suse-binarieschecks.diff

1 files changed, 58 insertions, 2 deletions

diff --git a/BinariesCheck.py b/BinariesCheck.py
index 0355557..0062524 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -10,13 +10,15 @@
 
 import re
 import stat
+import os
 
 import rpm
 
-from Filter import addDetails, printError, printWarning
+from Filter import addDetails, printError, printWarning, printInfo
 import AbstractCheck
 import Config
 import Pkg
+import os
 
 
 DEFAULT_SYSTEM_LIB_PATHS = (
@@ -37,6 +39,9 @@ class BinaryInfo:
     unused_regex = re.compile('^\s+(\S+)')
     exit_call_regex = re.compile('\s+FUNC\s+.*?\s+(_?exit(?:@\S+)?)(?:\s|$)')
     fork_call_regex = re.compile('\s+FUNC\s+.*?\s+(fork(?:@\S+)?)(?:\s|$)')
+    debuginfo_regex=re.compile('^\s+\[\s*\d+\]\s+\.debug_.*\s+')
+    symtab_regex=re.compile('^\s+\[\s*\d+\]\s+\.symtab\s+')
+    gethostbyname_call_regex = re.compile('\s+FUNC\s+.*?\s+(gethostbyname(?:@\S+)?)(?:\s|$)')
 
     def __init__(self, pkg, path, file, is_ar, is_shlib):
         self.readelf_error = False
@@ -50,7 +55,10 @@ class BinaryInfo:
         self.stack = False
         self.exec_stack = False
         self.exit_calls = []
+        self.calls_gethostbyname = False
         fork_called = False
+        self.debuginfo = 0
+        self.symtab=0
         self.tail = ''
 
         is_debug = path.endswith('.debug')
@@ -93,6 +101,11 @@ class BinaryInfo:
                         self.exec_stack = True
                     continue
 
+                r = BinaryInfo.gethostbyname_call_regex.search(l)
+                if r:
+                    self.calls_gethostbyname = True
+                    continue
+
                 if is_shlib:
                     r = BinaryInfo.exit_call_regex.search(l)
                     if r:
@@ -103,6 +116,14 @@ class BinaryInfo:
                         fork_called = True
                         continue
 
+                if BinaryInfo.debuginfo_regex.search(l):
+                    self.debuginfo=1
+                    continue
+
+                if BinaryInfo.symtab_regex.search(l):
+                    self.symtab=1
+                    continue
+
             if self.non_pic:
                 self.non_pic = 'TEXTREL' in res[1]
 
@@ -274,13 +295,26 @@ class BinariesCheck(AbstractCheck.AbstractCheck):
                 continue
 
             # stripped ?
-            if 'not stripped' in pkgfile.magic:
+            if 'not stripped' in pkgfile.magic and \
+               (os.environ.get('BUILD_DIR', '') == '' or
+               os.environ.get('BUILD_DEBUG', '') != ''):
                 printWarning(pkg, 'unstripped-binary-or-object', fname)
 
             # inspect binary file
             is_shlib = so_regex.search(fname)
             bin_info = BinaryInfo(pkg, pkgfile.path, fname, is_ar, is_shlib)
 
+            # stripped static library
+            if is_ar:
+                if bin_info.readelf_error:
+                    pass
+                elif not bin_info.symtab:
+                    printError(pkg, 'static-library-without-symtab', fname)
+                elif not bin_info.debuginfo and \
+                    (os.environ.get('BUILD_DIR', '') == '' or \
+                    os.environ.get('BUILD_DEBUG','') != ''):
+                    printWarning(pkg, 'static-library-without-debuginfo', fname)
+
             if is_shlib:
                 has_lib = True
 
@@ -330,6 +364,10 @@ class BinariesCheck(AbstractCheck.AbstractCheck):
                 for ec in bin_info.exit_calls:
                     printWarning(pkg, 'shared-lib-calls-exit', fname, ec)
 
+            # gethostbyname ?
+            if bin_info.calls_gethostbyname:
+                printInfo(pkg, 'binary-or-shlib-calls-gethostbyname', fname)
+
             # rpath ?
             if bin_info.rpath:
                 for p in bin_info.rpath:
@@ -524,6 +562,14 @@ with the intended shared libraries only.''',
 'ldd-failed',
 '''Executing ldd on this file failed, all checks could not be run.''',
 
+'static-library-without-symtab',
+'''The static library doesn't contain any symbols and therefore can't be linked
+against. This may indicated that it was strip.''',
+
+'static-library-without-debuginfo',
+'''The static library doesn't contain any debuginfo. Binaries linking against
+this static library can't be properly debugged.''',
+
 'executable-stack',
 '''The binary declares the stack as executable.  Executable stack is usually an
 error as it is only needed if the code contains GCC trampolines or similar
@@ -536,6 +582,10 @@ don\'t define a proper .note.GNU-stack section.''',
 make the stack executable.  Usual suspects include use of a non-GNU linker or
 an old GNU linker version.''',
 
+'binary-or-shlib-calls-gethostbyname',
+'''The binary calls gethostbyname(). Please port the code to use
+getaddrinfo().''',
+
 'shared-lib-calls-exit',
 '''This library package calls exit() or _exit(), probably in a non-fork()
 context. Doing so from a library is strongly discouraged - when a library
@@ -554,6 +604,12 @@ that use prelink, make sure that prelink does not strip it either, usually by
 placing a blacklist file in /etc/prelink.conf.d.  For more information, see
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''',
 
+'unstripped-binary-or-object',
+'''stripping debug info from binaries happens automatically according to global
+project settings. So there's normally no need to manually strip binaries.
+Left over unstripped binaries could therefore indicate a bug in the automatic
+stripping process.''',
+
 'non-position-independent-executable',
 '''This executable must be position independent.  Check that it is built with
 -fPIE/-fpie in compiler flags and -pie in linker flags.''',