tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

autowinchecksec.py (2099B)

      1 #!/usr/bin/env python
      2 
      3 # This Source Code Form is subject to the terms of the Mozilla Public
      4 # License, v. 2.0. If a copy of the MPL was not distributed with this
      5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
      6 
      7 # run the Winchecksec tool (https://github.com/trailofbits/winchecksec)
      8 # against a given Windows binary.
      9 
     10 import subprocess
     11 import sys
     12 
     13 import buildconfig
     14 from mozfile import json
     15 
     16 # usage
     17 if len(sys.argv) != 2:
     18    print("""usage : autowinchecksec.by path_to_binary""")
     19    sys.exit(0)
     20 
     21 binary_path = sys.argv[1]
     22 
     23 # execute winchecksec against the binary, using the WINCHECKSEC environment
     24 # variable as the path to winchecksec.exe
     25 try:
     26    winchecksec_path = buildconfig.substs["WINCHECKSEC"]
     27 except KeyError:
     28    print(
     29        "TEST-UNEXPECTED-FAIL | autowinchecksec.py | WINCHECKSEC environment variable is "
     30        "not set, can't check DEP/ASLR etc. status."
     31    )
     32    sys.exit(1)
     33 
     34 wine = buildconfig.substs.get("WINE")
     35 if wine and winchecksec_path.lower().endswith(".exe"):
     36    cmd = [wine, winchecksec_path]
     37 else:
     38    cmd = [winchecksec_path]
     39 
     40 try:
     41    result = subprocess.check_output(cmd + ["-j", binary_path], universal_newlines=True)
     42 
     43 except subprocess.CalledProcessError as e:
     44    print(
     45        "TEST-UNEXPECTED-FAIL | autowinchecksec.py | Winchecksec returned error code %d:\n%s"
     46        % (e.returncode, e.output)
     47    )
     48    sys.exit(1)
     49 
     50 
     51 result = json.loads(result)
     52 
     53 checks = [
     54    "aslr",
     55    "cfg",
     56    "dynamicBase",
     57    "gs",
     58    "isolation",
     59    "nx",
     60    "seh",
     61 ]
     62 
     63 if buildconfig.substs["TARGET_CPU"] == "x86":
     64    checks += [
     65        "safeSEH",
     66    ]
     67 else:
     68    checks += [
     69        "highEntropyVA",
     70    ]
     71 
     72 failed = [c for c in checks if result.get(c) is False]
     73 
     74 if failed:
     75    print(
     76        "TEST-UNEXPECTED-FAIL | autowinchecksec.py | Winchecksec reported %d error(s) for %s"
     77        % (len(failed), binary_path)
     78    )
     79    print(
     80        "TEST-UNEXPECTED-FAIL | autowinchecksec.py | The following check(s) failed: %s"
     81        % (", ".join(failed))
     82    )
     83    sys.exit(1)
     84 else:
     85    print("TEST-PASS | autowinchecksec.py | %s succeeded" % binary_path)