Skip to content

Commit 261f770

Browse files
theunitheuni
committed
contrib: rename cc to cxx in binary checking scripts
1 parent a38c960 commit 261f770

File tree

2 files changed

+51
-51
lines changed

2 files changed

+51
-51
lines changed

contrib/devtools/test-security-check.py

Lines changed: 38 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -38,13 +38,13 @@ def env_flags() -> list[str]:
3838
flags += filter(None, os.environ.get(var, '').split(' '))
3939
return flags
4040

41-
def call_security_check(cc: str, source: str, executable: str, options) -> tuple:
42-
subprocess.run([*cc,source,'-o',executable] + env_flags() + options, check=True)
41+
def call_security_check(cxx: str, source: str, executable: str, options) -> tuple:
42+
subprocess.run([*cxx,source,'-o',executable] + env_flags() + options, check=True)
4343
p = subprocess.run([os.path.join(os.path.dirname(__file__), 'security-check.py'), executable], stdout=subprocess.PIPE, text=True)
4444
return (p.returncode, p.stdout.rstrip())
4545

46-
def get_arch(cc, source, executable):
47-
subprocess.run([*cc, source, '-o', executable] + env_flags(), check=True)
46+
def get_arch(cxx, source, executable):
47+
subprocess.run([*cxx, source, '-o', executable] + env_flags(), check=True)
4848
binary = lief.parse(executable)
4949
arch = binary.abstract.header.architecture
5050
os.remove(executable)
@@ -54,91 +54,91 @@ class TestSecurityChecks(unittest.TestCase):
5454
def test_ELF(self):
5555
source = 'test1.cpp'
5656
executable = 'test1'
57-
cc = determine_wellknown_cmd('CXX', 'g++')
57+
cxx = determine_wellknown_cmd('CXX', 'g++')
5858
write_testcode(source)
59-
arch = get_arch(cc, source, executable)
59+
arch = get_arch(cxx, source, executable)
6060

6161
if arch == lief.ARCHITECTURES.X86:
62-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
62+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
6363
(1, executable+': failed PIE NX RELRO CONTROL_FLOW'))
64-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
64+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
6565
(1, executable+': failed PIE RELRO CONTROL_FLOW'))
66-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
66+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
6767
(1, executable+': failed PIE RELRO CONTROL_FLOW'))
68-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
68+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
6969
(1, executable+': failed RELRO CONTROL_FLOW'))
70-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
70+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
7171
(1, executable+': failed separate_code CONTROL_FLOW'))
72-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
72+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
7373
(1, executable+': failed CONTROL_FLOW'))
74-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']),
74+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']),
7575
(0, ''))
7676
else:
77-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
77+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
7878
(1, executable+': failed PIE NX RELRO'))
79-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
79+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
8080
(1, executable+': failed PIE RELRO'))
81-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
81+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
8282
(1, executable+': failed PIE RELRO'))
83-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
83+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
8484
(1, executable+': failed RELRO'))
85-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
85+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
8686
(1, executable+': failed separate_code'))
87-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
87+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
8888
(0, ''))
8989

9090
clean_files(source, executable)
9191

9292
def test_PE(self):
9393
source = 'test1.cpp'
9494
executable = 'test1.exe'
95-
cc = determine_wellknown_cmd('CXX', 'x86_64-w64-mingw32-g++')
95+
cxx = determine_wellknown_cmd('CXX', 'x86_64-w64-mingw32-g++')
9696
write_testcode(source)
9797

98-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--disable-nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fno-stack-protector']),
98+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--disable-nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fno-stack-protector']),
9999
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA NX RELOC_SECTION CONTROL_FLOW Canary'))
100-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
100+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
101101
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA RELOC_SECTION CONTROL_FLOW'))
102-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
102+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
103103
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA CONTROL_FLOW'))
104-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
104+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
105105
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA CONTROL_FLOW')) # -pie -fPIE does nothing unless --dynamicbase is also supplied
106-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
106+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
107107
(1, executable+': failed HIGH_ENTROPY_VA CONTROL_FLOW'))
108-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
108+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
109109
(1, executable+': failed CONTROL_FLOW'))
110-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE', '-fcf-protection=full','-fstack-protector-all', '-lssp']),
110+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE', '-fcf-protection=full','-fstack-protector-all', '-lssp']),
111111
(0, ''))
112112

