diff options
Diffstat (limited to 't/recipes/checks/pe')
19 files changed, 147 insertions, 0 deletions
diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install new file mode 100644 index 0000000..b2551e6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install @@ -0,0 +1 @@ +*.exe usr/share/win32 diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values new file mode 100644 index 0000000..cc065dd --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values @@ -0,0 +1,4 @@ +Testname: missing-security-features-32-bit +Skeleton: upload-native +Extra-Build-Depends: gcc-mingw-w64-i686, mingw-w64-tools +Description: Test with 32-bit PE binaries (PE32) missing recommended security features diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile new file mode 100644 index 0000000..c4e03e9 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile @@ -0,0 +1,33 @@ +MINGWCC = i686-w64-mingw32-gcc + +sources = hello.c +safe = hello32.exe + +staticbase = $(patsubst %.exe,%-static-base.exe,$(safe)) +dataexecution = $(patsubst %.exe,%-data-execution.exe,$(safe)) +unsafeseh = $(patsubst %.exe,%-unsafe-seh.exe,$(safe)) + +all: $(safe) $(staticbase) $(dataexecution) $(unsafeseh) + +$(safe): $(sources) + $(MINGWCC) -o $@ $^ + genpeimg -d +d $@ + genpeimg -d +n $@ + genpeimg -d -s $@ + +$(staticbase): $(safe) + cp $< $@ + genpeimg -d -d $@ + +$(dataexecution): $(safe) + cp $< $@ + genpeimg -d -n $@ + +$(unsafeseh): $(safe) + cp $< $@ + # SEH is inverted + genpeimg -d +s $@ + +.PHONY: clean +clean: + rm -f $(safe) $(staticbase) $(dataexecution) $(unsafeseh) diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c new file mode 100644 index 0000000..7085b1e --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c @@ -0,0 +1,26 @@ +/* Copyright (C) 2019 Felix Lechner + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, you can find it on the World Wide + Web at https://www.gnu.org/copyleft/gpl.html, or write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA +*/ + +#include <stdio.h> + +int main(void){ + + printf("Hello, Lintian!\n"); + return 0; +} diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc b/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc new file mode 100644 index 0000000..db88ae6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc @@ -0,0 +1,2 @@ +Testname: missing-security-features-32-bit +Check: pe diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints b/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints new file mode 100644 index 0000000..c7cb89b --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints @@ -0,0 +1,3 @@ +missing-security-features-32-bit (binary): portable-executable-missing-security-features SafeSEH [usr/share/win32/hello32-unsafe-seh.exe] +missing-security-features-32-bit (binary): portable-executable-missing-security-features DEP/NX [usr/share/win32/hello32-data-execution.exe] +missing-security-features-32-bit (binary): portable-executable-missing-security-features ASLR [usr/share/win32/hello32-static-base.exe] diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install new file mode 100644 index 0000000..b2551e6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install @@ -0,0 +1 @@ +*.exe usr/share/win32 diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values new file mode 100644 index 0000000..da2ab70 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values @@ -0,0 +1,4 @@ +Testname: missing-security-features-64-bit +Skeleton: upload-native +Extra-Build-Depends: gcc-mingw-w64-x86-64, mingw-w64-tools +Description: Test with 64-bit PE binaries (PE32+) missing recommended security features diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile new file mode 100644 index 0000000..ddd8290 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile @@ -0,0 +1,33 @@ +MINGWCC = x86_64-w64-mingw32-gcc + +sources = hello.c +safe = hello64.exe + +staticbase = $(patsubst %.exe,%-static-base.exe,$(safe)) +dataexecution = $(patsubst %.exe,%-data-execution.exe,$(safe)) +unsafeseh = $(patsubst %.exe,%-unsafe-seh.exe,$(safe)) + +all: $(safe) $(staticbase) $(dataexecution) $(unsafeseh) + +$(safe): $(sources) + $(MINGWCC) -o $@ $^ + genpeimg -d +d $@ + genpeimg -d +n $@ + genpeimg -d -s $@ + +$(staticbase): $(safe) + cp $< $@ + genpeimg -d -d $@ + +$(dataexecution): $(safe) + cp $< $@ + genpeimg -d -n $@ + +$(unsafeseh): $(safe) + cp $< $@ + # SEH is inverted + genpeimg -d +s $@ + +.PHONY: clean +clean: + rm -f $(safe) $(staticbase) $(dataexecution) $(unsafeseh) diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c new file mode 100644 index 0000000..7085b1e --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c @@ -0,0 +1,26 @@ +/* Copyright (C) 2019 Felix Lechner + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, you can find it on the World Wide + Web at https://www.gnu.org/copyleft/gpl.html, or write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA +*/ + +#include <stdio.h> + +int main(void){ + + printf("Hello, Lintian!\n"); + return 0; +} diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc b/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc new file mode 100644 index 0000000..a72b1e0 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc @@ -0,0 +1,2 @@ +Testname: missing-security-features-64-bit +Check: pe diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints b/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints new file mode 100644 index 0000000..56fb3ce --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints @@ -0,0 +1,3 @@ +missing-security-features-64-bit (binary): portable-executable-missing-security-features SafeSEH [usr/share/win32/hello64-unsafe-seh.exe] +missing-security-features-64-bit (binary): portable-executable-missing-security-features DEP/NX [usr/share/win32/hello64-data-execution.exe] +missing-security-features-64-bit (binary): portable-executable-missing-security-features ASLR [usr/share/win32/hello64-static-base.exe] diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install new file mode 100644 index 0000000..b2551e6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install @@ -0,0 +1 @@ +*.exe usr/share/win32 diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values new file mode 100644 index 0000000..5707c9a --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: missing-security-features-fp +Description: Test with hardened PE binaries not missing any security features diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe Binary files differnew file mode 100644 index 0000000..9ba57fb --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe Binary files differnew file mode 100644 index 0000000..0f50468 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe diff --git a/t/recipes/checks/pe/missing-security-features-fp/eval/desc b/t/recipes/checks/pe/missing-security-features-fp/eval/desc new file mode 100644 index 0000000..5a754e7 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/eval/desc @@ -0,0 +1,4 @@ +Testname: missing-security-features-fp +Check: pe +Test-Against: + portable-executable-missing-security-features diff --git a/t/recipes/checks/pe/missing-security-features-fp/eval/hints b/t/recipes/checks/pe/missing-security-features-fp/eval/hints new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/eval/hints @@ -0,0 +1 @@ + |