github.com/sirkon/goproxy@v1.4.8/internal/work/security_test.go (about) 1 // Copyright 2018 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package work 6 7 import ( 8 "os" 9 "testing" 10 ) 11 12 var goodCompilerFlags = [][]string{ 13 {"-DFOO"}, 14 {"-Dfoo=bar"}, 15 {"-F/Qt"}, 16 {"-I/"}, 17 {"-I/etc/passwd"}, 18 {"-I."}, 19 {"-O"}, 20 {"-O2"}, 21 {"-Osmall"}, 22 {"-W"}, 23 {"-Wall"}, 24 {"-fobjc-arc"}, 25 {"-fno-objc-arc"}, 26 {"-fomit-frame-pointer"}, 27 {"-fno-omit-frame-pointer"}, 28 {"-fpic"}, 29 {"-fno-pic"}, 30 {"-fPIC"}, 31 {"-fno-PIC"}, 32 {"-fpie"}, 33 {"-fno-pie"}, 34 {"-fPIE"}, 35 {"-fno-PIE"}, 36 {"-fsplit-stack"}, 37 {"-fno-split-stack"}, 38 {"-fstack-xxx"}, 39 {"-fno-stack-xxx"}, 40 {"-fsanitize=hands"}, 41 {"-g"}, 42 {"-ggdb"}, 43 {"-march=souza"}, 44 {"-mcpu=123"}, 45 {"-mfpu=123"}, 46 {"-mtune=happybirthday"}, 47 {"-mstack-overflow"}, 48 {"-mno-stack-overflow"}, 49 {"-mmacosx-version"}, 50 {"-mnop-fun-dllimport"}, 51 {"-pthread"}, 52 {"-std=c99"}, 53 {"-xc"}, 54 {"-D", "FOO"}, 55 {"-D", "foo=bar"}, 56 {"-I", "."}, 57 {"-I", "/etc/passwd"}, 58 {"-I", "世界"}, 59 {"-framework", "Chocolate"}, 60 {"-x", "c"}, 61 {"-v"}, 62 } 63 64 var badCompilerFlags = [][]string{ 65 {"-D@X"}, 66 {"-D-X"}, 67 {"-F@dir"}, 68 {"-F-dir"}, 69 {"-I@dir"}, 70 {"-I-dir"}, 71 {"-O@1"}, 72 {"-Wa,-foo"}, 73 {"-W@foo"}, 74 {"-g@gdb"}, 75 {"-g-gdb"}, 76 {"-march=@dawn"}, 77 {"-march=-dawn"}, 78 {"-std=@c99"}, 79 {"-std=-c99"}, 80 {"-x@c"}, 81 {"-x-c"}, 82 {"-D", "@foo"}, 83 {"-D", "-foo"}, 84 {"-I", "@foo"}, 85 {"-I", "-foo"}, 86 {"-framework", "-Caffeine"}, 87 {"-framework", "@Home"}, 88 {"-x", "--c"}, 89 {"-x", "@obj"}, 90 } 91 92 func TestCheckCompilerFlags(t *testing.T) { 93 for _, f := range goodCompilerFlags { 94 if err := checkCompilerFlags("test", "test", f); err != nil { 95 t.Errorf("unexpected error for %q: %v", f, err) 96 } 97 } 98 for _, f := range badCompilerFlags { 99 if err := checkCompilerFlags("test", "test", f); err == nil { 100 t.Errorf("missing error for %q", f) 101 } 102 } 103 } 104 105 var goodLinkerFlags = [][]string{ 106 {"-Fbar"}, 107 {"-lbar"}, 108 {"-Lbar"}, 109 {"-fpic"}, 110 {"-fno-pic"}, 111 {"-fPIC"}, 112 {"-fno-PIC"}, 113 {"-fpie"}, 114 {"-fno-pie"}, 115 {"-fPIE"}, 116 {"-fno-PIE"}, 117 {"-fsanitize=hands"}, 118 {"-g"}, 119 {"-ggdb"}, 120 {"-march=souza"}, 121 {"-mcpu=123"}, 122 {"-mfpu=123"}, 123 {"-mtune=happybirthday"}, 124 {"-pic"}, 125 {"-pthread"}, 126 {"-Wl,-rpath,foo"}, 127 {"-Wl,-rpath,$ORIGIN/foo"}, 128 {"-Wl,--warn-error"}, 129 {"-Wl,--no-warn-error"}, 130 {"foo.so"}, 131 {"_世界.dll"}, 132 {"./x.o"}, 133 {"libcgosotest.dylib"}, 134 {"-F", "framework"}, 135 {"-l", "."