mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 12:02:48 +01:00
[contrib] fixup security-check.py Python3 support
This commit is contained in:
parent
624bee9659
commit
5de2b18c67
@ -20,38 +20,38 @@ def check_ELF_PIE(executable):
|
|||||||
'''
|
'''
|
||||||
Check for position independent executable (PIE), allowing for address space randomization.
|
Check for position independent executable (PIE), allowing for address space randomization.
|
||||||
'''
|
'''
|
||||||
p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
|
p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
|
||||||
(stdout, stderr) = p.communicate()
|
(stdout, stderr) = p.communicate()
|
||||||
if p.returncode:
|
if p.returncode:
|
||||||
raise IOError('Error opening file')
|
raise IOError('Error opening file')
|
||||||
|
|
||||||
ok = False
|
ok = False
|
||||||
for line in stdout.split(b'\n'):
|
for line in stdout.splitlines():
|
||||||
line = line.split()
|
line = line.split()
|
||||||
if len(line)>=2 and line[0] == b'Type:' and line[1] == b'DYN':
|
if len(line)>=2 and line[0] == 'Type:' and line[1] == 'DYN':
|
||||||
ok = True
|
ok = True
|
||||||
return ok
|
return ok
|
||||||
|
|
||||||
def get_ELF_program_headers(executable):
|
def get_ELF_program_headers(executable):
|
||||||
'''Return type and flags for ELF program headers'''
|
'''Return type and flags for ELF program headers'''
|
||||||
p = subprocess.Popen([READELF_CMD, '-l', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
|
p = subprocess.Popen([READELF_CMD, '-l', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
|
||||||
(stdout, stderr) = p.communicate()
|
(stdout, stderr) = p.communicate()
|
||||||
if p.returncode:
|
if p.returncode:
|
||||||
raise IOError('Error opening file')
|
raise IOError('Error opening file')
|
||||||
in_headers = False
|
in_headers = False
|
||||||
count = 0
|
count = 0
|
||||||
headers = []
|
headers = []
|
||||||
for line in stdout.split(b'\n'):
|
for line in stdout.splitlines():
|
||||||
if line.startswith(b'Program Headers:'):
|
if line.startswith('Program Headers:'):
|
||||||
in_headers = True
|
in_headers = True
|
||||||
if line == b'':
|
if line == '':
|
||||||
in_headers = False
|
in_headers = False
|
||||||
if in_headers:
|
if in_headers:
|
||||||
if count == 1: # header line
|
if count == 1: # header line
|
||||||
ofs_typ = line.find(b'Type')
|
ofs_typ = line.find('Type')
|
||||||
ofs_offset = line.find(b'Offset')
|
ofs_offset = line.find('Offset')
|
||||||
ofs_flags = line.find(b'Flg')
|
ofs_flags = line.find('Flg')
|
||||||
ofs_align = line.find(b'Align')
|
ofs_align = line.find('Align')
|
||||||
if ofs_typ == -1 or ofs_offset == -1 or ofs_flags == -1 or ofs_align == -1:
|
if ofs_typ == -1 or ofs_offset == -1 or ofs_flags == -1 or ofs_align == -1:
|
||||||
raise ValueError('Cannot parse elfread -lW output')
|
raise ValueError('Cannot parse elfread -lW output')
|
||||||
elif count > 1:
|
elif count > 1:
|
||||||
@ -68,9 +68,9 @@ def check_ELF_NX(executable):
|
|||||||
have_wx = False
|
have_wx = False
|
||||||
have_gnu_stack = False
|
have_gnu_stack = False
|
||||||
for (typ, flags) in get_ELF_program_headers(executable):
|
for (typ, flags) in get_ELF_program_headers(executable):
|
||||||
if typ == b'GNU_STACK':
|
if typ == 'GNU_STACK':
|
||||||
have_gnu_stack = True
|
have_gnu_stack = True
|
||||||
if b'W' in flags and b'E' in flags: # section is both writable and executable
|
if 'W' in flags and 'E' in flags: # section is both writable and executable
|
||||||
have_wx = True
|
have_wx = True
|
||||||
return have_gnu_stack and not have_wx
|
return have_gnu_stack and not have_wx
|
||||||
|
|
||||||
@ -87,17 +87,17 @@ def check_ELF_RELRO(executable):
