Skip to content

C
cwe_checker
Unverified Commit 7687036b by Enkelmann Committed by GitHub
Options

Add Github actions for unit and acceptance tests (#126)

parent d0fbe8b2
Showing with 118 additions and 1 deletions
.github/workflows/acceptance-tests.yml 0 → 100644
name: Acceptance tests
on: [pull_request]
env:
CARGO_TERM_COLOR: always
jobs:
acceptance-tests:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: Build and run docker image for cross compiling
run: |
cd test/artificial_samples
docker build -t cross_compiling .
docker run --rm -v $(pwd)/build:/home/cwe/artificial_samples/build cross_compiling sudo /home/cwe/.local/bin/scons
- uses: actions/setup-java@v1
with:
java-version: "11.0.x"
java-package: jdk
architecture: x64
- name: Install Ghidra
run: |
curl -fSL https://www.ghidra-sre.org/ghidra_9.2.1_PUBLIC_20201215.zip -o ghidra.zip
unzip -q ghidra.zip
mv ghidra_9.2.1_PUBLIC /opt/ghidra
rm ghidra.zip
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- name: Install cwe_checker
run: make all GHIDRA_PATH=/opt/ghidra
- uses: actions-rs/cargo@v1
with:
command: test
args: --no-fail-fast -p acceptance_tests_ghidra -- --show-output --ignored --test-threads 1
.github/workflows/unit-tests.yml 0 → 100644
name: Unit tests
on: [push]
env:
CARGO_TERM_COLOR: always
jobs:
unit-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@v1
with:
command: test
\ No newline at end of file
Makefile
......@@ -34,6 +34,11 @@ else
cargo test --no-fail-fast -p acceptance_tests_ghidra -- --show-output --ignored
endif
compile_test_files:
cd test/artificial_samples \
&& docker build -t cross_compiling . \
&& docker run --rm -v $(pwd)/build:/home/cwe/artificial_samples/build cross_compiling sudo /home/cwe/.local/bin/scons
codestyle-check:
cargo fmt -- --check
cargo clippy -- -D clippy::all
......
cwe_checker_rs/src/checkers/cwe_243.rs
......@@ -143,8 +143,12 @@ pub fn check_cwe(
if let Some(chdir_tid) =
find_symbol(&project.program, "chdir").map(|(tid, _)| tid.clone())
{
if graph.neighbors(node).count() > 1 {
panic!("Malformed Control flow graph: More than one edge for extern function call")
}
let chroot_return_to_node = graph.neighbors(node).next().unwrap();
// If chdir is called after chroot, we assume a secure chroot jail.
if is_sink_call_reachable_from_source_call(graph, node, &chroot_tid, &chdir_tid)
if is_sink_call_reachable_from_source_call(graph, chroot_return_to_node, &chroot_tid, &chdir_tid)
.is_none()
{
// If chdir is not called after chroot, it has to be called before it.
......
test/artificial_samples/Dockerfile 0 → 100644
FROM ubuntu:xenial
RUN apt-get -y update \
&& apt-get install -y sudo \
&& useradd -m cwe \
&& echo "cwe:cwe" | chpasswd \
&& adduser cwe sudo \
&& sed -i.bkp -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers
USER cwe
RUN sudo apt-get install python-pip apt-utils -y
RUN pip install --upgrade pip
RUN pip install scons
ENV PATH="/home/cwe/.local/bin/:${PATH}"
COPY . /home/cwe/artificial_samples/
WORKDIR /home/cwe/artificial_samples/
RUN ./install_cross_compilers.sh
# RUN sudo /home/cwe/.local/bin/scons
\ No newline at end of file
test/artificial_samples/Readme.md 0 → 100644
# Test binaries for the acceptance test suite
For the acceptance test suite of the *cwe_checker*,
the C-files inside this directory have to be compiled for a variety of CPU architectures and C-compilers.
The provided dockerfile should be used for the build process.
## Prerequisites
- Have Docker installed on your system
## Build commands
Inside this directory run the following commands:
```shell
docker build -t cross_compiling .
docker run --rm -v $(pwd)/build:/home/cwe/artificial_samples/build cross_compiling sudo /home/cwe/.local/bin/scons
```
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment