fanquake
3df6070466
contrib: remove macOS lazy_bind check
...
In future, this will be replaced by a check for fixup_chains usage.
2023-06-22 15:28:47 +00:00
fanquake
015cc5e588
lint: stop ignoring LIEF imports
...
Type stubs are now available as of 0.13.0.
See https://github.com/lief-project/LIEF/issues/650 .
2023-05-29 10:23:52 +01:00
fanquake
0c579203d2
Merge bitcoin/bitcoin#25867 : lint: enable E722 do not use bare except
...
61bb4e783b
lint: enable E722 do not use bare except (Leonardo Lazzaro)
Pull request description:
Improve test code and enable E722 lint check.
If you want to catch all exceptions that signal program errors, use except Exception: (bare except is equivalent to except BaseException:).
Reference: https://peps.python.org/pep-0008/#programming-recommendations
ACKs for top commit:
MarcoFalke:
lgtm ACK 61bb4e783b
Tree-SHA512: c7497769d5745fa02c78a20f4a0e555d8d3996d64af6faf1ce28e22ac1d8be415b98e967294679007b7bda2a9fd04031a9d140b24201e00257ceadeb5c5d7665
2023-02-22 09:28:09 +00:00
Leonardo Lazzaro
61bb4e783b
lint: enable E722 do not use bare except
2023-02-18 11:24:09 +00:00
fanquake
6ba17d4955
scripts: add PE Canary check to security-check
2023-01-06 10:49:18 +00:00
Hennadii Stepanov
306ccd4927
scripted-diff: Bump copyright headers
...
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
Commits of previous years:
- 2021: f47dda2c58
- 2020: fa0074e2d8
- 2019: aaaaad6ac9
2022-12-24 23:49:50 +00:00
fanquake
983e0a2058
contrib: use LIEF 0.12.0 for symbol and security checks
2022-03-28 10:31:12 +01:00
fanquake
6fe55160dd
contrib: support arm64 darwin in security checks
2022-01-26 17:32:10 +08:00
fanquake
5a8f907c93
scripts: add CONTROL_FLOW to ELF security checks
2022-01-04 22:45:45 +08:00
fanquake
6ca5efa8ed
script rename control flow check to MACHO specific
2022-01-04 22:45:44 +08:00
fanquake
b9898aeeaa
scripts: make security checks architecture independent
...
This paves the way for using and checking for architecture dependent
flags like -fcf-protection on x86_64 Linux and -mbranch-protection on 64
bit ARM.
2022-01-03 21:36:55 +08:00
Hennadii Stepanov
f47dda2c58
scripted-diff: Bump copyright headers
...
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
Commits of previous years:
* 2020: fa0074e2d8
* 2019: aaaaad6ac9
2021-12-30 19:36:57 +02:00
fanquake
feee308401
scripts: match on exe type over str in security-check.py
2021-12-18 11:41:36 +08:00
fanquake
f31d4bd214
scripts: test for PE control flow instrumentation
2021-11-17 16:12:47 +08:00
josibake
a46f71bb70
lint: enable mypy checking for missing imports
...
Achieve this by adding some ignore, and making data/ importable.
Co-authored-by: João Barbosa <joao.paulo.barbosa@gmail.com>
2021-10-16 09:14:37 +08:00
fanquake
00b85d0b13
scripts: only parse the binary once in security-check.py
2021-10-12 08:36:21 +08:00
fanquake
cad40a5b16
scripts: use LIEF for ELF checks in security-check.py
2021-10-12 08:36:21 +08:00
fanquake
42b589d18f
scripts: test for MACHO control flow instrumentation
2021-05-09 14:26:09 +08:00
fanquake
955140b326
contrib: consolidate PIE and NX security checks
2021-05-04 20:48:00 +08:00
fanquake
0f5d77c8e4
contrib: add PE PIE check to security checks
2021-05-04 20:48:00 +08:00
fanquake
8e1f40dd9a
contrib: use LIEF for PE security checks
2021-05-04 20:47:59 +08:00
fanquake
a25b2e965c
contrib: use LIEF for macOS security checks
2021-05-04 20:47:59 +08:00
fanquake
7e7eae7aa8
contrib: use f strings in security-check.py
2021-05-04 20:47:59 +08:00
Luke Dashjr
a0a771843f
contrib: Changes to checks for PowerPC64
...
Changes from #14066 .
2020-11-22 11:11:32 +01:00
Wladimir J. van der Laan
634f6ec4eb
contrib: Parse ELF directly for symbol and security checks
...
Instead of the ever-messier text parsing of the output of the readelf
tool (which is clearly meant for human consumption not to be machine
parseable), parse the ELF binaries directly.
Add a small dependency-less ELF parser specific to the checks.
This is slightly more secure, too, because it removes potential
ambiguity due to misparsing and changes in the output format of `elfread`. It
also allows for stricter and more specific ELF format checks in the future.
This removes the build-time dependency for `readelf`.
