Merge pull request #1616 from Kamoppl/kamilg/update_checksec_path
Kamilg/update checksec path
This commit is contained in:
Katarzyna Treder
GitHub
commit
3893fc2aa7
@ -1,10 +1,10 @@
|
|||||||
#
|
#
|
||||||
# Copyright(c) 2019-2022 Intel Corporation
|
# Copyright(c) 2019-2022 Intel Corporation
|
||||||
# Copyright(c) 2024 Huawei Technologies Co., Ltd.
|
# Copyright(c) 2024-2025 Huawei Technologies Co., Ltd.
|
||||||
# SPDX-License-Identifier: BSD-3-Clause
|
# SPDX-License-Identifier: BSD-3-Clause
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import posixpath
|
||||||
import re
|
import re
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
@ -16,30 +16,47 @@ from test_utils.filesystem.fs_item import FsItem
|
|||||||
@pytest.mark.os_dependent
|
@pytest.mark.os_dependent
|
||||||
def test_checksec():
|
def test_checksec():
|
||||||
"""
|
"""
|
||||||
title: Checking defenses enabled compilation flags.
|
title: Checking defenses enabled compilation flags.
|
||||||
description: |
|
description: |
|
||||||
Check if Open CAS executable file was compiled with defenses enabled compilation flags.
|
Check if Open CAS executable file was compiled with defenses enabled compilation flags.
|
||||||
pass_criteria:
|
pass_criteria:
|
||||||
- For casadm script returns:
|
- For casadm script returns:
|
||||||
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
|
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
|
||||||
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH /sbin/casadm.
|
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH /sbin/casadm.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
with TestRun.step("Prepare checksec script"):
|
with TestRun.step("Prepare checksec script"):
|
||||||
checksec_path = os.path.join(
|
checksec_path = posixpath.join(
|
||||||
TestRun.usr.working_dir,
|
TestRun.usr.working_dir, "test/functional/test-framework/scripts/checksec.sh"
|
||||||
"test/functional/test-framework/test_tools/checksec.sh"
|
|
||||||
)
|
)
|
||||||
checksec = FsItem(checksec_path)
|
checksec = FsItem(checksec_path)
|
||||||
checksec.chmod(Permissions.x, PermissionsUsers.u, PermissionSign.add)
|
checksec.chmod(Permissions.x, PermissionsUsers.u, PermissionSign.add)
|
||||||
|
|
||||||
with TestRun.step("Check casadm compilation flags"):
|
with TestRun.step("Check casadm compilation flags"):
|
||||||
casadm_binary = "/sbin/casadm"
|
casadm_binary = "/sbin/casadm"
|
||||||
header_expected = ["RELRO", "STACK CANARY", "NX", "PIE", "RPATH", "RUNPATH", "FILE"]
|
header_expected = [
|
||||||
binary_expected = ["Full RELRO", "Canary found", "NX enabled", "PIE enabled", "No RPATH",
|
"RELRO",
|
||||||
"No RUNPATH", casadm_binary]
|
"STACK CANARY",
|
||||||
|
"NX",
|
||||||
|
"PIE",
|
||||||
|
"RPATH",
|
||||||
|
"RUNPATH",
|
||||||
|
"FILE",
|
||||||
|
]
|
||||||
|
binary_expected = [
|
||||||
|
"Full RELRO",
|
||||||
|
"Canary found",
|
||||||
|
"NX enabled",
|
||||||
|
"PIE enabled",
|
||||||
|
"No RPATH",
|
||||||
|
"No RUNPATH",
|
||||||
|
casadm_binary,
|
||||||
|
]
|
||||||
result_lines = TestRun.executor.run_expect_success(
|
result_lines = TestRun.executor.run_expect_success(
|
||||||
f'{checksec_path} --file {casadm_binary}').stdout.splitlines()
|
f"{checksec_path} --file {casadm_binary}"
|
||||||
|
).stdout.splitlines()
|
||||||
header_found = False
|
header_found = False
|
||||||
|
|
||||||
for line in result_lines:
|
for line in result_lines:
|
||||||
if not header_found:
|
if not header_found:
|
||||||
if line.startswith("RELRO"):
|
if line.startswith("RELRO"):
|
||||||
@ -47,17 +64,20 @@ def test_checksec():
|
|||||||
header = line
|
header = line
|
||||||
continue
|
continue
|
||||||
# remove formatting from output
|
# remove formatting from output
|
||||||
result = re.sub(r'\x1B\[[0-9;]*m', '', line)
|
result = re.sub(r"\x1B\[[0-9;]*m", "", line)
|
||||||
break
|
break
|
||||||
header = [i.strip() for i in header.split(" ") if i != '']
|
header = [i.strip() for i in header.split(" ") if i != ""]
|
||||||
|
|
||||||
if header != header_expected:
|
if header != header_expected:
|
||||||
TestRun.LOGGER.error(
|
TestRun.LOGGER.error(
|
||||||
'Incorrect header detected!\n'
|
"Incorrect header detected!\n"
|
||||||
f'Expected: {" ".join(header_expected)},\n'
|
f"Expected: {' '.join(header_expected)},\n"
|
||||||
f'Actual: {" ".join(header)}')
|
f"Actual: {' '.join(header)}"
|
||||||
result = [i.strip() for i in result.split(" ") if i != '']
|
)
|
||||||
|
result = [i.strip() for i in result.split(" ") if i != ""]
|
||||||
if result != binary_expected:
|
if result != binary_expected:
|
||||||
TestRun.LOGGER.error(
|
TestRun.LOGGER.error(
|
||||||
'Incorrect compilation flags!\n'
|
"Incorrect compilation flags!\n"
|
||||||
f'Expected: {" ".join(binary_expected)},\n'
|
f"Expected: {' '.join(binary_expected)},\n"
|
||||||
f'Actual: {" ".join(result)}')
|
f"Actual: {' '.join(result)}"
|
||||||
|
)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user