diff --git a/Cargo.lock b/Cargo.lock index d020a3b..773eb68 100755 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "aho-corasick" -version = "1.0.2" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43f6cb1bf222025340178f382c426f13757b2960e89779dfcb319c32542a5a41" +checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" dependencies = [ "memchr", ] @@ -19,7 +19,7 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "binary-security-check" -version = "1.2.11" +version = "1.2.12" dependencies = [ "docopt", "goblin", @@ -37,60 +37,39 @@ dependencies = [ "thiserror", ] -[[package]] -name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "crossbeam-channel" -version = "0.5.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200" -dependencies = [ - "cfg-if", - "crossbeam-utils", -] - [[package]] name = "crossbeam-deque" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", - "memoffset", - "scopeguard", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "deranged" -version = "0.3.7" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7684a49fb1af197853ef7b2ee694bc1f5b4179556f1e5710e1760c5db6f5e929" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" +dependencies = [ + "powerfmt", +] [[package]] name = "docopt" @@ -112,26 +91,20 @@ checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" [[package]] name = "goblin" -version = "0.7.1" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f27c1b4369c2cd341b5de549380158b105a04c331be5db9110eef7b6d2742134" +checksum = "bb07a4ffed2093b118a525b1d8f5204ae274faed5604537caf7135d0f18d9887" dependencies = [ "log", "plain", "scroll", ] -[[package]] -name = "hermit-abi" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" - [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "lazy_static" @@ -141,21 +114,21 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.147" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "log" -version = "0.4.19" +version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "memchr" -version = "2.5.0" +version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" +checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" [[package]] name = "memmap" @@ -176,16 +149,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "num_cpus" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" -dependencies = [ - "hermit-abi", - "libc", -] - [[package]] name = "num_threads" version = "0.1.6" @@ -201,29 +164,35 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6" +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.32" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50f3b39ccfb720540debaa0164757101c08ecb8d326b15358ce76a62c7e85965" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] [[package]] name = "rayon" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d2df5196e37bcc87abebc0053e20787d73847bb33134a69841207dd0a47f03b" +checksum = "fa7237101a77a10773db45d62004a272517633fbcc3df19d96455ede1122e051" dependencies = [ "either", "rayon-core", @@ -231,21 +200,19 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.11.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ - "crossbeam-channel", "crossbeam-deque", "crossbeam-utils", - "num_cpus", ] [[package]] name = "regex" -version = "1.9.3" +version = "1.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81bc1d4caf89fac26a70747fe603c130093b53c773888797a6329091246d651a" +checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" dependencies = [ "aho-corasick", "memchr", @@ -255,9 +222,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.6" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fed1ceff11a1dddaee50c9dc8e4938bd106e9d89ae372f192311e7da498e3b69" +checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" dependencies = [ "aho-corasick", "memchr", @@ -266,30 +233,24 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.7.4" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5ea92a5b6195c6ef2a0295ea818b312502c6fc94dde986c5553242e18fd4ce2" - -[[package]] -name = "scopeguard" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "scroll" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04c565b551bafbef4157586fa379538366e4385d42082f255bfd96e4fe8519da" +checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.11.1" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1db149f81d46d2deba7cd3c50772474707729550221e69588478ebf9ada425ae" +checksum = "7f81c2fde025af7e69b1d1420531c8a8811ca898919db177141a85313b1cb932" dependencies = [ "proc-macro2", "quote", @@ -298,18 +259,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.183" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32ac8da02677876d532745a130fc9d8e6edfa81a269b107c5b00829b91d8eb3c" +checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.183" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aafe972d60b0b9bee71a91b92fee2d4fb3c9d7e8f6b179aa99f27203d99a4816" +checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" dependencies = [ "proc-macro2", "quote", @@ -335,9 +296,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "syn" -version = "2.0.28" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04361975b3f5e348b2189d8dc55bc942f278b2d482a6a0365de5bdd62d351567" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" dependencies = [ "proc-macro2", "quote", @@ -355,18 +316,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.44" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "611040a08a0439f8248d1990b111c95baa9c704c805fa1f62104b39655fd7f90" +checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.44" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "090198534930841fab3a5d1bb637cde49e339654e606195f8d9c76eeb081dc96" +checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", @@ -375,14 +336,15 @@ dependencies = [ [[package]] name = "time" -version = "0.3.25" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0fdd63d58b18d663fbdf70e049f00a22c8e42be082203be7f26589213cd75ea" +checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e" dependencies = [ "deranged", "itoa", "libc", "num_threads", + "powerfmt", "serde", "time-core", "time-macros", @@ -390,24 +352,24 @@ dependencies = [ [[package]] name = "time-core" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" +checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.11" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb71511c991639bb078fd5bf97757e03914361c48100d52878b8e52b46fb92cd" +checksum = "26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f" dependencies = [ "time-core", ] [[package]] name = "unicode-ident" -version = "1.0.11" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "winapi" @@ -427,9 +389,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" dependencies = [ "winapi", ] diff --git a/Cargo.toml b/Cargo.toml index f466828..05d4455 100755 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ [package] name = "binary-security-check" -version = "1.2.11" +version = "1.2.12" authors = ["Koutheir Attouchi "] license = "MIT" description = "Analyzer of security features in executable binaries" @@ -39,13 +39,13 @@ overflow-checks = true [dependencies] docopt = { version = "1.1" } thiserror = { version = "1.0" } -goblin = { version = "0.7" } +goblin = { version = "0.8" } lazy_static = { version = "1.4" } log = { version = "0.4" } memmap = { version = "0.7" } -rayon = { version = "1.7" } -regex = { version = "1.9" } -scroll = { version = "0.11" } +rayon = { version = "1.8" } +regex = { version = "1.10" } +scroll = { version = "0.12" } serde = { version = "1.0" } serde_derive = { version = "1.0" } simplelog = { version = "0.12" } diff --git a/LICENSE.txt b/LICENSE.txt index c1a83a8..708138e 100755 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2018-2023 Koutheir Attouchi. +Copyright (c) 2018-2024 Koutheir Attouchi. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/src/archive/mod.rs b/src/archive/mod.rs index df6b0ea..748c0ac 100755 --- a/src/archive/mod.rs +++ b/src/archive/mod.rs @@ -41,12 +41,14 @@ pub fn has_stack_protection( /// - [`__stack_chk_fail`](http://refspecs.linux-foundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/baselib---stack-chk-fail-1.html). /// - `__stack_chk_fail_local` is present in `libc` when it is stack-protected. fn member_has_stack_protection(member_name: &str, bytes: &[u8]) -> Result { - let obj = goblin::Object::parse(bytes).map_err(|source| Error::Goblin { + use goblin::Object; + + let obj = Object::parse(bytes).map_err(|source| Error::Goblin { operation: "goblin::Object::parse", source, })?; - if let goblin::Object::Elf(elf) = obj { + if let Object::Elf(elf) = obj { // elf.is_object_file() debug!