Commit b4b204d1 authored by David Suarez's avatar David Suarez
Browse files

Support for list file modifier.

--listfile={text file with one file per line}

Allows specifying a list of files to be analyzed in a text file.
parent a6df608a
......@@ -238,6 +238,7 @@ help() {
echo " ## Checksec Options"
echo " --file={file}"
echo " --dir={directory}"
echo " --listfile={text file with one file per line}"
echo " --proc={process name}"
echo " --proc-all"
echo " --proc-libs={process ID}"
......@@ -1649,6 +1650,54 @@ chk_file () {
fi
}
chk_file_list () {
if ${extended_checks}; then
echo_message "RELRO STACK CANARY NX PIE SELFRANDO Clang CFI SafeStack RPATH RUNPATH\tSymbols\t\tFORTIFY\tFortified\tFortifiable\tFILE\n" '' '' '{'
else
echo_message "RELRO STACK CANARY NX PIE RPATH RUNPATH\tSymbols\t\tFORTIFY\tFortified\tFortifiable\tFILE\n" '' '' '{'
fi
while IFS="" read -r p || [ -n "$p" ]
do
CHK_FILE="$p"
if [[ -z "${CHK_FILE}" ]] ; then
printf "\033[31mError: Please provide a valid file.\033[m\n\n"
exit 1
fi
# does the file exist?
if [[ ! -e "${CHK_FILE}" ]] ; then
printf "\033[31mError: The file '%s' does not exist.\033[m\n\n" "${CHK_FILE}"
exit 1
fi
# read permissions?
if [[ ! -r "${CHK_FILE}" ]] ; then
printf "\033[31mError: No read permissions for '%s' (run as root).\033[m\n\n" "${CHK_FILE}"
exit 1
fi
# ELF executable?
out=$(file "$(readlink -f "${CHK_FILE}")")
if [[ ! ${out} =~ ELF ]] ; then
printf "\033[31mError: Not an ELF file: "
file "${CHK_FILE}"
printf "\033[m\n"
exit 1
fi
filecheck "${CHK_FILE}"
if [[ "$(find "${CHK_FILE}" \( -perm -004000 -o -perm -002000 \) -type f -print)" ]] ; then
echo_message "\033[37;41m${CHK_FILE}\033[m\n" ",${CHK_FILE}\n" " filename='${CHK_FILE}'/>\n" " } }"
else
echo_message "${CHK_FILE}\n" ",${CHK_FILE}\n" " filename='${CHK_FILE}'/>\n" " } }"
fi
done <${CHK_FILE_LIST}
}
chk_proc_all () {
cd /proc || exit
echo_message "* System-wide ASLR" "" "" ""
......@@ -1994,6 +2043,11 @@ while getopts "${optspec}" optchar; do
OPT=$((OPT + 1))
CHK_FUNCTION="chk_file"
;;
listfile=*|listfile)
CHK_FILE_LIST=${OPTARG#*=};
OPT=$((OPT + 1))
CHK_FUNCTION="chk_file_list"
;;
proc-all)
OPT=$((OPT + 1))
CHK_FUNCTION="chk_proc_all"
......@@ -2054,4 +2108,4 @@ for variable in CHK_DIR CHK_FILE CHK_FORTIFY_FILE CHK_FORTIFY_PROC CHK_PROC CHK_
done
# call the function
${CHK_FUNCTION}
${CHK_FUNCTION}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment