github/open-cas-linux
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1616 from Kamoppl/kamilg/update_checksec_path

Browse Source 
Kamilg/update checksec path
This commit is contained in:
Katarzyna Treder 2025-02-28 09:44:16 +01:00 committed by GitHub
commit 3893fc2aa7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 45 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
test/functional/tests/security/test_compilation_flags.py
View File

@ -1,10 +1,10 @@
#
# Copyright(c) 2019-2022 Intel Corporation
# Copyright(c) 2024 Huawei Technologies Co., Ltd.
# Copyright(c) 2024-2025 Huawei Technologies Co., Ltd.
# SPDX-License-Identifier: BSD-3-Clause
#
import os
import posixpath
import re
import pytest
@ -16,30 +16,47 @@ from test_utils.filesystem.fs_item import FsItem
@pytest.mark.os_dependent
def test_checksec():
"""
title: Checking defenses enabled compilation flags.
description: |
Check if Open CAS executable file was compiled with defenses enabled compilation flags.
pass_criteria:
- For casadm script returns:
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH /sbin/casadm.
title: Checking defenses enabled compilation flags.
description: |
Check if Open CAS executable file was compiled with defenses enabled compilation flags.
pass_criteria:
- For casadm script returns:
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH /sbin/casadm.
"""
with TestRun.step("Prepare checksec script"):
checksec_path = os.path.join(
TestRun.usr.working_dir,
"test/functional/test-framework/test_tools/checksec.sh"
checksec_path = posixpath.join(
TestRun.usr.working_dir, "test/functional/test-framework/scripts/checksec.sh"
)
checksec = FsItem(checksec_path)
checksec.chmod(Permissions.x, PermissionsUsers.u, PermissionSign.add)
with TestRun.step("Check casadm compilation flags"):
casadm_binary = "/sbin/casadm"
header_expected = ["RELRO", "STACK CANARY", "NX", "PIE", "RPATH", "RUNPATH", "FILE"]
binary_expected = ["Full RELRO", "Canary found", "NX enabled", "PIE enabled", "No RPATH",
"No RUNPATH", casadm_binary]
header_expected = [
"RELRO",
"STACK CANARY",
"NX",
"PIE",
"RPATH",
"RUNPATH",
"FILE",
]
binary_expected = [
"Full RELRO",
"Canary found",
"NX enabled",
"PIE enabled",
"No RPATH",
"No RUNPATH",
casadm_binary,
]
result_lines = TestRun.executor.run_expect_success(
f'{checksec_path} --file {casadm_binary}').stdout.splitlines()
f"{checksec_path} --file {casadm_binary}"
).stdout.splitlines()
header_found = False
for line in result_lines:
if not header_found:
if line.startswith("RELRO"):
@ -47,17 +64,20 @@ def test_checksec():
header = line
continue
# remove formatting from output
result = re.sub(r'\x1B\[[0-9;]*m', '', line)
result = re.sub(r"\x1B\[[0-9;]*m", "", line)
break
header = [i.strip() for i in header.split(" ") if i != '']
header = [i.strip() for i in header.split(" ") if i != ""]
if header != header_expected:
TestRun.LOGGER.error(
'Incorrect header detected!\n'
f'Expected: {" ".join(header_expected)},\n'
f'Actual: {" ".join(header)}')
result = [i.strip() for i in result.split(" ") if i != '']
"Incorrect header detected!\n"
f"Expected: {' '.join(header_expected)},\n"
f"Actual: {' '.join(header)}"
)
result = [i.strip() for i in result.split(" ") if i != ""]
if result != binary_expected:
TestRun.LOGGER.error(
'Incorrect compilation flags!\n'
f'Expected: {" ".join(binary_expected)},\n'
f'Actual: {" ".join(result)}')
"Incorrect compilation flags!\n"
f"Expected: {' '.join(binary_expected)},\n"
f"Actual: {' '.join(result)}"
)