("Format of archive member '{}' is 'ELF'.", member_name); // `r` is `true` if any named function or an unspecified-type symbol is diff --git a/src/elf/needed_libc.rs b/src/elf/needed_libc.rs index 9b9a2db..876b7b4 100755 --- a/src/elf/needed_libc.rs +++ b/src/elf/needed_libc.rs @@ -125,9 +125,16 @@ impl NeededLibC { path: path.as_ref().into(), }), - _ => Err(Error::UnexpectedBinaryFormat { - expected: "ELF", - name: path.as_ref().into(), + goblin::Object::PE(_) | goblin::Object::Mach(_) | goblin::Object::Archive(_) => { + Err(Error::UnexpectedBinaryFormat { + expected: "ELF", + name: path.as_ref().into(), + }) + } + + _ => Err(Error::UnsupportedBinaryFormat { + format: "Unknown".into(), + path: path.as_ref().into(), }), } } @@ -197,7 +204,7 @@ lazy_static::lazy_static! { } fn init_known_libc_pattern() -> Regex { - RegexBuilder::new(r#"\blib(c|bionic)\b[^/]+$"#) + RegexBuilder::new(r"\blib(c|bionic)\b[^/]+$") .case_insensitive(true) .multi_line(false) .dot_matches_new_line(false) diff --git a/src/main.rs b/src/main.rs index 0b07cb6..d5be82a 100755 --- a/src/main.rs +++ b/src/main.rs @@ -5,8 +5,9 @@ // or distributed except according to those terms. #![doc = include_str!("../README.md")] -/* -#![warn(clippy::all, clippy::pedantic, clippy::restriction)] +#![warn(unsafe_op_in_unsafe_fn)] +#![warn(clippy::all, clippy::pedantic)] +//#![warn(clippy::restriction)] #![allow( clippy::upper_case_acronyms, clippy::unnecessary_wraps, @@ -19,9 +20,12 @@ clippy::mod_module_files, clippy::expect_used, clippy::module_name_repetitions, - clippy::unwrap_in_result + clippy::unwrap_in_result, + clippy::min_ident_chars, + clippy::single_char_lifetime_names, + clippy::single_call_fn, + clippy::absolute_paths )] -*/ mod archive; mod cmdline; @@ -86,6 +90,8 @@ type SuccessResults<'args> = Vec<(&'args PathBuf, ColorBuffer)>; type ErrorResults<'args> = Vec<(&'args PathBuf, Error)>; fn run<'args>() -> Result<(SuccessResults<'args>, ErrorResults<'args>)> { + use rayon::iter::Either; + let icb_stdout = ColorBuffer::for_stdout(); let result: (Vec<_>, Vec<_>) = ARGS @@ -103,9 +109,9 @@ fn run<'args>() -> Result<(SuccessResults<'args>, ErrorResults<'args>)> { }) .partition_map(|(path, out, result)| match result { // On success, retain the path and output buffer, discard the result. - Ok(_) => ::rayon::iter::Either::Left((path, out)), + Ok(()) => Either::Left((path, out)), // On error, retain the path and error, discard the output buffer. - Err(r) => ::rayon::iter::Either::Right((path, r)), + Err(r) => Either::Right((path, r)), }); Ok(result) @@ -150,20 +156,22 @@ fn init_logging() -> Result<()> { } fn process_file(path: &impl AsRef, color_buffer: &mut termcolor::Buffer) -> Result<()> { + use goblin::Object; + let parser = BinaryParser::open(path.as_ref())?; let results = match parser.object() { - goblin::Object::Elf(_elf) => { + Object::Elf(_elf) => { debug!("Binary file format is 'ELF'."); elf::analyze_binary(&parser) } - goblin::Object::PE(_pe) => { + Object::PE(_pe) => { debug!("Binary file format is 'PE'."); pe::analyze_binary(&parser) } - goblin::Object::Mach(_mach) => { + Object::Mach(_mach) => { debug!("Binary file format is 'MACH'."); Err(Error::UnsupportedBinaryFormat { format: "MACH".into(), @@ -171,12 +179,14 @@ fn process_file(path: &impl AsRef, color_buffer: &mut termcolor::Buffer) - }) } - goblin::Object::Archive(_archive) => { + Object::Archive(_archive) => { debug!("Binary file format is 'Archive'."); archive::analyze_binary(&parser) } - goblin::Object::Unknown(_magic) => Err(Error::UnknownBinaryFormat(path.as_ref().into())), + Object::Unknown(_magic) => Err(Error::UnknownBinaryFormat(path.as_ref().into())), + + _ => Err(Error::UnknownBinaryFormat(path.as_ref().into())), }?; // Print results in the color buffer. diff --git a/src/options/status.rs b/src/options/status.rs index ad3515e..5afe3da 100755 --- a/src/options/status.rs +++ b/src/options/status.rs @@ -179,6 +179,7 @@ impl ELFFortifySourceStatus { _pin: PhantomPinned, }); + // SAFETY: // `result` is now allocated, initialized and pinned on the heap. // Its location is therefore stable, and we can store references to it // in other places. diff --git a/src/parser.rs b/src/parser.rs index d70100a..9e29b53 100755 --- a/src/parser.rs +++ b/src/parser.rs @@ -37,6 +37,7 @@ impl BinaryParser { _pin: PhantomPinned, }); + // SAFETY: // `result` is now allocated, initialized and pinned on the heap. // Its location is therefore stable, and we can store references to it // in other places. diff --git a/src/pe/mod.rs b/src/pe/mod.rs index 8ec093f..5334929 100755 --- a/src/pe/mod.rs +++ b/src/pe/mod.rs @@ -328,7 +328,12 @@ fn has_safe_seh_handlers(parser: &BinaryParser, pe: &goblin::pe::PE) -> Option 0) .and_then(|load_config_table| { @@ -341,7 +346,7 @@ fn has_safe_seh_handlers(parser: &BinaryParser, pe: &goblin::pe::PE) -> Option= section.virtual_address) && (load_config_table_end