113113
clean_files(source, executable)
114114

115115
def test_MACHO(self):
116116
source = 'test1.cpp'
117117
executable = 'test1'
118-
cc = determine_wellknown_cmd('CXX', 'clang++')
118+
cxx = determine_wellknown_cmd('CXX', 'clang++')
119119
write_testcode(source)
120-
arch = get_arch(cc, source, executable)
120+
arch = get_arch(cxx, source, executable)
121121

122122
if arch == lief.ARCHITECTURES.X86:
123-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
123+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
124124
(1, executable+': failed NOUNDEFS Canary FIXUP_CHAINS PIE CONTROL_FLOW'))
125-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains']),
125+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains']),
126126
(1, executable+': failed NOUNDEFS Canary CONTROL_FLOW'))
127-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains']),
127+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains']),
128128
(1, executable+': failed NOUNDEFS CONTROL_FLOW'))
129-
self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains']),
129+
self.assertEqual(call_security_check(cxx, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains']),
130130
(1, executable+': failed CONTROL_FLOW'))
131-
self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all', '-fcf-protection=full', '-Wl,-fixup_chains']),
131+
self.assertEqual(call_security_check(cxx, source, executable, ['-fstack-protector-all', '-fcf-protection=full', '-Wl,-fixup_chains']),
132132
(0, ''))
133133
else:
134134
# arm64 darwin doesn't support non-PIE binaries, control flow or executable stacks
135-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
135+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
136136
(1, executable+': failed NOUNDEFS Canary FIXUP_CHAINS BRANCH_PROTECTION'))
137-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
137+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
138138
(1, executable+': failed NOUNDEFS Canary'))
139-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
139+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
140140
(1, executable+': failed NOUNDEFS'))
141-
self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
141+
self.assertEqual(call_security_check(cxx, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
142142
(0, ''))
143143

144144

contrib/devtools/test-symbol-check.py

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111

1212
from utils import determine_wellknown_cmd
1313

14-
def call_symbol_check(cc: list[str], source, executable, options):
14+
def call_symbol_check(cxx: list[str], source, executable, options):
1515
# This should behave the same as AC_TRY_LINK, so arrange well-known flags
1616
# in the same order as autoconf would.
1717
#
@@ -21,7 +21,7 @@ def call_symbol_check(cc: list[str], source, executable, options):
2121
for var in ['CXXFLAGS', 'CPPFLAGS', 'LDFLAGS']:
2222
env_flags += filter(None, os.environ.get(var, '').split(' '))
2323

24-
subprocess.run([*cc,source,'-o',executable] + env_flags + options, check=True)
24+
subprocess.run([*cxx,source,'-o',executable] + env_flags + options, check=True)
2525
p = subprocess.run([os.path.join(os.path.dirname(__file__), 'symbol-check.py'), executable], stdout=subprocess.PIPE, text=True)
2626
os.remove(source)
2727
os.remove(executable)
@@ -31,7 +31,7 @@ class TestSymbolChecks(unittest.TestCase):
3131
def test_ELF(self):
3232
source = 'test1.cpp'
3333
executable = 'test1'
34-
cc = determine_wellknown_cmd('CXX', 'g++')
34+
cxx = determine_wellknown_cmd('CXX', 'g++')
3535

3636
# -lutil is part of the libc6 package so a safe bet that it's installed
3737
# it's also out of context enough that it's unlikely to ever become a real dependency
@@ -48,7 +48,7 @@ def test_ELF(self):
4848
}
4949
''')
5050

51-
self.assertEqual(call_symbol_check(cc, source, executable, ['-lutil']),
51+
self.assertEqual(call_symbol_check(cxx, source, executable, ['-lutil']),
5252
(1, executable + ': libutil.so.1 is not in ALLOWED_LIBRARIES!\n' +
5353
executable + ': failed LIBRARY_DEPENDENCIES'))
5454

@@ -66,13 +66,13 @@ def test_ELF(self):
6666
}
6767
''')
6868

69-
self.assertEqual(call_symbol_check(cc, source, executable, []),
69+
self.assertEqual(call_symbol_check(cxx, source, executable, []),
7070
(0, ''))
7171

7272
def test_MACHO(self):
7373
source = 'test1.cpp'
7474
executable = 'test1'
75-
cc = determine_wellknown_cmd('CXX', 'clang++')
75+
cxx = determine_wellknown_cmd('CXX', 'clang++')
7676

