped-lto.a'), 'x.a') out = output.print_results(output.results) assert 'E: lto-no-text-in-archive' in out assert 'E: static-library-without-debuginfo' in out
def test_lto_archive_with_only_data(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('only-data.a'), 'x.a') run_elf_checks(test, pkg, pkgfile) assert 'E: lto-no-text-in-archive' not in output.print_results( output.results)
def test_call_mktemp(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('call-mktemp'), '/bin/call-mktemp') out = output.print_results(output.results) assert 'E: call-to-mktemp /bin/call-mktemp' in out
def test_unused_dependency_in_package(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('libtirpc.so.3.0.0'), '/lib64/x.so') assert not test.readelf_parser.parsing_failed() assert not test.ldd_parser.parsing_failed out = output.print_results(output.results) assert 'E: unused-direct-shlib-dependency ' in out
def test_no_ldconfig_symlink(binariescheck): output, test = binariescheck run_elf_checks(test, FakePkg('fake'), get_full_path('libutil-2.29.so'), '/lib64/libutil-2.29.so') out = output.print_results(output.results) assert 'no-ldconfig-symlink /lib64/libutil-2.29.so' in out assert 'E: shlib-policy-name-error 1' in out
def test_no_soname(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('no-soname.so'), '/lib64/no-soname.so') run_elf_checks(test, pkg, pkgfile) out = output.print_results(output.results) assert 'no-soname /lib64/no-soname.so' in out
def test_no_ldconfig_symlink(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('libutil-2.29.so'), '/lib64/libutil-2.29.so') out = output.print_results(output.results) assert 'no-ldconfig-symlink /lib64/libutil-2.29.so' in out assert 'E: incoherent-version-in-name 1' in out
def test_usr_dependency(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('usr-dependency'), '/bin/usr-dependency') assert not test.readelf_parser.parsing_failed() assert not test.ldd_parser.parsing_failed out = output.print_results(output.results) assert 'W: linked-against-usr-library /bin/usr-dependency /usr/libfoo.so' in out
def test_unused_dependency_in_package_for_executable(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('appletviewer'), '/usr/bin/appletviewer') assert not test.readelf_parser.parsing_failed() assert not test.ldd_parser.parsing_failed out = output.print_results(output.results) assert 'W: unused-direct-shlib-dependency ' in out
def test_archive_with_debuginfo(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('archive-with-debuginfo.a'), 'x.a') run_elf_checks(test, pkg, pkgfile) assert 'E: static-library-without-debuginfo' not in output.print_results( output.results)
def test_opt_dependency(binariescheck): output, test = binariescheck test.run_elf_checks(FakePkg('fake'), get_full_path('opt-dependency'), '/bin/opt-dependency') assert not test.readelf_parser.parsing_failed_reason() assert not test.ldd_parser.parsing_failed_reason out = output.print_results(output.results) assert 'E: linked-against-opt-library /bin/opt-dependency /opt/libfoo.so' in out
def test_readelf_failure_in_package(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('not-existing.so'), '/lib64/not-existing.so') run_elf_checks(test, pkg, pkgfile) out = output.print_results(output.results) assert 'readelf-failed /lib64/not-existing.so' in out
def test_lto_bytecode(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('lto-object.o'), 'x.a') run_elf_checks(test, pkg, pkgfile) assert not test.readelf_parser.parsing_failed_reason() out = output.print_results(output.results) assert 'lto-bytecode' in out
def test_bca_files(binariescheck): output, test = binariescheck run_elf_checks(test, FakePkg('fake'), get_full_path('libkleeRuntimeFreeStanding.bca'), '/usr/lib64/klee/runtime/libkleeRuntimeFreeStanding.bca') out = output.print_results(output.results) assert 'E: ' not in out
def test_call_gethostbyname(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('hostname'), '/usr/bin/hostname') run_elf_checks(test, pkg, pkgfile) out = output.print_results(output.results) assert 'W: binary-or-shlib-calls-gethostbyname' in out
def test_shlib_policy_name_error(binariescheck): output, test = binariescheck with FakePkg('libgame') as pkg: pkgfile = pkg.add_file(get_full_path('libgame.so'), '/lib64/libgame.so') run_elf_checks(test, pkg, pkgfile) out = output.print_results(output.results) assert 'libgame: E: shlib-policy-name-error SONAME: libgame2-1.9.so.10.0.0 (/lib64/libgame.so), expected package suffix: 1_9-10_0_0' in out
def test_call_mktemp(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('call-mktemp'), '/bin/call-mktemp') run_elf_checks(test, pkg, pkgfile) out = output.print_results(output.results) assert 'E: call-to-mktemp /bin/call-mktemp' in out
def test_invalid_soname(binariescheck): output, test = binariescheck with FakePkg('fake') as pkg: pkgfile = pkg.add_file(get_full_path('invalid-soname.so'), '/lib64/invalid-soname.so') run_elf_checks(test, pkg, pkgfile) out = output.print_results(output.results) assert 'invalid-soname /lib64/invalid-soname.so' in out assert 'E: shlib-with-non-pic-code /lib64/invalid-soname.so' not in out