}, 136 {"-l", "/etc/passwd"}, 137 {"-l", "世界"}, 138 {"-L", "framework"}, 139 {"-framework", "Chocolate"}, 140 {"-v"}, 141 {"-Wl,-framework", "-Wl,Chocolate"}, 142 {"-Wl,-framework,Chocolate"}, 143 {"-Wl,-unresolved-symbols=ignore-all"}, 144 } 145 146 var badLinkerFlags = [][]string{ 147 {"-DFOO"}, 148 {"-Dfoo=bar"}, 149 {"-W"}, 150 {"-Wall"}, 151 {"-fobjc-arc"}, 152 {"-fno-objc-arc"}, 153 {"-fomit-frame-pointer"}, 154 {"-fno-omit-frame-pointer"}, 155 {"-fsplit-stack"}, 156 {"-fno-split-stack"}, 157 {"-fstack-xxx"}, 158 {"-fno-stack-xxx"}, 159 {"-mstack-overflow"}, 160 {"-mno-stack-overflow"}, 161 {"-mnop-fun-dllimport"}, 162 {"-std=c99"}, 163 {"-xc"}, 164 {"-D", "FOO"}, 165 {"-D", "foo=bar"}, 166 {"-I", "FOO"}, 167 {"-L", "@foo"}, 168 {"-L", "-foo"}, 169 {"-x", "c"}, 170 {"-D@X"}, 171 {"-D-X"}, 172 {"-I@dir"}, 173 {"-I-dir"}, 174 {"-O@1"}, 175 {"-Wa,-foo"}, 176 {"-W@foo"}, 177 {"-g@gdb"}, 178 {"-g-gdb"}, 179 {"-march=@dawn"}, 180 {"-march=-dawn"}, 181 {"-std=@c99"}, 182 {"-std=-c99"}, 183 {"-x@c"}, 184 {"-x-c"}, 185 {"-D", "@foo"}, 186 {"-D", "-foo"}, 187 {"-I", "@foo"}, 188 {"-I", "-foo"}, 189 {"-l", "@foo"}, 190 {"-l", "-foo"}, 191 {"-framework", "-Caffeine"}, 192 {"-framework", "@Home"}, 193 {"-Wl,-framework,-Caffeine"}, 194 {"-Wl,-framework", "-Wl,@Home"}, 195 {"-Wl,-framework", "@Home"}, 196 {"-Wl,-framework,Chocolate,@Home"}, 197 {"-x", "--c"}, 198 {"-x", "@obj"}, 199 {"-Wl,-rpath,@foo"}, 200 {"../x.o"}, 201 } 202 203 func TestCheckLinkerFlags(t *testing.T) { 204 for _, f := range goodLinkerFlags { 205 if err := checkLinkerFlags("test", "test", f); err != nil { 206 t.Errorf("unexpected error for %q: %v", f, err) 207 } 208 } 209 for _, f := range badLinkerFlags { 210 if err := checkLinkerFlags("test", "test", f); err == nil { 211 t.Errorf("missing error for %q", f) 212 } 213 } 214 } 215 216 func TestCheckFlagAllowDisallow(t *testing.T) { 217 if err := checkCompilerFlags("TEST", "test", []string{"-disallow"}); err == nil { 218 t.Fatalf("missing error for -disallow") 219 } 220 os.Setenv("CGO_TEST_ALLOW", "-disallo") 221 if err := checkCompilerFlags("TEST", "test", []string{"-disallow"}); err == nil { 222 t.Fatalf("missing error for -disallow with CGO_TEST_ALLOW=-disallo") 223 } 224 os.Setenv("CGO_TEST_ALLOW", "-disallow") 225 if err := checkCompilerFlags("TEST", "test", []string{"-disallow"}); err != nil { 226 t.Fatalf("unexpected error for -disallow with CGO_TEST_ALLOW=-disallow: %v", err) 227 } 228 os.Unsetenv("CGO_TEST_ALLOW") 229 230 if err := checkCompilerFlags("TEST", "test", []string{"-Wall"}); err != nil { 231 t.Fatalf("unexpected error for -Wall: %v", err) 232 } 233 os.Setenv("CGO_TEST_DISALLOW", "-Wall") 234 if err := checkCompilerFlags("TEST", "test", []string{"-Wall"}); err == nil { 235 t.Fatalf("missing error for -Wall with CGO_TEST_DISALLOW=-Wall") 236 } 237 os.Setenv("CGO_TEST_ALLOW", "-Wall") // disallow wins 238 if err := checkCompilerFlags("TEST", "test", []string{"-Wall"}); err == nil { 239 t.Fatalf("missing error for -Wall with CGO_TEST_DISALLOW=-Wall and CGO_TEST_ALLOW=-Wall") 240 } 241 242 os.Setenv("CGO_TEST_ALLOW", "-fplugin.*") 243 os.Setenv("CGO_TEST_DISALLOW", "-fplugin=lint.so") 244 if err := checkCompilerFlags("TEST", "test", []string{"-fplugin=faster.so"}); err != nil { 245 t.Fatalf("unexpected error for -fplugin=faster.so: %v", err) 246 } 247 if err := checkCompilerFlags("TEST", "test", []string{"-fplugin=lint.so"}); err == nil { 248 t.Fatalf("missing error for -fplugin=lint.so: %v", err) 249 } 250 }