[arch-projects] [namcap][PATCH] implement FS#27485, warn on unstripped files
Jelle van der Waa
jelle at vdwaa.nl
Mon Nov 4 15:23:07 EST 2013
---
Namcap/rules/elffiles.py | 38 +++++++++++++++++++++++++++++++++++
Namcap/tests/package/test_elffiles.py | 38 ++++++++++++++++++++++++++++++++++-
namcap-tags | 1 +
3 files changed, 76 insertions(+), 1 deletion(-)
diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py
index f8f16ac..b073cb7 100644
--- a/Namcap/rules/elffiles.py
+++ b/Namcap/rules/elffiles.py
@@ -23,6 +23,7 @@ import tempfile
import subprocess
from elftools.elf.elffile import ELFFile
+from elftools.elf.sections import SymbolTableSection
from Namcap.util import is_elf, clean_filename
from Namcap.ruleclass import *
@@ -143,4 +144,41 @@ class ELFExecStackRule(TarballRule):
self.warnings = [("elffile-with-execstack %s", i)
for i in exec_stacks]
+class ELFUnstrippedRule(TarballRule):
+ """
+ Checks for unstripped ELF files. Uses pyelftools to check if
+ .symtab exists.
+ """
+
+ name = "elfunstripped"
+ description = "Check for unstripped ELF files."
+
+ def analyze(self, pkginfo, tar):
+ unstripped_binaries = []
+
+ for entry in tar:
+ tmpname = _test_elf_and_extract(tar, entry)
+ if not tmpname:
+ continue
+
+ try:
+ fp = open(tmpname, 'rb')
+ elffile = ELFFile(fp)
+ for section in elffile.iter_sections():
+ if not isinstance(section, SymbolTableSection):
+ continue
+
+ if section['sh_entsize'] == 0:
+ print ('symbol table empty')
+ continue
+
+ if section.name == b'.symtab':
+ unstripped_binaries.append(entry.name)
+ fp.close()
+ finally:
+ os.unlink(tmpname)
+ if unstripped_binaries:
+ self.warnings = [("elffile-unstripped %s", i)
+ for i in unstripped_binaries]
+
# vim: set ts=4 sw=4 noet:
diff --git a/Namcap/tests/package/test_elffiles.py b/Namcap/tests/package/test_elffiles.py
index 6362a58..3e8a307 100644
--- a/Namcap/tests/package/test_elffiles.py
+++ b/Namcap/tests/package/test_elffiles.py
@@ -95,5 +95,41 @@ package() {
])
self.assertEqual(r.infos, [])
-# vim: set ts=4 sw=4 noet:
+class TestUnstripped(MakepkgTest):
+ pkgbuild = """
+pkgname=__namcap_test_unstripped
+pkgver=1.0
+pkgrel=1
+pkgdesc="A package"
+arch=('i686' 'x86_64')
+url="http://www.example.com/"
+license=('GPL')
+depends=('glibc')
+source=()
+options=(!purge !zipman !strip)
+build() {
+ cd "${srcdir}"
+ echo "int main() { return 0; }" > main.c
+ /usr/bin/gcc -o main -Wa,-execstack main.c
+}
+package() {
+ install -D -m 644 "${srcdir}/main" "${pkgdir}/usr/bin/unstripped"
+}
+"""
+ def test_unstripped(self):
+ pkgfile = "__namcap_test_unstripped-1.0-1-%(arch)s.pkg.tar" % { "arch": self.arch }
+ with open(os.path.join(self.tmpdir, "PKGBUILD"), "w") as f:
+ f.write(self.pkgbuild)
+ self.run_makepkg()
+ pkg, r = self.run_rule_on_tarball(
+ os.path.join(self.tmpdir, pkgfile),
+ Namcap.rules.elffiles.ELFUnstrippedRule
+ )
+ self.assertEqual(r.errors, [])
+ self.assertEqual(r.warnings, [
+ ("elffile-unstripped %s",
+ "usr/bin/unstripped")
+ ])
+ self.assertEqual(r.infos, [])
+# vim: set ts=4 sw=4 noet:
diff --git a/namcap-tags b/namcap-tags
index 818c7a5..1b681a6 100644
--- a/namcap-tags
+++ b/namcap-tags
@@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package.
elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path.
elffile-with-textrel %s :: ELF file ('%s') has text relocations.
elffile-with-execstack %s :: ELF file ('%s') has executable stack.
+elffile-unstripped %s :: ELF file ('%s') is unstripped.
empty-directory %s :: Directory (%s) is empty
error-running-rule %s :: Error running rule '%s'
extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore
--
1.8.4.2
More information about the arch-projects
mailing list