Skip to content

Commit a445058

Browse files
security-check.py update
1 parent a8dbcd7 commit a445058

1 file changed

Lines changed: 23 additions & 2 deletions

File tree

contrib/devtools/security-check.py

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -177,13 +177,29 @@ def check_PE_NX(executable):
177177
]
178178
}
179179

180-
def identify_executable(executable):
180+
def identify_executable(filename):
181181
with open(filename, 'rb') as f:
182182
magic = f.read(4)
183+
184+
# Windows PE
183185
if magic.startswith(b'MZ'):
184186
return 'PE'
185-
elif magic.startswith(b'\x7fELF'):
187+
188+
# Linux ELF
189+
if magic.startswith(b'\x7fELF'):
186190
return 'ELF'
191+
192+
# macOS Mach-O (32/64-bit, swapped and unswapped)
193+
MACHO_MAGICS = [
194+
b'\xfe\xed\xfa\xce', # 32-bit Mach-O
195+
b'\xce\xfa\xed\xfe', # 32-bit reverse byte order
196+
b'\xfe\xed\xfa\xcf', # 64-bit Mach-O
197+
b'\xcf\xfa\xed\xfe', # 64-bit reverse byte order
198+
]
199+
200+
if magic in MACHO_MAGICS:
201+
return 'MACHO' # <- added type
202+
187203
return None
188204

189205
if __name__ == '__main__':
@@ -196,6 +212,11 @@ def identify_executable(executable):
196212
retval = 1
197213
continue
198214

215+
# Skip Mach-O (macOS)
216+
if etype == 'MACHO':
217+
print('%s: skipping macOS Mach-O binary (no checks available)' % filename)
218+
continue
219+
199220
failed = []
200221
warning = []
201222
for (name, func) in CHECKS[etype]:

0 commit comments

Comments
 (0)