Support for list file modifier.

--listfile={text file with one file per line} Allows specifying a list of files to be analyzed in a text file.

Support for list file modifier.
--listfile={text file with one file per line} Allows specifying a list of files to be analyzed in a text file.
b4b204d1 · David Suarez · a6df608a · b4b204d1
Commit b4b204d1 authored Aug 03, 2020 by David Suarez
--- a/checksec
+++ b/checksec
@@ -238,6 +238,7 @@ help() {
  echo " ## Checksec Options"
  echo "  --file={file}"
  echo "  --dir={directory}"
+  echo "  --listfile={text file with one file per line}"
  echo "  --proc={process name}"
  echo "  --proc-all"
  echo "  --proc-libs={process ID}"
@@ -1649,6 +1650,54 @@ chk_file () {
  fi
 }

+chk_file_list () {
+
+    if ${extended_checks}; then
+      echo_message "RELRO           STACK CANARY      NX            PIE             SELFRANDO             Clang CFI            SafeStack            RPATH      RUNPATH\tSymbols\t\tFORTIFY\tFortified\tFortifiable\tFILE\n" '' '' '{'
+    else
+      echo_message "RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH\tSymbols\t\tFORTIFY\tFortified\tFortifiable\tFILE\n" '' '' '{'
+    fi
+
+    while IFS="" read -r p || [ -n "$p" ]
+    do
+      CHK_FILE="$p"
+
+      if [[ -z "${CHK_FILE}" ]] ; then
+        printf "\033[31mError: Please provide a valid file.\033[m\n\n"
+      exit 1
+      fi
+
+      # does the file exist?
+      if [[ ! -e "${CHK_FILE}" ]] ; then
+        printf "\033[31mError: The file '%s' does not exist.\033[m\n\n" "${CHK_FILE}"
+        exit 1
+      fi
+
+      # read permissions?
+      if [[ ! -r "${CHK_FILE}" ]] ; then
+        printf "\033[31mError: No read permissions for '%s' (run as root).\033[m\n\n" "${CHK_FILE}"
+        exit 1
+      fi
+
+      # ELF executable?
+      out=$(file "$(readlink -f "${CHK_FILE}")")
+      if [[ ! ${out} =~ ELF ]] ; then
+        printf "\033[31mError: Not an ELF file: "
+        file "${CHK_FILE}"
+        printf "\033[m\n"
+        exit 1
+      fi
+      filecheck "${CHK_FILE}"
+      if [[ "$(find "${CHK_FILE}" \( -perm -004000 -o -perm -002000 \) -type f -print)" ]] ; then
+        echo_message "\033[37;41m${CHK_FILE}\033[m\n" ",${CHK_FILE}\n" " filename='${CHK_FILE}'/>\n" " } }"
+      else
+        echo_message "${CHK_FILE}\n" ",${CHK_FILE}\n" " filename='${CHK_FILE}'/>\n" " } }"
+      fi
+
+    done <${CHK_FILE_LIST}
+
+}
+
 chk_proc_all () {
  cd /proc || exit
  echo_message "* System-wide ASLR" "" "" ""
@@ -1994,6 +2043,11 @@ while getopts "${optspec}" optchar; do
                  OPT=$((OPT + 1))
                  CHK_FUNCTION="chk_file"
                  ;;
+                listfile=*|listfile)
+                  CHK_FILE_LIST=${OPTARG#*=};
+                  OPT=$((OPT + 1))                  
+                  CHK_FUNCTION="chk_file_list"
+                  ;;
                proc-all)
                  OPT=$((OPT + 1))
                  CHK_FUNCTION="chk_proc_all"
@@ -2054,4 +2108,4 @@ for variable in CHK_DIR CHK_FILE CHK_FORTIFY_FILE CHK_FORTIFY_PROC CHK_PROC CHK_
 done

 # call the function
-${CHK_FUNCTION}
+${CHK_FUNCTION}
\ No newline at end of file