Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exclude Fortify Source Check #1152

Merged
merged 2 commits into from
Nov 10, 2023
Merged

Exclude Fortify Source Check #1152

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
32b8982
Removed offline fortify_source check
lennarthenke Oct 25, 2023
d63466c
The checksec tool's Fortify Source check should be excluded when perf…
lennarthenke Oct 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions src/plugins/analysis/checksec/code/checksec.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@ def check_mitigations(file_path):
check_nx(file_path, mitigations, summary, checksec_result)
check_canary(file_path, mitigations, summary, checksec_result)
check_pie(file_path, mitigations, summary, checksec_result)
check_fortify_source(file_path, mitigations, summary, checksec_result)
check_clang_cfi(file_path, mitigations, summary, checksec_result)
check_clang_safestack(file_path, mitigations, summary, checksec_result)
check_stripped_symbols(file_path, mitigations, summary, checksec_result)
Expand All @@ -78,16 +77,6 @@ def check_relro(file_path, mitigations, summary, checksec_result):
mitigations.update({'RELRO': 'disabled'})


def check_fortify_source(file_path, mitigations, summary, checksec_result):
if checksec_result['fortify_source'] == 'yes':
summary.update({'FORTIFY_SOURCE enabled': file_path})
mitigations.update({'FORTIFY_SOURCE': 'enabled'})

elif checksec_result['fortify_source'] == 'no':
summary.update({'FORTIFY_SOURCE disabled': file_path})
mitigations.update({'FORTIFY_SOURCE': 'disabled'})


def check_pie(file_path, mitigations, summary, checksec_result):
if checksec_result['pie'] == 'yes':
summary.update({'PIE enabled': file_path})
Expand Down
Binary file removed src/plugins/analysis/checksec/test/data/Hallo_Fortify
View file
Open in desktop
Binary file not shown.
4 changes: 0 additions & 4 deletions src/plugins/analysis/checksec/test/test_plugin_checksec.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
check_canary,
check_clang_cfi,
check_clang_safestack,
check_fortify_source,
check_nx,
check_pie,
check_relro,
Expand All @@ -27,7 +26,6 @@
FILE_PATH_EXE_CANARY = PLUGIN_DIR / 'test/data/Hallo_Canary'
FILE_PATH_EXE_SAFESTACK = PLUGIN_DIR / 'test/data/Hallo_SafeStack'
FILE_PATH_EXE_NO_PIE = PLUGIN_DIR / 'test/data/Hallo_no_pie'
FILE_PATH_EXE_FORTIFY = PLUGIN_DIR / 'test/data/Hallo_Fortify'
FILE_PATH_EXE_RUNPATH = PLUGIN_DIR / 'test/data/Hallo_runpath'
FILE_PATH_EXE_RPATH = PLUGIN_DIR / 'test/data/Hallo_rpath'
FILE_PATH_EXE_STRIPPED = PLUGIN_DIR / 'test/data/Hallo_stripped'
Expand Down Expand Up @@ -62,8 +60,6 @@ def test_check_mitigations(analysis_plugin):
(FILE_PATH_OBJECT, check_nx, {'NX': 'disabled'}, 'NX disabled'),
(FILE_PATH_EXE, check_canary, {'CANARY': 'disabled'}, 'CANARY disabled'),
(FILE_PATH_EXE_CANARY, check_canary, {'CANARY': 'enabled'}, 'CANARY enabled'),
(FILE_PATH_EXE, check_fortify_source, {'FORTIFY_SOURCE': 'disabled'}, 'FORTIFY_SOURCE disabled'),
(FILE_PATH_EXE_FORTIFY, check_fortify_source, {'FORTIFY_SOURCE': 'enabled'}, 'FORTIFY_SOURCE enabled'),
(FILE_PATH_EXE, check_clang_cfi, {'CLANGCFI': 'disabled'}, 'CLANGCFI disabled'),
# TODO: Test CLANCFI: enabled
(FILE_PATH_EXE, check_clang_safestack, {'SAFESTACK': 'disabled'}, 'SAFESTACK disabled'),
Expand Down