Blame SOURCES/check-debug-symbols.py

e7ee69
#!/usr/bin/python3
e7ee69
e7ee69
"""
e7ee69
Check debug symbols are present in shared object and can identify
e7ee69
code.
e7ee69
e7ee69
It starts scanning from a directory and recursively scans all ELF
e7ee69
files found in it for various symbols to ensure all debuginfo is
e7ee69
present and nothing has been stripped.
e7ee69
e7ee69
Usage:
e7ee69
e7ee69
./check-debug-symbols /path/of/dir/to/scan/
e7ee69
e7ee69
e7ee69
Example:
e7ee69
e7ee69
./check-debug-symbols /usr/lib64
e7ee69
"""
e7ee69
e7ee69
# This technique was explained to me by Mark Wielaard (mjw).
e7ee69
e7ee69
import collections
e7ee69
import os
e7ee69
import re
e7ee69
import subprocess
e7ee69
import sys
e7ee69
e7ee69
ScanResult = collections.namedtuple('ScanResult',
e7ee69
                                    'file_name debug_info debug_abbrev file_symbols gnu_debuglink')
e7ee69
e7ee69
e7ee69
def scan_file(file):
e7ee69
    "Scan the provided file and return a ScanResult containing results of the scan."
e7ee69
e7ee69
    # Test for .debug_* sections in the shared object. This is the  main test.
e7ee69
    # Stripped objects will not contain these.
e7ee69
    readelf_S_result = subprocess.run(['eu-readelf', '-S', file],
e7ee69
                                      stdout=subprocess.PIPE, encoding='utf-8', check=True)
e7ee69
    has_debug_info = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_info' in line)
e7ee69
e7ee69
    has_debug_abbrev = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_abbrev' in line)
e7ee69
e7ee69
    # Test FILE symbols. These will most likely be removed by anyting that
e7ee69
    # manipulates symbol tables because it's generally useless. So a nice test
e7ee69
    # that nothing has messed with symbols.
e7ee69
    def contains_file_symbols(line):
e7ee69
        parts = line.split()
e7ee69
        if len(parts) < 8:
e7ee69
            return False
e7ee69
        return \
e7ee69
            parts[2] == '0' and parts[3] == 'FILE' and parts[4] == 'LOCAL' and parts[5] == 'DEFAULT' and \
e7ee69
            parts[6] == 'ABS' and re.match(r'((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx))?', parts[7])
e7ee69
e7ee69
    readelf_s_result = subprocess.run(["eu-readelf", '-s', file],
e7ee69
                                      stdout=subprocess.PIPE, encoding='utf-8', check=True)
e7ee69
    has_file_symbols = any(line for line in readelf_s_result.stdout.split('\n') if contains_file_symbols(line))
e7ee69
e7ee69
    # Test that there are no .gnu_debuglink sections pointing to another
e7ee69
    # debuginfo file. There shouldn't be any debuginfo files, so the link makes
e7ee69
    # no sense either.
e7ee69
    has_gnu_debuglink = any(line for line in readelf_s_result.stdout.split('\n') if '] .gnu_debuglink' in line)
e7ee69
e7ee69
    return ScanResult(file, has_debug_info, has_debug_abbrev, has_file_symbols, has_gnu_debuglink)
e7ee69
e7ee69
def is_elf(file):
e7ee69
    result = subprocess.run(['file', file], stdout=subprocess.PIPE, encoding='utf-8', check=True)
e7ee69
    return re.search(r'ELF 64-bit [LM]SB (?:pie )?(?:executable|shared object)', result.stdout)
e7ee69
e7ee69
def scan_file_if_sensible(file):
e7ee69
    if is_elf(file):
e7ee69
        return scan_file(file)
e7ee69
    return None
e7ee69
e7ee69
def scan_dir(dir):
e7ee69
    results = []
e7ee69
    for root, _, files in os.walk(dir):
e7ee69
        for name in files:
e7ee69
            result = scan_file_if_sensible(os.path.join(root, name))
e7ee69
            if result:
e7ee69
                results.append(result)
e7ee69
    return results
e7ee69
e7ee69
def scan(file):
e7ee69
    file = os.path.abspath(file)
e7ee69
    if os.path.isdir(file):
e7ee69
        return scan_dir(file)
e7ee69
    elif os.path.isfile(file):
e7ee69
        return [scan_file_if_sensible(file)]
e7ee69
e7ee69
def is_bad_result(result):
e7ee69
    return not result.debug_info or not result.debug_abbrev or not result.file_symbols or result.gnu_debuglink
e7ee69
e7ee69
def print_scan_results(results, verbose):
e7ee69
    # print(results)
e7ee69
    for result in results:
e7ee69
        file_name = result.file_name
e7ee69
        found_issue = False
e7ee69
        if not result.debug_info:
e7ee69
            found_issue = True
e7ee69
            print('error: missing .debug_info section in', file_name)
e7ee69
        if not result.debug_abbrev:
e7ee69
            found_issue = True
e7ee69
            print('error: missing .debug_abbrev section in', file_name)
e7ee69
        if not result.file_symbols:
e7ee69
            found_issue = True
e7ee69
            print('error: missing FILE symbols in', file_name)
e7ee69
        if result.gnu_debuglink:
e7ee69
            found_issue = True
e7ee69
            print('error: unexpected .gnu_debuglink section in', file_name)
e7ee69
        if verbose and not found_issue:
e7ee69
            print('OK: ', file_name)
e7ee69
e7ee69
def main(args):
e7ee69
    verbose = False
e7ee69
    files = []
e7ee69
    for arg in args:
e7ee69
        if arg == '--verbose' or arg == '-v':
e7ee69
            verbose = True
e7ee69
        else:
e7ee69
            files.append(arg)
e7ee69
e7ee69
    results = []
e7ee69
    for file in files:
e7ee69
        results.extend(scan(file))
e7ee69
e7ee69
    print_scan_results(results, verbose)
e7ee69
e7ee69
    if any(is_bad_result(result) for result in results):
e7ee69
        return 1
e7ee69
    return 0
e7ee69
e7ee69
e7ee69
if __name__ == '__main__':
e7ee69
    sys.exit(main(sys.argv[1:]))