Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Detect ELF security features #2443

Merged
merged 13 commits into from
Feb 2, 2024
Merged

Detect ELF security features #2443

merged 13 commits into from
Feb 2, 2024

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Dec 18, 2023
edited
Loading

This is a PoC for detecting specific ELF security features from discovered binaries (mostly ported from the bash script logic found in checksec). Specifically:

  • stack canaries
  • NX
  • RelRO
  • PIE
  • SafeStack
  • CFI
  • Clang Fortify
  • selfrando (deferred)

This extends the file attributes for that binary in the SBOM with a new Executable section.

Deferred

Closes #2434

@wagoodman wagoodman mentioned this pull request Dec 18, 2023
Closed
wagoodman
wagoodman commented Dec 18, 2023
View reviewed changes
syft/file/executable.go Outdated Show resolved Hide resolved
@wagoodman wagoodman mentioned this pull request Dec 18, 2023
Merged
@wagoodman
add detection of ELF security features
8bce64f 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
fix linting
b83b541 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
update json schema with file executable data
c5b7ea0 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@github-actions github-actions bot added the json-schema Changes the json schema label Jan 15, 2024
@wagoodman
Copy link
Contributor Author

wagoodman commented Jan 15, 2024
edited
Loading

JSON schema diff for reviewers:

# diff schema/json/schema-16.0.0.json schema/json/schema-16.0.1.json
3c3
<   "$id": "anchore.io/schema/syft/json/16.0.0/document",
---
>   "$id": "anchore.io/schema/syft/json/16.0.1/document",
562a563,601
>       ]
>     },
>     "ELFSecurityFeatures": {
>       "properties": {
>         "symbolTableStripped": {
>           "type": "boolean"
>         },
>         "stackCanary": {
>           "type": "boolean"
>         },
>         "nx": {
>           "type": "boolean"
>         },
>         "relRO": {
>           "type": "string"
>         },
>         "pie": {
>           "type": "boolean"
>         },
>         "dso": {
>           "type": "boolean"
>         },
>         "safeStack": {
>           "type": "boolean"
>         },
>         "cfi": {
>           "type": "boolean"
>         },
>         "fortify": {
>           "type": "boolean"
>         }
>       },
>       "type": "object",
>       "required": [
>         "symbolTableStripped",
>         "nx",
>         "relRO",
>         "pie",
>         "dso"
608a648,661
>       ]
>     },
>     "Executable": {
>       "properties": {
>         "format": {
>           "type": "string"
>         },
>         "elfSecurityFeatures": {
>           "$ref": "#/$defs/ELFSecurityFeatures"
>         }
>       },
>       "type": "object",
>       "required": [
>         "format"
635a689,691
>         },
>         "executable": {
>           "$ref": "#/$defs/Executable"

This was referenced Jan 16, 2024
Open
Open
Open
@wagoodman
update expected fixure when no tty present
d481934 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
more detailed differ
6a519a9 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
use json differ
6c5d8e3 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
fix tests
a5a125d 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman marked this pull request as ready for review January 18, 2024 15:29
@wagoodman
Merge remote-tracking branch 'origin/main' into binary-features
4fb5a0e 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
spiffcs
spiffcs reviewed Jan 26, 2024
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I agree with the security features additions and don't have comments about this going in as the first pass for ELF type with extra executable formats to follow.

I had two questions about the schema version and some presentation concerns that are in a few main library catalogers and how we want to look at those going into v1.0

internal/constants.go Outdated Show resolved Hide resolved
syft/file/cataloger/executable/cataloger.go Show resolved Hide resolved
@wagoodman
remove json schema addition
1f2d4ed 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
Merge remote-tracking branch 'origin/main' into binary-features
7891a36 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
Merge remote-tracking branch 'origin/main' into binary-features
dbe7788 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
regenerate json schema
40677a7 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
fix mimtype set ref
6f2084f 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman enabled auto-merge (squash) February 2, 2024 16:43
@wagoodman wagoodman merged commit 3023a5a into main Feb 2, 2024
11 checks passed
@wagoodman wagoodman deleted the binary-features branch February 2, 2024 16:51
@wagoodman wagoodman added this to the Elevate binary artifacts milestone Feb 7, 2024
@BrewTestBot BrewTestBot mentioned this pull request Feb 10, 2024
Merged
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@wagoodman
Detect ELF security features (anchore#2443)
29afe2e 
* add detection of ELF security features

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix linting

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update json schema with file executable data

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update expected fixure when no tty present

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* more detailed differ

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use json differ

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove json schema addition

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* regenerate json schema

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix mimtype set ref

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
json-schema Changes the json schema
Projects
None yet
Milestone
Elevate binary artifacts
Development

Successfully merging this pull request may close these issues.

Identify security-features-of-interest within binaries
2 participants
@wagoodman @spiffcs