From 7c8a21c21f01277df7eab8e15454eea4047b4fa8 Mon Sep 17 00:00:00 2001 From: Brian Davis Date: Thu, 22 Aug 2024 20:03:29 -0400 Subject: [PATCH] add fortifyProc - add fortifyProc - update to ensure args are provided for input --- .github/workflows/pull_request.yml | 5 ++- cmd/fortifyFile.go | 6 +++ cmd/fortifyProc.go | 63 ++++++++++++++++++++++++------ cmd/kernel.go | 10 ----- cmd/procLibs.go | 10 ----- 5 files changed, 62 insertions(+), 32 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index a47457b..7246fd3 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -19,4 +19,7 @@ jobs: exit 1 fi - name: ubuntu checksec - run: docker-compose run checksec-ubuntu + run: | + curl -L "https://github.com/docker/compose/releases/download/v2.29.2/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose + docker-compose run checksec-ubuntu diff --git a/cmd/fortifyFile.go b/cmd/fortifyFile.go index b2c201d..c19cb61 100644 --- a/cmd/fortifyFile.go +++ b/cmd/fortifyFile.go @@ -3,6 +3,8 @@ package cmd import ( "checksec/pkg/checksec" "checksec/pkg/utils" + "fmt" + "os" "github.com/spf13/cobra" ) @@ -12,6 +14,10 @@ var fortifyFileCmd = &cobra.Command{ Use: "fortifyFile", Short: "Check Fortify for binary file", Run: func(cmd *cobra.Command, args []string) { + if len(args) != 1 { + fmt.Printf("Error: no filename provided") + os.Exit(1) + } file := args[0] utils.CheckElfExists(file) diff --git a/cmd/fortifyProc.go b/cmd/fortifyProc.go index e730c62..ad769df 100644 --- a/cmd/fortifyProc.go +++ b/cmd/fortifyProc.go @@ -1,7 +1,11 @@ package cmd import ( + "checksec/pkg/checksec" + "checksec/pkg/utils" "fmt" + "os" + "path/filepath" "github.com/spf13/cobra" ) @@ -11,20 +15,57 @@ var fortifyProcCmd = &cobra.Command{ Use: "fortifyProc", Short: "Check Fortify for running process", Run: func(cmd *cobra.Command, args []string) { - fmt.Println("fortifyProc called") + if len(args) != 1 { + fmt.Printf("Error: no process id provided") + os.Exit(1) + } + proc := args[0] + + file, err := os.Readlink(filepath.Join("/proc", proc, "exe")) + if err != nil { + fmt.Printf("Error: Pid %s not found", proc) + os.Exit(1) + } + + utils.CheckElfExists(file) + binary := utils.GetBinary(file) + fortify := checksec.Fortify(file, binary) + output := []interface{}{ + map[string]interface{}{ + "name": file, + "checks": map[string]interface{}{ + "fortify_source": fortify.Output, + "fortified": fortify.Fortified, + "fortifyable": fortify.Fortifiable, + "noFortify": fortify.NoFortify, + "libcSupport": fortify.LibcSupport, + "numLibcFunc": fortify.NumLibcFunc, + "numFileFunc": fortify.NumFileFunc, + }, + }, + } + color := []interface{}{ + map[string]interface{}{ + "name": file, + "checks": map[string]interface{}{ + "fortified": fortify.Fortified, + "fortifiedColor": "unset", + "noFortify": fortify.NoFortify, + "fortifyable": fortify.Fortifiable, + "fortifyableColor": "unset", + "fortify_source": fortify.Output, + "fortify_sourceColor": fortify.Color, + "libcSupport": fortify.LibcSupport, + "libcSupportColor": fortify.LibcSupportColor, + "numLibcFunc": fortify.NumLibcFunc, + "numFileFunc": fortify.NumFileFunc, + }, + }, + } + utils.FortifyPrinter(outputFormat, output, color) }, } func init() { rootCmd.AddCommand(fortifyProcCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // fortifyProcCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // fortifyProcCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") } diff --git a/cmd/kernel.go b/cmd/kernel.go index 75024b5..0edc121 100644 --- a/cmd/kernel.go +++ b/cmd/kernel.go @@ -27,14 +27,4 @@ var kernelCmd = &cobra.Command{ func init() { rootCmd.AddCommand(kernelCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // kernelCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // kernelCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") } diff --git a/cmd/procLibs.go b/cmd/procLibs.go index 351ffc3..f3b12f0 100644 --- a/cmd/procLibs.go +++ b/cmd/procLibs.go @@ -17,14 +17,4 @@ var procLibsCmd = &cobra.Command{ func init() { rootCmd.AddCommand(procLibsCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // procLibsCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // procLibsCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") }