github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/pkg/cmd/roachtest/build_info.go

github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/pkg/cmd/roachtest/build_info.go (about)

     1  // Copyright 2018 The Cockroach Authors.
     2  //
     3  // Use of this software is governed by the Business Source License
     4  // included in the file licenses/BSL.txt.
     5  //
     6  // As of the Change Date specified in that file, in accordance with
     7  // the Business Source License, use of this software will be governed
     8  // by the Apache License, Version 2.0, included in the file
     9  // licenses/APL.txt.
    10  
    11  package main
    12  
    13  import (
    14  	"context"
    15  	"net/http"
    16  	"os/exec"
    17  
    18  	"github.com/cockroachdb/cockroach/pkg/server/serverpb"
    19  	"github.com/cockroachdb/cockroach/pkg/util/httputil"
    20  )
    21  
    22  func runBuildInfo(ctx context.Context, t *test, c *cluster) {
    23  	c.Put(ctx, cockroach, "./cockroach")
    24  	c.Start(ctx, t)
    25  
    26  	var details serverpb.DetailsResponse
    27  	url := `http://` + c.ExternalAdminUIAddr(ctx, c.Node(1))[0] + `/_status/details/local`
    28  	err := httputil.GetJSON(http.Client{}, url, &details)
    29  	if err != nil {
    30  		t.Fatal(err)
    31  	}
    32  
    33  	bi := details.BuildInfo
    34  	testData := map[string]string{
    35  		"go_version": bi.GoVersion,
    36  		"tag":        bi.Tag,
    37  		"time":       bi.Time,
    38  		"revision":   bi.Revision,
    39  	}
    40  	for key, val := range testData {
    41  		if val == "" {
    42  			t.Fatalf("build info not set for \"%s\"", key)
    43  		}
    44  	}
    45  }
    46  
    47  // runBuildAnalyze performs static analysis on the built binary to
    48  // ensure it's built as expected.
    49  func runBuildAnalyze(ctx context.Context, t *test, c *cluster) {
    50  
    51  	if c.isLocal() {
    52  		// This test is linux-specific and needs to be able to install apt
    53  		// packages, so only run it on dedicated remote VMs.
    54  		t.spec.Skip = "local execution not supported"
    55  		return
    56  	}
    57  
    58  	c.Put(ctx, cockroach, "./cockroach")
    59  
    60  	// 1. Check for executable stack.
    61  	//
    62  	// Executable stack memory is a security risk (not a vulnerability
    63  	// in itself, but makes it easier to exploit other vulnerabilities).
    64  	// Whether or not the stack is executable is a property of the built
    65  	// executable, subject to some subtle heuristics. This test ensures
    66  	// that we're not hitting anything that causes our stacks to become
    67  	// executable.
    68  	//
    69  	// References:
    70  	// https://www.airs.com/blog/archives/518
    71  	// https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
    72  	// https://github.com/cockroachdb/cockroach/issues/37885
    73  
    74  	// There are several ways to do this analysis: `readelf -lW`,
    75  	// `scanelf -qe`, and `execstack -q`. `readelf` is part of binutils,
    76  	// so it's relatively ubiquitous, but we don't have it in the
    77  	// roachtest environment. Since we don't have anything preinstalled
    78  	// we can use, choose `scanelf` for being the simplest to use (empty
    79  	// output indicates everything's fine, non-empty means something
    80  	// bad).
    81  	c.Run(ctx, c.Node(1), "sudo apt-get update")
    82  	c.Run(ctx, c.Node(1), "sudo apt-get -qqy install pax-utils")
    83  
    84  	cmd := exec.CommandContext(ctx, roachprod, "run", c.makeNodes(c.Node(1)), "scanelf -qe cockroach")
    85  	output, err := cmd.Output()
    86  	if err != nil {
    87  		t.Fatalf("scanelf failed: %s", err)
    88  	}
    89  	if len(output) > 0 {
    90  		t.Fatalf("scanelf returned non-empty output (executable stack): %s", string(output))
    91  	}
    92  }