github.com/anchore/syft@v1.38.2/syft/file/executable.go

github.com/anchore/syft@v1.38.2/syft/file/executable.go (about)

     1  package file
     2  
     3  type (
     4  	// ExecutableFormat represents the binary executable format type.
     5  	ExecutableFormat string
     6  
     7  	// RelocationReadOnly indicates the RELRO security protection level applied to an ELF binary.
     8  	RelocationReadOnly string
     9  )
    10  
    11  const (
    12  	ELF   ExecutableFormat = "elf"   // Executable and Linkable Format used on Unix-like systems
    13  	MachO ExecutableFormat = "macho" // Mach object file format used on macOS and iOS
    14  	PE    ExecutableFormat = "pe"    // Portable Executable format used on Windows
    15  
    16  	RelocationReadOnlyNone    RelocationReadOnly = "none"    // no RELRO protection
    17  	RelocationReadOnlyPartial RelocationReadOnly = "partial" // partial RELRO protection
    18  	RelocationReadOnlyFull    RelocationReadOnly = "full"    // full RELRO protection
    19  )
    20  
    21  // Executable contains metadata about binary files and their security features.
    22  type Executable struct {
    23  	// Format denotes either ELF, Mach-O, or PE
    24  	Format ExecutableFormat `json:"format" yaml:"format" mapstructure:"format"`
    25  
    26  	// HasExports indicates whether the binary exports symbols.
    27  	HasExports bool `json:"hasExports" yaml:"hasExports" mapstructure:"hasExports"`
    28  
    29  	// HasEntrypoint indicates whether the binary has an entry point function.
    30  	HasEntrypoint bool `json:"hasEntrypoint" yaml:"hasEntrypoint" mapstructure:"hasEntrypoint"`
    31  
    32  	// ImportedLibraries lists the shared libraries required by this executable.
    33  	ImportedLibraries []string `json:"importedLibraries" yaml:"importedLibraries" mapstructure:"importedLibraries"`
    34  
    35  	// ELFSecurityFeatures contains ELF-specific security hardening information when Format is ELF.
    36  	ELFSecurityFeatures *ELFSecurityFeatures `json:"elfSecurityFeatures,omitempty" yaml:"elfSecurityFeatures" mapstructure:"elfSecurityFeatures"`
    37  }
    38  
    39  // ELFSecurityFeatures captures security hardening and protection mechanisms in ELF binaries.
    40  type ELFSecurityFeatures struct {
    41  	// SymbolTableStripped indicates whether debugging symbols have been removed.
    42  	SymbolTableStripped bool `json:"symbolTableStripped" yaml:"symbolTableStripped" mapstructure:"symbolTableStripped"`
    43  
    44  	// StackCanary indicates whether stack smashing protection is enabled.
    45  	StackCanary *bool `json:"stackCanary,omitempty" yaml:"stackCanary" mapstructure:"stackCanary"`
    46  
    47  	// NoExecutable indicates whether NX (no-execute) protection is enabled for the stack.
    48  	NoExecutable bool `json:"nx" yaml:"nx" mapstructure:"nx"`
    49  
    50  	// RelocationReadOnly indicates the RELRO protection level.
    51  	RelocationReadOnly RelocationReadOnly `json:"relRO" yaml:"relRO" mapstructure:"relRO"`
    52  
    53  	// PositionIndependentExecutable indicates whether the binary is compiled as PIE.
    54  	PositionIndependentExecutable bool `json:"pie" yaml:"pie" mapstructure:"pie"`
    55  
    56  	// DynamicSharedObject indicates whether the binary is a shared library.
    57  	DynamicSharedObject bool `json:"dso" yaml:"dso" mapstructure:"dso"`
    58  
    59  	// LlvmSafeStack represents a compiler-based security mechanism that separates the stack into a safe stack for storing return addresses and other critical data, and an unsafe stack for everything else, to mitigate stack-based memory corruption errors
    60  	// see https://clang.llvm.org/docs/SafeStack.html
    61  	LlvmSafeStack *bool `json:"safeStack,omitempty" yaml:"safeStack" mapstructure:"safeStack"`
    62  
    63  	// ControlFlowIntegrity represents runtime checks to ensure a program's control flow adheres to the legal paths determined at compile time, thus protecting against various types of control-flow hijacking attacks
    64  	// see https://clang.llvm.org/docs/ControlFlowIntegrity.html
    65  	LlvmControlFlowIntegrity *bool `json:"cfi,omitempty" yaml:"cfi" mapstructure:"cfi"`
    66  
    67  	// ClangFortifySource is a broad suite of extensions to libc aimed at catching misuses of common library functions
    68  	// see https://android.googlesource.com/platform//bionic/+/d192dbecf0b2a371eb127c0871f77a9caf81c4d2/docs/clang_fortify_anatomy.md
    69  	ClangFortifySource *bool `json:"fortify,omitempty" yaml:"fortify" mapstructure:"fortify"`
    70  
    71  	//// Selfrando provides function order shuffling to defend against ROP and other types of code reuse
    72  	//// see https://github.com/runsafesecurity/selfrando
    73  	// Selfrando *bool `json:"selfrando,omitempty" yaml:"selfrando" mapstructure:"selfrando"`
    74  }