contrib/devtools/test-security-check.py

   1 #!/usr/bin/env python2
   2 # Copyright (c) 2015-2016 The Bitcoin Core developers
   3 # Distributed under the MIT software license, see the accompanying
   4 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
   5 '''
   6 Test script for security-check.py
   7 '''
   8 from __future__ import division,print_function
   9 import subprocess
  10 import unittest
  11
  12 def write_testcode(filename):
  13     with open(filename, 'w') as f:
  14         f.write('''
  15     #include <stdio.h>
  16     int main()
  17     {
  18         printf("the quick brown fox jumps over the lazy god\\n");
  19         return 0;
  20     }
  21     ''')
  22
  23 def call_security_check(cc, source, executable, options):
  24     subprocess.check_call([cc,source,'-o',executable] + options)
  25     p = subprocess.Popen(['./security-check.py',executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
  26     (stdout, stderr) = p.communicate()
  27     return (p.returncode, stdout.rstrip())
  28
  29 class TestSecurityChecks(unittest.TestCase):
  30     def test_ELF(self):
  31         source = 'test1.c'
  32         executable = 'test1'
  33         cc = 'gcc'
  34         write_testcode(source)
  35
  36         self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro']),
  37                 (1, executable+': failed PIE NX RELRO Canary'))
  38         self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro']),
  39                 (1, executable+': failed PIE RELRO Canary'))
  40         self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro']),
  41                 (1, executable+': failed PIE RELRO'))
  42         self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE']),
  43                 (1, executable+': failed RELRO'))
  44         self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE']),
  45                 (0, ''))
  46
  47     def test_PE(self):
  48         source = 'test1.c'
  49         executable = 'test1.exe'
  50         cc = 'i686-w64-mingw32-gcc'
  51         write_testcode(source)
  52
  53         self.assertEqual(call_security_check(cc, source, executable, []),
  54                 (1, executable+': failed PIE NX'))
  55         self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat']),
  56                 (1, executable+': failed PIE'))
  57         self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase']),
  58                 (0, ''))
  59
  60 if __name__ == '__main__':
  61     unittest.main()
  62