scripts: match on exe type over str in security-check.py

pull/23811/head
fanquake 3 years ago
parent 97b2fc03f6
commit feee308401
No known key found for this signature in database
GPG Key ID: 2EEB9F5CC09526C1

@ -180,14 +180,14 @@ def check_control_flow(binary) -> bool:
CHECKS = { CHECKS = {
'ELF': [ lief.EXE_FORMATS.ELF: [
('PIE', check_PIE), ('PIE', check_PIE),
('NX', check_NX), ('NX', check_NX),
('RELRO', check_ELF_RELRO), ('RELRO', check_ELF_RELRO),
('Canary', check_ELF_Canary), ('Canary', check_ELF_Canary),
('separate_code', check_ELF_separate_code), ('separate_code', check_ELF_separate_code),
], ],
'PE': [ lief.EXE_FORMATS.PE: [
('PIE', check_PIE), ('PIE', check_PIE),
('DYNAMIC_BASE', check_PE_DYNAMIC_BASE), ('DYNAMIC_BASE', check_PE_DYNAMIC_BASE),
('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA), ('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA),
@ -195,7 +195,7 @@ CHECKS = {
('RELOC_SECTION', check_PE_RELOC_SECTION), ('RELOC_SECTION', check_PE_RELOC_SECTION),
('CONTROL_FLOW', check_PE_control_flow), ('CONTROL_FLOW', check_PE_control_flow),
], ],
'MACHO': [ lief.EXE_FORMATS.MACHO: [
('PIE', check_PIE), ('PIE', check_PIE),
('NOUNDEFS', check_MACHO_NOUNDEFS), ('NOUNDEFS', check_MACHO_NOUNDEFS),
('NX', check_NX), ('NX', check_NX),
@ -210,7 +210,7 @@ if __name__ == '__main__':
for filename in sys.argv[1:]: for filename in sys.argv[1:]:
try: try:
binary = lief.parse(filename) binary = lief.parse(filename)
etype = binary.format.name etype = binary.format
if etype == lief.EXE_FORMATS.UNKNOWN: if etype == lief.EXE_FORMATS.UNKNOWN:
print(f'{filename}: unknown executable format') print(f'{filename}: unknown executable format')
retval = 1 retval = 1

Loading…
Cancel
Save