2016-01-21 13:19:22 +01:00
|
|
|
From 4d995b87763076cc2aca25b7836e106708bd926f Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: =?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
|
|
|
|
|
Date: Fri, 23 Oct 2015 23:43:16 +0200
|
|
|
|
|
Subject: [PATCH] Skip checks for problematic function calls if common prefix
|
|
|
|
|
does not match
|
|
|
|
|
|
|
|
|
|
The regexes have a common prefix. If the prefix does not match, none of
|
|
|
|
|
the regexes will match, continue with the next line.
|
|
|
|
|
---
|
|
|
|
|
BinariesCheck.py | 53 ++++++++++++++++++++++++++++++++---------------------
|
|
|
|
|
1 file changed, 32 insertions(+), 21 deletions(-)
|
|
|
|
|
|
2016-01-30 20:44:17 +01:00
|
|
|
Index: rpmlint-rpmlint-1.8/BinariesCheck.py
|
|
|
|
|
===================================================================
|
|
|
|
|
--- rpmlint-rpmlint-1.8.orig/BinariesCheck.py
|
|
|
|
|
+++ rpmlint-rpmlint-1.8/BinariesCheck.py
|
2016-01-21 13:19:22 +01:00
|
|
|
@@ -28,14 +28,14 @@ DEFAULT_SYSTEM_LIB_PATHS = (
|
|
|
|
|
def create_regexp_call(call):
|
|
|
|
|
if type(call) == type([]):
|
|
|
|
|
call = '(?:' + '|'.join(call) + ')'
|
|
|
|
|
- r = "\s+FUNC\s+.*?\s+(%s(?:@GLIBC\S+)?)(?:\s|$)" % call
|
|
|
|
|
+ r = ".*?\s+(%s(?:@GLIBC\S+)?)(?:\s|$)" % call
|
|
|
|
|
return re.compile(r)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def create_nonlibc_regexp_call(call):
|
|
|
|
|
if type(call) == type([]):
|
|
|
|
|
call = '(?:' + '|'.join(call) + ')'
|
|
|
|
|
- r = "\s+FUNC\s+.*?\s+UND\s+(%s)\s?.*$" % call
|
|
|
|
|
+ r = ".*?\s+UND\s+(%s)\s?.*$" % call
|
|
|
|
|
return re.compile(r)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@@ -51,6 +51,7 @@ class BinaryInfo:
|
|
|
|
|
stack_exec_regex = re.compile('^..E$')
|
|
|
|
|
undef_regex = re.compile('^undefined symbol:\s+(\S+)')
|
|
|
|
|
unused_regex = re.compile('^\s+(\S+)')
|
|
|
|
|
+ call_regex = re.compile('\s0\s+FUNC\s+(.*)')
|
|
|
|
|
exit_call_regex = create_regexp_call('_?exit')
|
|
|
|
|
fork_call_regex = create_regexp_call('fork')
|
2016-01-30 20:44:17 +01:00
|
|
|
debuginfo_regex=re.compile('^\s+\[\s*\d+\]\s+\.debug_.*\s+')
|
|
|
|
|
@@ -109,25 +110,8 @@ class BinaryInfo:
|
2016-01-21 13:19:22 +01:00
|
|
|
cmd.append(path)
|
|
|
|
|
res = Pkg.getstatusoutput(cmd)
|
|
|
|
|
if not res[0]:
|
|
|
|
|
- for l in res[1].splitlines():
|
|
|
|
|
- if BinaryInfo.mktemp_call_regex.search(l):
|
|
|
|
|
- self.mktemp = True
|
|
|
|
|
-
|
|
|
|
|
- if BinaryInfo.setgid_call_regex.search(l):
|
|
|
|
|
- self.setgid = True
|
