Skip to content

Commit

Permalink
remove ropgadget module
Browse files Browse the repository at this point in the history
Relates to #8749

Signed-off-by: Konrad Weihmann <[email protected]>
  • Loading branch information
priv-kweihmann committed Apr 25, 2022
1 parent d72c297 commit 664c0c5
Show file tree
Hide file tree
Showing 10 changed files with 0 additions and 316 deletions.
2 changes: 0 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,6 @@ The layer can check on a recipe-level or on an image-level.
| reconbf | security audit tool | https://github.com/HewlettPackard/reconbf | | | x | | | | | | | | | x | | | | | | | x | | |
| reuse | Scan code for license information | https://github.com/fsfe/reuse-tool | | | | x | | | | | | | | | | | | | | x | x | | |
| revive | GO linter | https://github.com/mgechev/revive | | | | x | | | | | | | x | | | | | | | | | x | x |
| ropgadget | Determine ROP exploitability in binaries | https://github.com/JonathanSalwan/ROPgadget | manual enable | | | x | | | | | | | | | | | | x | | | x | | |
| rubycritic | Ruby linter | https://github.com/whitesmith/rubycritic/ | meta-rubygems, manual enable | | | x | | | | | | | | | | | | | | x | | | x |
| safety | Check for known vulnerabilities in python-packages | https://github.com/pyupio/safety | | | | x | | | x | | | | | | | | | | x | | x | | |
| scancode | Scan code for license information | https://github.com/nexB/scancode-toolkit | | | | x | | | | | | | | | | | | | | x | x | | |
Expand Down Expand Up @@ -316,7 +315,6 @@ each tool does have it's own benefits and flaws so don't be mad if you have 10k+
- [reconbf](docs/conf/module/reconbf.md)
- [reuse](docs/conf/module/reuse.md)
- [revive](docs/conf/module/revive.md)
- [ropgadget](docs/conf/module/ropgadget.md)
- [rubycritic](docs/conf/module/rubycritic.md)
- [safety](docs/conf/module/safety.md)
- [scancode](docs/conf/module/scancode.md)
Expand Down
1 change: 0 additions & 1 deletion classes/sca-blacklist.bbclass
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ SCA_BLACKLIST_pysymcheck ?= ""
SCA_BLACKLIST_rats ?= ""
SCA_BLACKLIST_reconbf ?= ""
SCA_BLACKLIST_revive ?= "openssh"
SCA_BLACKLIST_ropgadget ?= "linux-.*"
SCA_BLACKLIST_rubycritic ?= ""
SCA_BLACKLIST_safety ?= ""
SCA_BLACKLIST_scancode ?= ""
Expand Down
1 change: 0 additions & 1 deletion classes/sca-on-recipe.bbclass
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ SCA_ENABLED_MODULES_RECIPE ?= "\
rats \
reuse \
revive \
ropgadget \
rubycritic \
safety \
scancode \
Expand Down
164 changes: 0 additions & 164 deletions classes/sca-ropgadget.bbclass

This file was deleted.

21 changes: 0 additions & 21 deletions docs/casestudy/adv_security.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,26 +114,6 @@ SCA_AVAILABLE_MODULES = "tlv"

in the conf/local.conf-file.

#### Hardening if user defined code is executed

In this case it might be worth a look if your code does have a larger weakness for [ROP](https://en.wikipedia.org/wiki/Return-oriented_programming).
Mostly it can't be fully avoided, but the chances of being exploited by that technique could be mitigated.

The [ropgadget](../conf/module/ropgadget.md) module does scan your code for such pattern.
As there are a large number of occurrences the global loglevel need to be turned to "info" to see all findings.

To active add/set

```bitbake
SCA_AVAILABLE_MODULES = "ropgadget"
SCA_WARNING_LEVEL = "info"
```

in the conf/local.conf-file.

To fix it, try to write the code pattern in a different style so the compiler doesn't translate it into a exploitable pattern.
This might need some time and should be done by an experienced developer.

#### Usage of metrics

Metrics have proven to be quite a good indicator of improvable code.
Expand Down Expand Up @@ -176,7 +156,6 @@ The full applied configuration may look like this
SCA_AVAILABLE_MODULES = "\
gcc \
bitbake \
ropgadget \
tlv \
multimetric \
cppcheck \
Expand Down
68 changes: 0 additions & 68 deletions docs/conf/module/ropgadget.md

This file was deleted.

1 change: 0 additions & 1 deletion files/module_list.csv
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ rats,Check on insecurities in several languages,https://github.com/redNixon/rats
reconbf,security audit tool,https://github.com/HewlettPackard/reconbf,,,x,,,,,,,,,x,,,,,,,x,,
reuse,Scan code for license information,https://github.com/fsfe/reuse-tool,,,,x,,,,,,,,,,,,,,x,x,,
revive,GO linter,https://github.com/mgechev/revive,,,,x,,,,,,,x,,,,,,,,,x,x
ropgadget,Determine ROP exploitability in binaries,https://github.com/JonathanSalwan/ROPgadget,manual enable,,,x,,,,,,,,,,,,x,,,x,,
rubycritic,Ruby linter,https://github.com/whitesmith/rubycritic/,"meta-rubygems, manual enable",,,x,,,,,,,,,,,,,,x,,,x
safety,Check for known vulnerabilities in python-packages,https://github.com/pyupio/safety,,,,x,,,x,,,,,,,,,,x,,x,,
scancode,Scan code for license information,https://github.com/nexB/scancode-toolkit,,,,x,,,,,,,,,,,,,,x,x,,
Expand Down

This file was deleted.

This file was deleted.

1 change: 0 additions & 1 deletion test/lang_standard_03.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ configcheck
lse
lynis
nixauditor
ropgadget
reconbf
sudokiller
systemdlint
Expand Down

0 comments on commit 664c0c5

Please sign in to comment.