-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BA3005.EnableStackClashProtection #379
Conversation
/// An attacker can exploit this confusion to overwrite the stack with the other memory region, or the other way around. | ||
/// Use the compiler flags '-fstack-clash-protection' to enable this. | ||
/// </summary> | ||
public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.BA3005_EnableStackClashProtection_Description }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
} | ||
else | ||
{ | ||
dwarfCompilerCommand = target.GetDwarfCompilerCommand(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
|
||
public override void Analyze(BinaryAnalyzerContext context) | ||
{ | ||
if (!dwarfCompilerCommand.ToLower().Contains("-fstack-clash-protection") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@@ -15,6 +15,8 @@ public static class MetadataConditions | |||
public static readonly string ImageIsBootBinary = SdkResources.MetadataCondition_ImageIsBootBinary; | |||
public static readonly string ImageIs64BitBinary = SdkResources.MetadataCondition_ImageIs64BitBinary; | |||
public static readonly string ElfNotBuiltWithGcc = SdkResources.MetadataCondition_ElfNotBuiltWithGCC; | |||
public static readonly string ElfNotBuiltWithGccV8OrLater = SdkResources.MetadataCondition_ElfNotBuiltWithGccV8OrLater; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed. This style is cool :)
@@ -88,5 +88,45 @@ public void ValidateDwarfV5_WithO2_Split_DebugFileMissing() | |||
binary.GetDwarfVersion().Should().Be(5); | |||
binary.GetLanguage().Should().Be(DwarfLanguage.Unknown); //missing dwo file should not cause exception | |||
} | |||
|
|||
[Fact] | |||
public void ValidateDwarfV5_WithO2_No_Stack_Clash_Protection() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good, removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BA3005.EnableStackClashProtection