7777
with open(source, 'w', encoding="utf8") as f:
7878
f.write('''
@@ -86,7 +86,7 @@ def test_MACHO(self):
8686
8787
''')
8888

89-
self.assertEqual(call_symbol_check(cc, source, executable, ['-lexpat', '-Wl,-platform_version','-Wl,macos', '-Wl,11.4', '-Wl,11.4']),
89+
self.assertEqual(call_symbol_check(cxx, source, executable, ['-lexpat', '-Wl,-platform_version','-Wl,macos', '-Wl,11.4', '-Wl,11.4']),
9090
(1, 'libexpat.1.dylib is not in ALLOWED_LIBRARIES!\n' +
9191
f'{executable}: failed DYNAMIC_LIBRARIES MIN_OS SDK'))
9292

@@ -103,7 +103,7 @@ def test_MACHO(self):
103103
}
104104
''')
105105

106-
self.assertEqual(call_symbol_check(cc, source, executable, ['-framework', 'CoreGraphics', '-Wl,-platform_version','-Wl,macos', '-Wl,11.4', '-Wl,11.4']),
106+
self.assertEqual(call_symbol_check(cxx, source, executable, ['-framework', 'CoreGraphics', '-Wl,-platform_version','-Wl,macos', '-Wl,11.4', '-Wl,11.4']),
107107
(1, f'{executable}: failed MIN_OS SDK'))
108108

109109
source = 'test3.cpp'
@@ -116,13 +116,13 @@ def test_MACHO(self):
116116
}
117117
''')
118118

119-
self.assertEqual(call_symbol_check(cc, source, executable, ['-Wl,-platform_version','-Wl,macos', '-Wl,11.0', '-Wl,11.4']),
119+
self.assertEqual(call_symbol_check(cxx, source, executable, ['-Wl,-platform_version','-Wl,macos', '-Wl,11.0', '-Wl,11.4']),
120120
(1, f'{executable}: failed SDK'))
121121

122122
def test_PE(self):
123123
source = 'test1.cpp'
124124
executable = 'test1.exe'
125-
cc = determine_wellknown_cmd('CXX', 'x86_64-w64-mingw32-g++')
125+
cxx = determine_wellknown_cmd('CXX', 'x86_64-w64-mingw32-g++')
126126

127127
with open(source, 'w', encoding="utf8") as f:
128128
f.write('''
@@ -135,7 +135,7 @@ def test_PE(self):
135135
}
136136
''')
137137

138-
self.assertEqual(call_symbol_check(cc, source, executable, ['-lpdh', '-Wl,--major-subsystem-version', '-Wl,6', '-Wl,--minor-subsystem-version', '-Wl,1']),
138+
self.assertEqual(call_symbol_check(cxx, source, executable, ['-lpdh', '-Wl,--major-subsystem-version', '-Wl,6', '-Wl,--minor-subsystem-version', '-Wl,1']),
139139
(1, 'pdh.dll is not in ALLOWED_LIBRARIES!\n' +
140140
executable + ': failed DYNAMIC_LIBRARIES'))
141141

@@ -150,7 +150,7 @@ def test_PE(self):
150150
}
151151
''')
152152

153-
self.assertEqual(call_symbol_check(cc, source, executable, ['-Wl,--major-subsystem-version', '-Wl,9', '-Wl,--minor-subsystem-version', '-Wl,9']),
153+
self.assertEqual(call_symbol_check(cxx, source, executable, ['-Wl,--major-subsystem-version', '-Wl,9', '-Wl,--minor-subsystem-version', '-Wl,9']),
154154
(1, executable + ': failed SUBSYSTEM_VERSION'))
155155

156156
source = 'test3.cpp'
@@ -166,7 +166,7 @@ def test_PE(self):
166166
}
167167
''')
168168

169-
self.assertEqual(call_symbol_check(cc, source, executable, ['-lole32', '-Wl,--major-subsystem-version', '-Wl,6', '-Wl,--minor-subsystem-version', '-Wl,1']),
169+
self.assertEqual(call_symbol_check(cxx, source, executable, ['-lole32', '-Wl,--major-subsystem-version', '-Wl,6', '-Wl,--minor-subsystem-version', '-Wl,1']),
170170
(0, ''))
171171

172172

0 commit comments

Comments
 (0)