/bitcoin

Permalink
Switch branches/tags
v0.14.2 v0.14.2rc2 v0.14.2rc1 v0.14.1 v0.14.1rc2 v0.14.1rc1 v0.14.0 v0.14.0rc3 v0.14.0rc2 v0.14.0rc1 v0.13.2 v0.13.2rc1 v0.13.1 v0.13.1rc3 v0.13.1rc2 v0.13.1rc1 v0.13.0 v0.13.0rc3 v0.13.0rc2 v0.13.0rc1 v0.12.1 v0.12.1rc2 v0.12.1rc1 v0.12.0 v0.12.0rc5 v0.12.0rc4 v0.12.0rc3 v0.12.0rc2 v0.12.0rc1 v0.11.3 v0.11.2 v0.11.2rc1 v0.11.1 v0.11.1rc2 v0.11.1rc1 v0.11.0 v0.11.0rc3 v0.11.0rc2 v0.11.0rc1 v0.10.5 v0.10.4 v0.10.4rc1 v0.10.3 v0.10.3rc2 v0.10.3rc1 v0.10.2 v0.10.2rc1 v0.10.1 v0.10.1rc3 v0.10.1rc2 v0.10.1rc1 v0.10.0 v0.10.0rc4 v0.10.0rc3 v0.10.0rc2 v0.10.0rc1 v0.9.5 v0.9.5rc2 v0.9.5rc1 v0.9.4 v0.9.3 v0.9.3rc2 v0.9.3rc1 v0.9.2.1 v0.9.2 v0.9.2rc2 v0.9.2rc1 v0.9.1 v0.9.0 v0.9.0rc3 v0.9.0rc2 v0.9.0rc1 v0.8.6 v0.8.6rc1 v0.8.5 v0.8.4 v0.8.4rc2 v0.8.3 v0.8.2 v0.8.2rc3 v0.8.2rc2 v0.8.2rc1 v0.8.1 v0.8.0 v0.8.0rc1 v0.7.2 v0.7.2rc2 v0.7.1 v0.7.1rc1 v0.7.0 v0.7.0rc3 v0.7.0rc2 v0.7.0rc1 v0.6.3 v0.6.3rc1 v0.6.2.2 v0.6.2.1 v0.6.2 v0.6.1 v0.6.1rc2
Nothing to show
Find file
bitcoin/contrib/devtools/test-security-check.py
Fetching contributors…
Cannot retrieve contributors at this time
Raw Blame History
executable file 63 lines (54 sloc) 2.58 KB
#!/usr/bin/env python2
# Copyright (c) 2015-2016 The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
'''
Test script for security-check.py
'''
from __future__ import division,print_function
import subprocess
import unittest
def write_testcode(filename):
with open(filename, 'w') as f:
f.write('''
#include <stdio.h>
int main()
{
printf("the quick brown fox jumps over the lazy god\\n");
return 0;
}
''')
def call_security_check(cc, source, executable, options):
subprocess.check_call([cc,source,'-o',executable] + options)
p = subprocess.Popen(['./security-check.py',executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
(stdout, stderr) = p.communicate()
return (p.returncode, stdout.rstrip())
class TestSecurityChecks(unittest.TestCase):
def test_ELF(self):
source = 'test1.c'
executable = 'test1'
cc = 'gcc'
write_testcode(source)
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro']),
(1, executable+': failed PIE NX RELRO Canary'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro']),
(1, executable+': failed PIE RELRO Canary'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro']),
(1, executable+': failed PIE RELRO'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE']),
(1, executable+': failed RELRO'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE']),
(0, ''))
def test_PE(self):
source = 'test1.c'
executable = 'test1.exe'
cc = 'i686-w64-mingw32-gcc'
write_testcode(source)
self.assertEqual(call_security_check(cc, source, executable, []),
(1, executable+': failed PIE NX'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat']),
(1, executable+': failed PIE'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase']),
(0, ''))
if __name__ == '__main__':
unittest.main()