search

slimm609 / checksec.sh

Checksec.sh
https://slimm609.github.io/checksec.sh/
Other
1.99k stars 299 forks source link

Shellcheck hook does not detect #212 problem #219

Closed Artoria2e5 closed 1 year ago

Artoria2e5 commented 1 year ago

In #212 we have a case of broken NX caused by an undefined s_readelf variable. This thing is actually caught by shellcheck if you run it on the concatenated script without flags, having the inline annotations take care of everything:

$ ./shellcheck ./checksec

In ./cso.sh line 726:
    if [[ $(${s_readelf} -l "${1}" 2> /dev/null | grep -A 1 'GNU_STACK' | sed 'N;s/\n//g' | grep -Eo "0x[0-9a-f]{16}" | grep -v 0x0000000000000000 | wc -l) -gt 0 ]]; then
            ^----------^ SC2154 (warning): s_readelf is referenced but not assigned.

In ./cso.sh line 1736:
          exit 0
          ^----^ SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).

For more information:
  https://www.shellcheck.net/wiki/SC2154 -- s_readelf is referenced but not a...
  https://www.shellcheck.net/wiki/SC2317 -- Command appears to be unreachable...

(Yes, this is the in-repo version.)

Artoria2e5 commented 1 year ago

Caught a live one! See https://github.com/slimm609/checksec.sh/actions/runs/4337023680/jobs/7572740850.