Merge pull request #257 from marxin/opt-library-dependency
Add new check: linked-against-opt-library
This commit is contained in:
commit
7983c17929
|
@ -49,6 +49,7 @@ class BinariesCheck(AbstractCheck):
|
|||
self._check_no_text_in_archive,
|
||||
self._check_executable_stack,
|
||||
self._check_shared_library,
|
||||
self._check_opt_library_dependency,
|
||||
self._check_security_functions,
|
||||
self._check_rpath,
|
||||
self._check_library_dependency,
|
||||
|
@ -141,6 +142,13 @@ class BinariesCheck(AbstractCheck):
|
|||
self.output.add_info('W', pkg, 'unused-direct-shlib-dependency',
|
||||
path, dependency)
|
||||
|
||||
def _check_opt_library_dependency(self, pkg, pkgfile_path, path):
|
||||
if not self.readelf_parser.is_archive:
|
||||
for dependency in self.ldd_parser.dependencies:
|
||||
if dependency.startswith('/opt/'):
|
||||
self.output.add_info('E', pkg, 'linked-against-opt-library', path, dependency)
|
||||
return
|
||||
|
||||
def _check_security_functions(self, pkg, pkgfile_path, path):
|
||||
setgid = any(self.readelf_parser.symbol_table_info.get_functions_for_regex(self.setgid_call_regex))
|
||||
setuid = any(self.readelf_parser.symbol_table_info.get_functions_for_regex(self.setuid_call_regex))
|
||||
|
@ -532,4 +540,7 @@ and should not be distributed in static libraries or e.g. Python modules.""",
|
|||
'lto-no-text-in-archive':
|
||||
"""This archive does not contain a non-empty .text section. The archive
|
||||
was not created with -ffat-lto-objects option.""",
|
||||
|
||||
'linked-against-opt-library':
|
||||
"""This executable is linked against a shared library in /opt folder.""",
|
||||
}
|
||||
|
|
|
@ -38,6 +38,7 @@ class LddParser:
|
|||
|
||||
def __init__(self, pkgfile_path, path):
|
||||
self.pkgfile_path = pkgfile_path
|
||||
self.dependencies = []
|
||||
self.unused_dependencies = []
|
||||
self.undefined_symbols = []
|
||||
self.parsing_failed = False
|
||||
|
@ -85,6 +86,8 @@ class LddParser:
|
|||
r = self.undef_regex.search(line)
|
||||
if r:
|
||||
self.undefined_symbols.append(r.group('symbol'))
|
||||
else:
|
||||
self.dependencies.append(line.strip())
|
||||
|
||||
# run c++filt demangler for all collected symbols
|
||||
r = subprocess.run(['c++filt'] + self.undefined_symbols, encoding='utf8',
|
||||
|
|
Binary file not shown.
|
@ -46,6 +46,13 @@ def test_ldd_parser_failure():
|
|||
assert ldd.parsing_failed
|
||||
|
||||
|
||||
def test_dependencies():
|
||||
ldd = lddparser('libtirpc.so.3.0.0')
|
||||
assert not ldd.parsing_failed
|
||||
assert len(ldd.dependencies) == 5
|
||||
assert any([d for d in ldd.dependencies if d.startswith('linux-vdso.so.1')])
|
||||
|
||||
|
||||
def test_unused_dependency_in_package(binariescheck):
|
||||
output, test = binariescheck
|
||||
test.run_elf_checks(FakePkg('fake'), get_full_path('libtirpc.so.3.0.0'), '/lib64/x.so')
|
||||
|
@ -53,3 +60,12 @@ def test_unused_dependency_in_package(binariescheck):
|
|||
assert not test.ldd_parser.parsing_failed
|
||||
out = output.print_results(output.results)
|
||||
assert 'W: unused-direct-shlib-dependency ' in out
|
||||
|
||||
|
||||
def test_opt_dependency(binariescheck):
|
||||
output, test = binariescheck
|
||||
test.run_elf_checks(FakePkg('fake'), get_full_path('opt-dependency'), '/bin/opt-dependency')
|
||||
assert not test.readelf_parser.parsing_failed()
|
||||
assert not test.ldd_parser.parsing_failed
|
||||
out = output.print_results(output.results)
|
||||
assert 'E: linked-against-opt-library /bin/opt-dependency /opt/libfoo.so' in out
|
||||
|
|
Loading…
Reference in New Issue