use strict;
use warnings;
-use Test::More tests => 92;
+use Test::More tests => 98;
sub is_blhc {
my ($file, $options, $exit, $expected) = @_;
+ # Multiple files as array references.
+ if (ref $file eq 'ARRAY') {
+ local $" = ' ./t/logs/';
+ $file = "@{$file}";
+ }
+
my $output = `./bin/blhc $options ./t/logs/$file 2>&1`;
if ($options) {
is_blhc 'empty', '--invalid', 2,
'Unknown option: invalid
Usage:
- blhc [options] <dpkg-buildpackage build log file>
+ blhc [options] <dpkg-buildpackage build log file>..
--all force +all (+pie, +bindnow) check
--arch set architecture (autodetected)
# No compiler commands found.
+my $empty = "No compiler commands!\n";
is_blhc 'empty', '', 1,
- "No compiler commands!\n";
+ $empty;
# Correct build logs.
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -Wl,-z,relro -o test test-.cpp test-b.cpp.o
LDFLAGS missing (-Wl,-z,now): gcc -Wl,-z,relro -o test test-.cpp test-b.cpp.o
';
-is_blhc 'bad', '--pie --bindnow', 8,
+my $bad_pie_bindnow =
'CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c
CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -Wl,-z,relro -o test test-.cpp test-b.cpp.o
LDFLAGS missing (-fPIE -pie -Wl,-z,now): gcc -Wl,-z,relro -o test test-.cpp test-b.cpp.o
';
+is_blhc 'bad', '--pie --bindnow', 8,
+ $bad_pie_bindnow;
is_blhc 'bad', '--all', 8,
- 'CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c
-CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-b.c
-CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-c.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-c.c
-LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
-CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
-CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
-CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
-LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): x86_64-linux-gnu-gcc -o test test-a.o test-b.o test-c.o -ltest
-CXXFLAGS missing (-fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
-LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
-LDFLAGS missing (-fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -Wl,-z,relro -o ../src/test/bin/test ../src/test/objs/test.o
-LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a
-LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -c -o test test.s
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -E test.c
-CFLAGS missing (-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc test.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test.c
-LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc test.c
-CXXFLAGS missing (-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -Wl,-z,relro -o test test-.cpp test-b.cpp.o
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -Wl,-z,relro -o test test-.cpp test-b.cpp.o
-LDFLAGS missing (-fPIE -pie -Wl,-z,now): gcc -Wl,-z,relro -o test test-.cpp test-b.cpp.o
-';
+ $bad_pie_bindnow;
is_blhc 'bad-cflags', '', 8,
'CFLAGS missing (-Wformat): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -o test -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test-a.cxx test-b.o test-c.o -Wl,-z,relro
';
-is_blhc 'bad-ldflags', '', 8,
+my $bad_ldflags =
'LDFLAGS missing (-Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.o -ltest
';
+is_blhc 'bad-ldflags', '', 8,
+ $bad_ldflags;
is_blhc 'bad-ldflags', '--pie', 8,
'CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
CFLAGS missing (--param=ssp-buffer-size=4): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security\ -D_FORTIFY_SOURCE=2\ -c test-b.c
CFLAGS missing (-Werror=format-security): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
LDFLAGS missing (-Wl,-z,relro): gcc -o\ test test-c.o test-a.o test-b.o\ -ltest
-LDFLAGS missing (-Wl,-z,relro): gcc -o \ test test-c.o test-b.o test-a.o\
-CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -o \ test test-b.o test-a.o test-c.c\
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o \ test test-b.o test-a.o test-c.c\
-LDFLAGS missing (-Wl,-z,relro): gcc -o \ test test-b.o test-a.o test-c.c\
+LDFLAGS missing (-Wl,-z,relro): gcc -o \ test test-c.o test-b.o test-a.o\
+CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -o \ test test-b.o test-a.o test-c.c\
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o \ test test-b.o test-a.o test-c.c\
+LDFLAGS missing (-Wl,-z,relro): gcc -o \ test test-b.o test-a.o test-c.c\
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c test-a.c
CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -D_FORTIFY_SOURCE=2 -c test-b.c
CFLAGS missing (-Wformat-security -Werror=format-security): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -D_FORTIFY_SOURCE=2 -c test-a.c
# different architectures
-is_blhc 'arch-avr32', '', 8,
+my $arch_avr32 =
'CFLAGS missing (--param=ssp-buffer-size=4): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
';
+is_blhc 'arch-avr32', '', 8,
+ $arch_avr32;
is_blhc 'arch-i386', '', 8,
'CFLAGS missing (-fstack-protector): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
LDFLAGS missing (-Wl,-z,relro): gcc -o test test.o `dpkg-buildflags --get CFLAGS`
';
-is_blhc 'debian-hardening-wrapper', '', 16,
+my $debian_hardening_wrapper =
'HARDENING WRAPPER: no checks possible, aborting
';
+is_blhc 'debian-hardening-wrapper', '', 16,
+ $debian_hardening_wrapper;
# buildd support
CFLAGS missing (-O2): gcc -g -c test-b.c
CFLAGS missing (-O2): gcc -g -c test-c.c
';
+
+# multiple files
+
+is_blhc ['good', 'good-pie', 'good-bindnow', 'good-all', 'good-multiline', 'good-library'], '', 0,
+ '';
+is_blhc ['good-all', 'good-library'], '--all', 0,
+ '';
+
+# No exit when multiple files are specified.
+is_blhc ['bad-ldflags', 'empty', 'arch-avr32', 'debian-hardening-wrapper'], '', 25,
+ $bad_ldflags
+ . $empty
+ . $arch_avr32
+ . $debian_hardening_wrapper
+ ;