Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect ELF security features #2443

Merged
merged 13 commits into from
Feb 2, 2024
Merged

Detect ELF security features #2443

merged 13 commits into from
Feb 2, 2024

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Dec 18, 2023
edited
Loading

This is a PoC for detecting specific ELF security features from discovered binaries (mostly ported from the bash script logic found in checksec). Specifically:

  • stack canaries
  • NX
  • RelRO
  • PIE
  • SafeStack
  • CFI
  • Clang Fortify
  • selfrando (deferred)

This extends the file attributes for that binary in the SBOM with a new Executable section.

Deferred

Closes #2434

@wagoodman wagoodman mentioned this pull request Dec 18, 2023
Closed
wagoodman
wagoodman commented Dec 18, 2023
View reviewed changes
@wagoodman wagoodman mentioned this pull request Dec 18, 2023
Merged
@github-actions github-actions bot added the json-schema Changes the json schema label Jan 15, 2024
@wagoodman
Copy link
Contributor Author

wagoodman commented Jan 15, 2024
edited
Loading

JSON schema diff for reviewers:

# diff schema/json/schema-16.0.0.json schema/json/schema-16.0.1.json
3c3
<   "$id": "anchore.io/schema/syft/json/16.0.0/document",
---
>   "$id": "anchore.io/schema/syft/json/16.0.1/document",
562a563,601
>       ]
>     },
>     "ELFSecurityFeatures": {
>       "properties": {
>         "symbolTableStripped": {
>           "type": "boolean"
>         },
>         "stackCanary": {
>           "type": "boolean"
>         },
>         "nx": {
>           "type": "boolean"
>         },
>         "relRO": {
>           "type": "string"
>         },
>         "pie": {
>           "type": "boolean"
>         },
>         "dso": {
>           "type": "boolean"
>         },
>         "safeStack": {
>           "type": "boolean"
>         },
>         "cfi": {
>           "type": "boolean"
>         },
>         "fortify": {
>           "type": "boolean"
>         }
>       },
>       "type": "object",
>       "required": [
>         "symbolTableStripped",
>         "nx",
>         "relRO",
>         "pie",
>         "dso"
608a648,661
>       ]
>     },
>     "Executable": {
>       "properties": {
>         "format": {
>           "type": "string"
>         },
>         "elfSecurityFeatures": {
>           "$ref": "#/$defs/ELFSecurityFeatures"
>         }
>       },
>       "type": "object",
>       "required": [
>         "format"
635a689,691
>         },
>         "executable": {
>           "$ref": "#/$defs/Executable"

This was referenced Jan 16, 2024
Open
Open
Open
@wagoodman
more detailed differ
6a519a9 
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman
use json differ
6c5d8e3 
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman
fix tests
a5a125d 
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman wagoodman marked this pull request as ready for review January 18, 2024 15:29
spiffcs
spiffcs reviewed Jan 26, 2024
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I agree with the security features additions and don't have comments about this going in as the first pass for ELF type with extra executable formats to follow.

I had two questions about the schema version and some presentation concerns that are in a few main library catalogers and how we want to look at those going into v1.0

@wagoodman wagoodman enabled auto-merge (squash) February 2, 2024 16:43
@wagoodman wagoodman merged commit 3023a5a into main Feb 2, 2024
11 checks passed
@wagoodman wagoodman deleted the binary-features branch February 2, 2024 16:51
@wagoodman wagoodman added this to the Elevate binary artifacts milestone Feb 7, 2024
@BrewTestBot BrewTestBot mentioned this pull request Feb 10, 2024
Merged
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@wagoodman
Detect ELF security features (anchore#2443)
29afe2e 
* add detection of ELF security features

Signed-off-by: Alex Goodman <[email protected]>

* fix linting

Signed-off-by: Alex Goodman <[email protected]>

* update json schema with file executable data

Signed-off-by: Alex Goodman <[email protected]>

* update expected fixure when no tty present

Signed-off-by: Alex Goodman <[email protected]>

* more detailed differ

Signed-off-by: Alex Goodman <[email protected]>

* use json differ

Signed-off-by: Alex Goodman <[email protected]>

* fix tests

Signed-off-by: Alex Goodman <[email protected]>

* remove json schema addition

Signed-off-by: Alex Goodman <[email protected]>

* regenerate json schema

Signed-off-by: Alex Goodman <[email protected]>

* fix mimtype set ref

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
json-schema Changes the json schema
Projects
None yet
Milestone
Elevate binary artifacts
Development

Successfully merging this pull request may close these issues.

Identify security-features-of-interest within binaries
2 participants
@wagoodman @spiffcs