[contrib] fixup security-check.py Python3 support

2018-03-28 13:37:45 -04:00 · 2018-03-28 13:37:45 -04:00 · 5de2b18c67
parent 624bee9659
commit 5de2b18c67
1 changed files with 22 additions and 22 deletions
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@ -20,38 +20,38 @@ def check_ELF_PIE(executable):
    '''
    Check for position independent executable (PIE), allowing for address space randomization.
    '''
-    p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
+    p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
    (stdout, stderr) = p.communicate()
    if p.returncode:
        raise IOError('Error opening file')

    ok = False
-    for line in stdout.split(b'\n'):
+    for line in stdout.splitlines():
        line = line.split()
-        if len(line)>=2 and line[0] == b'Type:' and line[1] == b'DYN':
+        if len(line)>=2 and line[0] == 'Type:' and line[1] == 'DYN':
            ok = True
    return ok

 def get_ELF_program_headers(executable):
    '''Return type and flags for ELF program headers'''
-    p = subprocess.Popen([READELF_CMD, '-l', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
+    p = subprocess.Popen([READELF_CMD, '-l', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
    (stdout, stderr) = p.communicate()
    if p.returncode:
        raise IOError('Error opening file')
    in_headers = False
    count = 0
    headers = []
-    for line in stdout.split(b'\n'):
-        if line.startswith(b'Program Headers:'):
+    for line in stdout.splitlines():
+        if line.startswith('Program Headers:'):
            in_headers = True
-        if line == b'':
+        if line == '':
            in_headers = False
        if in_headers:
            if count == 1: # header line
-                ofs_typ = line.find(b'Type')
-                ofs_offset = line.find(b'Offset')
-                ofs_flags = line.find(b'Flg')
-                ofs_align = line.find(b'Align')
+                ofs_typ = line.find('Type')
+                ofs_offset = line.find('Offset')
+                ofs_flags = line.find('Flg')
+                ofs_align = line.find('Align')
                if ofs_typ == -1 or ofs_offset == -1 or ofs_flags == -1 or ofs_align  == -1:
                    raise ValueError('Cannot parse elfread -lW output')
            elif count > 1:
@ -68,9 +68,9 @@ def check_ELF_NX(executable):
    have_wx = False
    have_gnu_stack = False
    for (typ, flags) in get_ELF_program_headers(executable):
-        if typ == b'GNU_STACK':
+        if typ == 'GNU_STACK':
            have_gnu_stack = True
-        if b'W' in flags and b'E' in flags: # section is both writable and executable
+        if 'W' in flags and 'E' in flags: # section is both writable and executable
            have_wx = True
    return have_gnu_stack and not have_wx

@ -87,17 +87,17 @@ def check_ELF_RELRO(executable):
        # However, the dynamic linker need to write to this area so these are RW.
        # Glibc itself takes care of mprotecting this area R after relocations are finished.
        # See also http://permalink.gmane.org/gmane.comp.gnu.binutils/71347
-        if typ == b'GNU_RELRO':
+        if typ == 'GNU_RELRO':
            have_gnu_relro = True

    have_bindnow = False
-    p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
+    p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
    (stdout, stderr) = p.communicate()
    if p.returncode:
        raise IOError('Error opening file')
-    for line in stdout.split(b'\n'):
+    for line in stdout.splitlines():
        tokens = line.split()
-        if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2]):
+        if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]):
            have_bindnow = True
    return have_gnu_relro and have_bindnow

@ -105,13 +105,13 @@ def check_ELF_Canary(executable):
    '''
    Check for use of stack canary
    '''
-    p = subprocess.Popen([READELF_CMD, '--dyn-syms', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
+    p = subprocess.Popen([READELF_CMD, '--dyn-syms', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
    (stdout, stderr) = p.communicate()
    if p.returncode:
        raise IOError('Error opening file')
    ok = False
-    for line in stdout.split(b'\n'):
-        if b'__stack_chk_fail' in line:
+    for line in stdout.splitlines():
+        if '__stack_chk_fail' in line:
            ok = True
    return ok

@ -121,13 +121,13 @@ def get_PE_dll_characteristics(executable):
    Returns a tuple (arch,bits) where arch is 'i386:x86-64' or 'i386'
    and bits is the DllCharacteristics value.
    '''
-    p = subprocess.Popen([OBJDUMP_CMD, '-x',  executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
+    p = subprocess.Popen([OBJDUMP_CMD, '-x',  executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True)
    (stdout, stderr) = p.communicate()
    if p.returncode:
        raise IOError('Error opening file')
    arch = ''
    bits = 0
-    for line in stdout.split('\n'):
+    for line in stdout.splitlines():
        tokens = line.split()
        if len(tokens)>=2 and tokens[0] == 'architecture:':
            arch = tokens[1].rstrip(',')