|
|||||||
# However, the dynamic linker need to write to this area so these are RW.
|
# However, the dynamic linker need to write to this area so these are RW.
|
||||||
# Glibc itself takes care of mprotecting this area R after relocations are finished.
|
# Glibc itself takes care of mprotecting this area R after relocations are finished.
|
||||||
# See also http://permalink.gmane.org/gmane.comp.gnu.binutils/71347
|
# See also http://permalink.gmane.org/gmane.comp.gnu.binutils/71347
|
||||||
if typ == b'GNU_RELRO':
|
if typ == 'GNU_RELRO':
|
||||||
have_gnu_relro = True
|
have_gnu_relro = True
|
||||||
|
|
||||||
have_bindnow = False
|
have_bindnow = False
|
||||||
p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
|
p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
|
||||||
(stdout, stderr) = p.communicate()
|
(stdout, stderr) = p.communicate()
|
||||||
if p.returncode:
|
if p.returncode:
|
||||||
raise IOError('Error opening file')
|
raise IOError('Error opening file')
|
||||||
for line in stdout.split(b'\n'):
|
for line in stdout.splitlines():
|
||||||
tokens = line.split()
|
tokens = line.split()
|
||||||
if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2]):
|
if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]):
|
||||||
have_bindnow = True
|
have_bindnow = True
|
||||||
return have_gnu_relro and have_bindnow
|
return have_gnu_relro and have_bindnow
|
||||||
|
|
||||||
@ -105,13 +105,13 @@ def check_ELF_Canary(executable):
|
|||||||
'''
|
'''
|
||||||
Check for use of stack canary
|
Check for use of stack canary
|
||||||
'''
|
'''
|
||||||
p = subprocess.Popen([READELF_CMD, '--dyn-syms', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
|
p = subprocess.Popen([READELF_CMD, '--dyn-syms', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
|
||||||
(stdout, stderr) = p.communicate()
|
(stdout, stderr) = p.communicate()
|
||||||
if p.returncode:
|
if p.returncode:
|
||||||
raise IOError('Error opening file')
|
raise IOError('Error opening file')
|
||||||
ok = False
|
ok = False
|
||||||
for line in stdout.split(b'\n'):
|
for line in stdout.splitlines():
|
||||||
if b'__stack_chk_fail' in line:
|
if '__stack_chk_fail' in line:
|
||||||
ok = True
|
ok = True
|
||||||
return ok
|
return ok
|
||||||
|
|
||||||
@ -121,13 +121,13 @@ def get_PE_dll_characteristics(executable):
|
|||||||
Returns a tuple (arch,bits) where arch is 'i386:x86-64' or 'i386'
|
Returns a tuple (arch,bits) where arch is 'i386:x86-64' or 'i386'
|
||||||
and bits is the DllCharacteristics value.
|
and bits is the DllCharacteristics value.
|
||||||
'''
|
'''
|
||||||
p = subprocess.Popen([OBJDUMP_CMD, '-x', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
|
p = subprocess.Popen([OBJDUMP_CMD, '-x', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
|
||||||
(stdout, stderr) = p.communicate()
|
(stdout, stderr) = p.communicate()
|
||||||
if p.returncode:
|
if p.returncode:
|
||||||
raise IOError('Error opening file')
|
raise IOError('Error opening file')
|
||||||
arch = ''
|
arch = ''
|
||||||
bits = 0
|
bits = 0
|
||||||
for line in stdout.split('\n'):
|
for line in stdout.splitlines():
|
||||||
tokens = line.split()
|
tokens = line.split()
|
||||||
if len(tokens)>=2 and tokens[0] == 'architecture:':
|
if len(tokens)>=2 and tokens[0] == 'architecture:':
|
||||||
arch = tokens[1].rstrip(',')
|
arch = tokens[1].rstrip(',')
|
||||||
|
Loading…
Reference in New Issue
Block a user