It passes the test-security-check for me locally, though I haven't
checked on all platforms.
2020-11-22 11:11:32 +01:00
Tyler Chambers
b6121edf70
swapped "is" for "==" in literal comparison
...
update lint-python.sh to include check F632
2020-11-09 10:21:51 -05:00
Wladimir J. van der Laan
65d0f1a533
devtools: Add security check for separate_code
...
Check that sections are appropriately separated in virtual memory,
based on their (expected) permissions. This checks for missing
-Wl,-z,separate-code and potentially other problems.
Co-authored-by: fanquake <fanquake@gmail.com>
2020-07-28 12:57:35 +08:00
fanquake
eacedfb023
scripts: add additional type annotations to security-check.py
2020-05-14 15:30:52 +08:00
fanquake
83d063e954
scripts: add run_command to security-check.py
...
Deduplicate all the subprocess code as mentioned in 18713.
2020-05-14 15:29:58 +08:00
fanquake
13f606b4f9
scripts: remove NONFATAL from security-check.py
2020-05-14 14:36:27 +08:00
fanquake
061acf62a1
scripts: no-longer check for 32 bit windows in security-check.py
2020-05-14 14:36:27 +08:00
fanquake
3e38023af7
scripts: add PE .reloc section check to security-check.py
2020-04-23 08:40:24 +08:00
fanquake
7b99c7454c
scripts: add MACHO Canary check to security-check.py
2020-04-21 11:32:01 +08:00
fanquake
5ca90f8b59
scripts: add MACHO lazy bindings check to security-check.py
2020-04-04 09:54:25 +08:00
fanquake
edaca2dd12
scripts: add MACHO NX check to security-check.py
2020-03-26 11:39:34 +08:00
MarcoFalke
e09c701e01
scripted-diff: Bump copyright of files changed in 2020
...
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2020-01-15 02:18:00 +07:00
fanquake
7c9e821c4e
scripts: add MACHO NOUNDEFS check to security-check.py
2020-01-02 14:42:23 +08:00
fanquake
4ca92dc6d3
scripts: add MACHO PIE check to security-check.py
2020-01-02 14:42:21 +08:00
Craig Younkins
af1ed206f8
Fix broken Gmane URLs
2018-11-30 13:51:55 +00:00
Wladimir J. van der Laan
78dae8cacc
Merge #13780 : 0.17: Pre-branch maintenance
...
3fc20632a3
qt: Set BLOCK_CHAIN_SIZE = 220 (DrahtBot)
2b6a2f4a28
Regenerate manpages (DrahtBot)
eb7daf4d60
Update copyright headers to 2018 (DrahtBot)
Pull request description:
Some trivial maintenance to avoid having to do it again after the 0.17 branch off.
(The scripts to do this are in `./contrib/`)
Tree-SHA512: 16b2af45e0351b1c691c5311d48025dc6828079e98c2aa2e600dc5910ee8aa01858ca6c356538150dc46fe14c8819ed8ec8e4ec9a0f682b9950dd41bc50518fa
2018-08-08 13:55:27 +02:00
DrahtBot
eb7daf4d60
Update copyright headers to 2018
2018-07-27 07:15:02 -04:00
Chun Kuan Lee
1e60713a68
contrib: Fix test-security-check fail in Ubuntu 18.04
2018-07-26 17:10:13 +08:00
Conrado Gouvea
37d363dd4a
Tools: fix BIND_NOW check in security-check.py
...
Previously, the BIND_NOW check would work only if it was the first value in FLAGS.
2018-07-12 13:16:01 -03:00
John Bampton
0d31ef4762
Enable W191 and W291 flake8 checks.
...
Remove trailing whitespace from Python files.
Convert tabs to spaces.
2018-05-11 07:59:05 +10:00
John Newbery
5de2b18c67
[contrib] fixup security-check.py Python3 support
2018-03-28 15:46:54 -04:00
John Newbery
bc6fdf2d15
Change all python files to use Python3
2018-03-26 16:49:33 -04:00
Akira Takizawa
595a7bab23
Increment MIT Licence copyright header year on files modified in 2017
2018-01-03 02:26:56 +09:00
practicalswift
25cd520fc4
Use sys.exit(...) instead of exit(...): exit(...) should not be used in programs
2017-08-28 15:18:14 +02:00
Wladimir J. van der Laan
4e1567acff
Merge #8249 : Enable (and check for) 64-bit ASLR on Windows
...
62c2915
build: supply `-Wl,--high-entropy-va` (Wladimir J. van der Laan)
9a75d29
devtools: Check for high-entropy ASLR in 64-bit PE executables (Wladimir J. van der Laan)
2016-09-26 13:34:38 +02:00
Wladimir J. van der Laan
9a75d29b6f
devtools: Check for high-entropy ASLR in 64-bit PE executables
...
check_PE_PIE only checked for DYNAMIC_BASE, this is not enough
for (secure) ASLR on 64-bit.
2016-09-26 12:57:55 +02:00