|
|
|
|
-
|
|
|
|
|
- if BinaryInfo.setuid_call_regex.search(l):
|
|
|
|
|
- self.setuid = True
|
|
|
|
|
-
|
|
|
|
|
- if BinaryInfo.setgroups_call_regex.search(l):
|
|
|
|
|
- self.setgroups = True
|
|
|
|
|
-
|
|
|
|
|
- if BinaryInfo.chdir_call_regex.search(l):
|
|
|
|
|
- self.chdir = True
|
|
|
|
|
-
|
|
|
|
|
- if BinaryInfo.chroot_call_regex.search(l):
|
|
|
|
|
- self.chroot = True
|
|
|
|
|
-
|
|
|
|
|
+ lines = res[1].splitlines()
|
|
|
|
|
+ for l in lines:
|
|
|
|
|
r = BinaryInfo.needed_regex.search(l)
|
|
|
|
|
if r:
|
|
|
|
|
self.needed.append(r.group(1))
|
2016-01-30 20:44:17 +01:00
|
|
|
@@ -160,6 +144,41 @@ class BinaryInfo:
|
2016-01-21 13:19:22 +01:00
|
|
|
self.exec_stack = True
|
|
|
|
|
continue
|
|
|
|
|
|
2016-01-30 20:44:17 +01:00
|
|
|
+ if BinaryInfo.debuginfo_regex.search(l):
|
|
|
|
|
+ self.debuginfo=1
|
|
|
|
|
+ continue
|
|
|
|
|
+
|
|
|
|
|
+ if BinaryInfo.symtab_regex.search(l):
|
|
|
|
|
+ self.symtab=1
|
|
|
|
|
+ continue
|
|
|
|
|
+
|
2016-01-21 13:19:22 +01:00
|
|
|
+ if l.startswith("Symbol table"):
|
|
|
|
|
+ break
|
|
|
|
|
+
|
|
|
|
|
+ for l in lines:
|
|
|
|
|
+ r = BinaryInfo.call_regex.search(l)
|
|
|
|
|
+ if not r:
|
|
|
|
|
+ continue
|
|
|
|
|
+ l = r.group(1)
|
|
|
|
|
+
|
|
|
|
|
+ if BinaryInfo.mktemp_call_regex.search(l):
|
|
|
|
|
+ self.mktemp = True
|
|
|
|
|
+
|
|
|
|
|
+ if BinaryInfo.setgid_call_regex.search(l):
|
|
|
|
|
+ self.setgid = True
|
|
|
|
|
+
|
|
|
|
|
+ if BinaryInfo.setuid_call_regex.search(l):
|
|
|
|
|
+ self.setuid = True
|
|
|
|
|
+
|
|
|
|
|
+ if BinaryInfo.setgroups_call_regex.search(l):
|
|
|
|
|
+ self.setgroups = True
|
|
|
|
|
+
|
|
|
|
|
+ if BinaryInfo.chdir_call_regex.search(l):
|
|
|
|
|
+ self.chdir = True
|
|
|
|
|
+
|
|
|
|
|
+ if BinaryInfo.chroot_call_regex.search(l):
|
|
|
|
|
+ self.chroot = True
|
|
|
|
|
+
|
|
|
|
|
if BinaryInfo.forbidden_functions:
|
|
|
|
|
for r_name, func in BinaryInfo.forbidden_functions.items():
|
|
|
|
|
ret = func['f_regex'].search(l)
|
2016-01-30 20:44:17 +01:00
|
|
|
@@ -181,14 +200,6 @@ class BinaryInfo:
|
|
|
|
|
fork_called = True
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
- if BinaryInfo.debuginfo_regex.search(l):
|
|
|
|
|
- self.debuginfo=1
|
|
|
|
|
- continue
|
|
|
|
|
-
|
|
|
|
|
- if BinaryInfo.symtab_regex.search(l):
|
|
|
|
|
- self.symtab=1
|
|
|
|
|
- continue
|
|
|
|
|
-
|
|
|
|
|
# check if we don't have a string that will automatically
|
|
|
|
|
# waive the presence of a forbidden call
|
|
|
|
|
if self.forbidden_calls:
|
