Documentation
¶
Overview ¶
Package toolchain contains support code for the security.ToolchainOptions test.
Package toolchain contains support code for the security.ToolchainOptions test.
Index ¶
- func CreateNotLinkedVerify(pattern string) func(ef *elf.File) error
- func LoadwxVerify(ef *elf.File) error
- func NowVerify(ef *elf.File) error
- func PieVerify(ef *elf.File) error
- func RelroVerify(ef *elf.File) error
- func StackVerify(ef *elf.File) error
- func TextrelVerify(ef *elf.File) error
- type CheckMode
- type ELFCondition
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateNotLinkedVerify ¶
CreateNotLinkedVerify Condition: Verify all binaries are not linked with |pattern|.
func LoadwxVerify ¶
LoadwxVerify Condition: Verify no binaries have W+X LOAD program headers.
func RelroVerify ¶
RelroVerify Condition: Verify non-static binaries have RELRO program header.
func StackVerify ¶
StackVerify Condition: Verify all binaries have non-exec STACK program header.
func TextrelVerify ¶
TextrelVerify Condition: Verify dynamic ELFs don't include TEXTRELs.
Types ¶
type CheckMode ¶
type CheckMode int
CheckMode specifies what to check for security.ToolchainOptions.
type ELFCondition ¶
type ELFCondition struct {
// contains filtered or unexported fields
}
ELFCondition is a specific condition which is verified against all not-skipped ELF files.
func NewELFCondition ¶
func NewELFCondition(verify func(ef *elf.File) error, w []string) *ELFCondition
NewELFCondition takes a verification function and a list of literal paths to allowlist for that condition and returns a new ELFCondition.
func (*ELFCondition) CheckAndFilter ¶
CheckAndFilter takes in a file and checks it against an ELFCondition, returning an error if the file is not allowed.
Source Files