From 26504b77eea8eab454c143f50c3a4da4ba63a178 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Thu, 15 Mar 2012 22:37:30 +0100 Subject: [PATCH] Detect non-verbose build logs. Also update exit code for "Missing hardening flags". --- MANIFEST | 1 + bin/blhc | 28 +++++++++++++++++++--- t/logs/verbose-build | 21 ++++++++++++++++ t/tests.t | 57 ++++++++++++++++++++++++++++---------------- 4 files changed, 83 insertions(+), 24 deletions(-) create mode 100644 t/logs/verbose-build diff --git a/MANIFEST b/MANIFEST index 0c53335..33543de 100644 --- a/MANIFEST +++ b/MANIFEST @@ -23,4 +23,5 @@ t/logs/good-library t/logs/good-multiline t/logs/good-pie t/logs/libtool +t/logs/verbose-build t/tests.t diff --git a/bin/blhc b/bin/blhc index 47d464c..aecc180 100755 --- a/bin/blhc +++ b/bin/blhc @@ -44,6 +44,14 @@ sub error_flags { error_color($message, 'red'), $flags, error_color(':', 'yellow'), $line; } +sub error_nonverbose_build { + my ($line) = @_; + + printf "%s%s %s", + error_color('NONVERBOSE BUILD', 'red'), + error_color(':', 'yellow'), + $line; +} sub error_color { my ($message, $color) = @_; @@ -206,6 +214,16 @@ while (my $line = <>) { # Ignore compiler warnings for now. next if $line =~ /$warning_regex/; + # Try to detect non verbose build logs. + if ($line =~ /^checking if you want to see long compiling messages\.\.\. no/ + or $line =~ /^\s*(CC|CCLD)\s+/ + or $line =~ /^\s*(C|c)ompiling\s+/ + or $line =~ /^\s*\[[\d ]+%\] Building /) { + error_nonverbose_build($line); + $exit |= 1 << 2; + } + + # One line may contain multiple commands (";"). Treat each one as single # line. my @line = split /(? +Non verbose build. + +=item B<8> + Missing hardening flags. =back diff --git a/t/logs/verbose-build b/t/logs/verbose-build new file mode 100644 index 0000000..9dd618f --- /dev/null +++ b/t/logs/verbose-build @@ -0,0 +1,21 @@ +# We must ensure a verbose build is used. + + +checking if you want to see long compiling messages... yes +checking if you want to see long compiling messages... no + + CC libtest-a.lo + CC libtest-b.lo + CC libtest_c.lo + CC libtest-d.lo +... + CCLD libtest.la + +CC modules/server/test.c + +Byte-compiling python modules... +Byte-compiling python modules (optimized versions) ... +Byte-compiling python modules... +Byte-compiling python modules (optimized versions) ... + +[ 22%] Building CXX object src/CMakeFiles/test/test.cpp.o diff --git a/t/tests.t b/t/tests.t index 485752a..4247be5 100644 --- a/t/tests.t +++ b/t/tests.t @@ -19,7 +19,7 @@ use strict; use warnings; -use Test::More tests => 68; +use Test::More tests => 70; sub is_blhc { @@ -86,7 +86,7 @@ is_blhc 'good-library', '--all', 0, # Build logs with missing flags. -is_blhc 'bad', '', 4, +is_blhc 'bad', '', 8, "CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c @@ -105,7 +105,7 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -g -O2 -fstack-protector --param=ss LDFLAGS missing (-Wl,-z,relro): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp LDFLAGS missing (-Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.a "; -is_blhc 'bad', '--pie', 4, +is_blhc 'bad', '--pie', 8, "CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-a.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-b.c @@ -126,7 +126,7 @@ LDFLAGS missing (-Wl,-z,relro -fPIE -pie): g++ -g -O2 -fstack-protector --param LDFLAGS missing (-fPIE -pie): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -Wl,-z,relro -o ../src/test/bin/test ../src/test/objs/test.o LDFLAGS missing (-Wl,-z,relro -fPIE -pie): gcc -o test test-a.o test-b.o test-c.a "; -is_blhc 'bad', '--bindnow', 4, +is_blhc 'bad', '--bindnow', 8, "CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c @@ -146,7 +146,7 @@ LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param LDFLAGS missing (-Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -Wl,-z,relro -o ../src/test/bin/test ../src/test/objs/test.o LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a "; -is_blhc 'bad', '--pie --bindnow', 4, +is_blhc 'bad', '--pie --bindnow', 8, "CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-a.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-b.c @@ -167,7 +167,7 @@ LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protec LDFLAGS missing (-fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -Wl,-z,relro -o ../src/test/bin/test ../src/test/objs/test.o LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a "; -is_blhc 'bad', '--all', 4, +is_blhc 'bad', '--all', 8, "CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-a.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-b.c @@ -189,7 +189,7 @@ LDFLAGS missing (-fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=s LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a "; -is_blhc 'bad-cflags', '', 4, +is_blhc 'bad-cflags', '', 8, "CFLAGS missing (-Wformat): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (--param=ssp-buffer-size=4): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c CFLAGS missing (-Werror=format-security): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c @@ -198,7 +198,7 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -Wl,-z,relro -o test test.c -ltest CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest "; -is_blhc 'bad-cflags', '--pie', 4, +is_blhc 'bad-cflags', '--pie', 8, "CFLAGS missing (-Wformat -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c CFLAGS missing (-Werror=format-security -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c @@ -209,7 +209,7 @@ LDFLAGS missing (-fPIE -pie): gcc -Wl,-z,relro -o test test.c -ltest CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest "; -is_blhc 'bad-cflags', '--bindnow', 4, +is_blhc 'bad-cflags', '--bindnow', 8, "CFLAGS missing (-Wformat): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (--param=ssp-buffer-size=4): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c CFLAGS missing (-Werror=format-security): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c @@ -221,7 +221,7 @@ CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wfo CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest LDFLAGS missing (-Wl,-z,now): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest "; -is_blhc 'bad-cflags', '--pie --bindnow', 4, +is_blhc 'bad-cflags', '--pie --bindnow', 8, "CFLAGS missing (-Wformat -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c CFLAGS missing (-Werror=format-security -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c @@ -234,32 +234,32 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -shared -fPIC -Wl,-z,relro -o test.s LDFLAGS missing (-Wl,-z,now): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest "; -is_blhc 'bad-cppflags', '', 4, +is_blhc 'bad-cppflags', '', 8, "CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c test-a.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c test-b.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c test-c.c "; -is_blhc 'bad-ldflags', '', 4, +is_blhc 'bad-ldflags', '', 8, "LDFLAGS missing (-Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.o -ltest "; -is_blhc 'bad-ldflags', '--pie', 4, +is_blhc 'bad-ldflags', '--pie', 8, "CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c LDFLAGS missing (-Wl,-z,relro -fPIE -pie): gcc -o test test-a.o test-b.o test-c.o -ltest "; -is_blhc 'bad-ldflags', '--bindnow', 4, +is_blhc 'bad-ldflags', '--bindnow', 8, "LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest "; -is_blhc 'bad-ldflags', '--pie --bindnow', 4, +is_blhc 'bad-ldflags', '--pie --bindnow', 8, "CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest "; -is_blhc 'bad-multiline', '', 4, +is_blhc 'bad-multiline', '', 8, "CFLAGS missing (-Wformat): gcc \\ -g -O2 -fstack-protector\\ --param=ssp-buffer-size=4 -Wformat-security\\ -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (--param=ssp-buffer-size=4): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security\\ -D_FORTIFY_SOURCE=2\\ -c test-b.c CFLAGS missing (-Werror=format-security): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c @@ -282,7 +282,7 @@ CFLAGS missing (-g -O2 --param=ssp-buffer-size=4 -Wformat -Wformat-security -Wer CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security \\; -Werror=format-security -D_FORTIFY_SOURCE=1 -c test-a.c "; -is_blhc 'bad-library', '--all', 4, +is_blhc 'bad-library', '--all', 8, "CFLAGS missing (-fstack-protector): gcc -D_FORTIFY_SOURCE=2 -g -O2 --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test.c -fPIC -DPIC -o libtest.o LDFLAGS missing (-Wl,-z,now): gcc -shared -fPIC -DPIC libtest.o -lpthread -O2 -Wl,relro -Wl,--as-needed -o libtest.so LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc -shared -fPIC -DPIC libtest.o -lpthread -O2 -Wl,--as-needed -o libtest.so @@ -292,6 +292,21 @@ LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): /usr/bin/g++ -shared -fpic -o libtest "; +# check the build log is verbose + +is_blhc 'verbose-build', '', 5, + "NONVERBOSE BUILD: checking if you want to see long compiling messages... no +NONVERBOSE BUILD: CC libtest-a.lo +NONVERBOSE BUILD: CC libtest-b.lo +NONVERBOSE BUILD: CC libtest_c.lo +NONVERBOSE BUILD: CC libtest-d.lo +NONVERBOSE BUILD: CCLD libtest.la +NONVERBOSE BUILD: CC modules/server/test.c +NONVERBOSE BUILD: [ 22%] Building CXX object src/CMakeFiles/test/test.cpp.o +No compiler commands! +"; + + # configure is_blhc 'configure', '', 0, @@ -300,7 +315,7 @@ is_blhc 'configure', '', 0, # cc -is_blhc 'cc', '--pie --bindnow', 4, +is_blhc 'cc', '--pie --bindnow', 8, "CFLAGS missing (-Wformat -fPIE): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cc CFLAGS missing (-Wformat -fPIE): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): cc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c @@ -318,7 +333,7 @@ is_blhc 'debian', '--all', 1, # c++ -is_blhc 'c++', '--pie --bindnow', 4, +is_blhc 'c++', '--pie --bindnow', 8, "CFLAGS missing (-Wformat -fPIE): c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): c++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp CFLAGS missing (-Werror=format-security -fPIE): c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp @@ -331,7 +346,7 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): c++\\ test.c # g++ -is_blhc 'g++', '--pie --bindnow', 4, +is_blhc 'g++', '--pie --bindnow', 8, "CFLAGS missing (-Wformat -fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): g++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp CFLAGS missing (-Werror=format-security -fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp @@ -342,7 +357,7 @@ LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++ -Wl,-z,defs -o test te # libtool -is_blhc 'libtool', '--bindnow', 4, +is_blhc 'libtool', '--bindnow', 8, "CFLAGS missing (-Wformat -fPIE): /bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.c LDFLAGS missing (-fPIE): libtool: link: g++ -shared test-a.o test-b.o test-b.o test-c.o -O2 -pie -Wl,relro -Wl,now -o test.so LDFLAGS missing (-fPIE -pie -Wl,-z,now): libtool: link: g++ -shared test-a.o test-b.o test-b.o test-c.o -O2 -Wl,relro -o test.so -- 2.49.1