Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shellcheck hook does not detect #212 problem #219

Closed
Artoria2e5 opened this issue Mar 5, 2023 · 1 comment · Fixed by #220
Closed

Shellcheck hook does not detect #212 problem #219

Artoria2e5 opened this issue Mar 5, 2023 · 1 comment · Fixed by #220

Comments

@Artoria2e5
Copy link
Contributor

Artoria2e5 commented Mar 5, 2023
edited
Loading

In #212 we have a case of broken NX caused by an undefined s_readelf variable. This thing is actually caught by shellcheck if you run it on the concatenated script without flags, having the inline annotations take care of everything:

$ ./shellcheck ./checksec

In ./cso.sh line 726:
    if [[ $(${s_readelf} -l "${1}" 2> /dev/null | grep -A 1 'GNU_STACK' | sed 'N;s/\n//g' | grep -Eo "0x[0-9a-f]{16}" | grep -v 0x0000000000000000 | wc -l) -gt 0 ]]; then
            ^----------^ SC2154 (warning): s_readelf is referenced but not assigned.


In ./cso.sh line 1736:
          exit 0
          ^----^ SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).

For more information:
  https://www.shellcheck.net/wiki/SC2154 -- s_readelf is referenced but not a...
  https://www.shellcheck.net/wiki/SC2317 -- Command appears to be unreachable...

(Yes, this is the in-repo version.)
Artoria2e5 added a commit to Artoria2e5/checksec.sh that referenced this issue Mar 5, 2023
@Artoria2e5
pre-commit-config: only run shellcheck on the final thing
c822a86 
Doing so actually gives stronger detection of problems. Fix slimm609#219.
@Artoria2e5 Artoria2e5 mentioned this issue Mar 5, 2023
Merged
@Artoria2e5
Copy link
Contributor Author

Caught a live one! See https://github.com/slimm609/checksec.sh/actions/runs/4337023680/jobs/7572740850.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pre-commit-config: only run shellcheck on the final thing Artoria2e5/checksec.sh
1 participant
@Artoria2e5