summaryrefslogtreecommitdiffstats
path: root/t/recipes/checks/pe
diff options
context:
space:
mode:
Diffstat (limited to 't/recipes/checks/pe')
-rw-r--r--t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install1
-rw-r--r--t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values4
-rw-r--r--t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile33
-rw-r--r--t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c26
-rw-r--r--t/recipes/checks/pe/missing-security-features-32-bit/eval/desc2
-rw-r--r--t/recipes/checks/pe/missing-security-features-32-bit/eval/hints3
-rw-r--r--t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install1
-rw-r--r--t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values4
-rw-r--r--t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile33
-rw-r--r--t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c26
-rw-r--r--t/recipes/checks/pe/missing-security-features-64-bit/eval/desc2
-rw-r--r--t/recipes/checks/pe/missing-security-features-64-bit/eval/hints3
-rw-r--r--t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install1
-rw-r--r--t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values3
-rw-r--r--t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage0
-rw-r--r--t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exebin0 -> 628741 bytes
-rw-r--r--t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exebin0 -> 592899 bytes
-rw-r--r--t/recipes/checks/pe/missing-security-features-fp/eval/desc4
-rw-r--r--t/recipes/checks/pe/missing-security-features-fp/eval/hints1
19 files changed, 147 insertions, 0 deletions
diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install
new file mode 100644
index 0000000..b2551e6
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install
@@ -0,0 +1 @@
+*.exe usr/share/win32
diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values
new file mode 100644
index 0000000..cc065dd
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values
@@ -0,0 +1,4 @@
+Testname: missing-security-features-32-bit
+Skeleton: upload-native
+Extra-Build-Depends: gcc-mingw-w64-i686, mingw-w64-tools
+Description: Test with 32-bit PE binaries (PE32) missing recommended security features
diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile
new file mode 100644
index 0000000..c4e03e9
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile
@@ -0,0 +1,33 @@
+MINGWCC = i686-w64-mingw32-gcc
+
+sources = hello.c
+safe = hello32.exe
+
+staticbase = $(patsubst %.exe,%-static-base.exe,$(safe))
+dataexecution = $(patsubst %.exe,%-data-execution.exe,$(safe))
+unsafeseh = $(patsubst %.exe,%-unsafe-seh.exe,$(safe))
+
+all: $(safe) $(staticbase) $(dataexecution) $(unsafeseh)
+
+$(safe): $(sources)
+ $(MINGWCC) -o $@ $^
+ genpeimg -d +d $@
+ genpeimg -d +n $@
+ genpeimg -d -s $@
+
+$(staticbase): $(safe)
+ cp $< $@
+ genpeimg -d -d $@
+
+$(dataexecution): $(safe)
+ cp $< $@
+ genpeimg -d -n $@
+
+$(unsafeseh): $(safe)
+ cp $< $@
+ # SEH is inverted
+ genpeimg -d +s $@
+
+.PHONY: clean
+clean:
+ rm -f $(safe) $(staticbase) $(dataexecution) $(unsafeseh)
diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c
new file mode 100644
index 0000000..7085b1e
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c
@@ -0,0 +1,26 @@
+/* Copyright (C) 2019 Felix Lechner
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, you can find it on the World Wide
+ Web at https://www.gnu.org/copyleft/gpl.html, or write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301, USA
+*/
+
+#include <stdio.h>
+
+int main(void){
+
+ printf("Hello, Lintian!\n");
+ return 0;
+}
diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc b/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc
new file mode 100644
index 0000000..db88ae6
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc
@@ -0,0 +1,2 @@
+Testname: missing-security-features-32-bit
+Check: pe
diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints b/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints
new file mode 100644
index 0000000..c7cb89b
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints
@@ -0,0 +1,3 @@
+missing-security-features-32-bit (binary): portable-executable-missing-security-features SafeSEH [usr/share/win32/hello32-unsafe-seh.exe]
+missing-security-features-32-bit (binary): portable-executable-missing-security-features DEP/NX [usr/share/win32/hello32-data-execution.exe]
+missing-security-features-32-bit (binary): portable-executable-missing-security-features ASLR [usr/share/win32/hello32-static-base.exe]
diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install
new file mode 100644
index 0000000..b2551e6
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install
@@ -0,0 +1 @@
+*.exe usr/share/win32
diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values
new file mode 100644
index 0000000..da2ab70
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values
@@ -0,0 +1,4 @@
+Testname: missing-security-features-64-bit
+Skeleton: upload-native
+Extra-Build-Depends: gcc-mingw-w64-x86-64, mingw-w64-tools
+Description: Test with 64-bit PE binaries (PE32+) missing recommended security features
diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile
new file mode 100644
index 0000000..ddd8290
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile
@@ -0,0 +1,33 @@
+MINGWCC = x86_64-w64-mingw32-gcc
+
+sources = hello.c
+safe = hello64.exe
+
+staticbase = $(patsubst %.exe,%-static-base.exe,$(safe))
+dataexecution = $(patsubst %.exe,%-data-execution.exe,$(safe))
+unsafeseh = $(patsubst %.exe,%-unsafe-seh.exe,$(safe))
+
+all: $(safe) $(staticbase) $(dataexecution) $(unsafeseh)
+
+$(safe): $(sources)
+ $(MINGWCC) -o $@ $^
+ genpeimg -d +d $@
+ genpeimg -d +n $@
+ genpeimg -d -s $@
+
+$(staticbase): $(safe)
+ cp $< $@
+ genpeimg -d -d $@
+
+$(dataexecution): $(safe)
+ cp $< $@
+ genpeimg -d -n $@
+
+$(unsafeseh): $(safe)
+ cp $< $@
+ # SEH is inverted
+ genpeimg -d +s $@
+
+.PHONY: clean
+clean:
+ rm -f $(safe) $(staticbase) $(dataexecution) $(unsafeseh)
diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c
new file mode 100644
index 0000000..7085b1e
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c
@@ -0,0 +1,26 @@
+/* Copyright (C) 2019 Felix Lechner
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, you can find it on the World Wide
+ Web at https://www.gnu.org/copyleft/gpl.html, or write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301, USA
+*/
+
+#include <stdio.h>
+
+int main(void){
+
+ printf("Hello, Lintian!\n");
+ return 0;
+}
diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc b/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc
new file mode 100644
index 0000000..a72b1e0
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc
@@ -0,0 +1,2 @@
+Testname: missing-security-features-64-bit
+Check: pe
diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints b/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints
new file mode 100644
index 0000000..56fb3ce
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints
@@ -0,0 +1,3 @@
+missing-security-features-64-bit (binary): portable-executable-missing-security-features SafeSEH [usr/share/win32/hello64-unsafe-seh.exe]
+missing-security-features-64-bit (binary): portable-executable-missing-security-features DEP/NX [usr/share/win32/hello64-data-execution.exe]
+missing-security-features-64-bit (binary): portable-executable-missing-security-features ASLR [usr/share/win32/hello64-static-base.exe]
diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install
new file mode 100644
index 0000000..b2551e6
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install
@@ -0,0 +1 @@
+*.exe usr/share/win32
diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values
new file mode 100644
index 0000000..5707c9a
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values
@@ -0,0 +1,3 @@
+Skeleton: upload-native
+Testname: missing-security-features-fp
+Description: Test with hardened PE binaries not missing any security features
diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage
diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe
new file mode 100644
index 0000000..9ba57fb
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe
Binary files differ
diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe
new file mode 100644
index 0000000..0f50468
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe
Binary files differ
diff --git a/t/recipes/checks/pe/missing-security-features-fp/eval/desc b/t/recipes/checks/pe/missing-security-features-fp/eval/desc
new file mode 100644
index 0000000..5a754e7
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-fp/eval/desc
@@ -0,0 +1,4 @@
+Testname: missing-security-features-fp
+Check: pe
+Test-Against:
+ portable-executable-missing-security-features
diff --git a/t/recipes/checks/pe/missing-security-features-fp/eval/hints b/t/recipes/checks/pe/missing-security-features-fp/eval/hints
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/t/recipes/checks/pe/missing-security-features-fp/eval/hints
@@ -0,0 +1 @@
+