checksec 0.0.6

Fast multi-platform (ELF/PE/MachO) binary checksec command line utility and library.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252

//! Implements checksec for MachO binaries
#[cfg(feature = "color")]
use colored::*;
use goblin::mach::load_command::CommandVariant;
use goblin::mach::MachO;
use serde::{Deserialize, Serialize};
use std::fmt;

#[cfg(feature = "color")]
use crate::colorize_bool;
//use crate::shared::{Rpath, VecRpath};

const MH_ALLOW_STACK_EXECUTION: u32 = 0x0002_0000;
const MH_PIE: u32 = 0x0020_0000;
const MH_NO_HEAP_EXECUTION: u32 = 0x0100_0000;

/// Checksec result struct for MachO32/64 binaries
///
/// **Example**
///
/// ```rust
/// use checksec::macho::MachOCheckSecResults;
/// use goblin::mach::MachO;
/// use std::fs;
///
/// pub fn print_results(binary: &String) {
///     if let Ok(fp) = fs::File::open(&binary) {
///         if let Ok(buf) = fs::read(fp) {
///             if let Ok(macho) = MachO::parse(&buf) {
///                 println!("{:#?}", MachOCheckSecResults::parse(&macho));
///             }
///         }
///     }
/// }
/// ```
#[derive(Debug, Deserialize, Serialize)]
pub struct MachOCheckSecResults {
    /// Automatic Reference Counting
    pub arc: bool,
    /// Stack Canary
    pub canary: bool,
    /// Code Signature (codesign)
    pub code_signature: bool,
    /// Encrypted (LC_ENCRYPTION_INFO/LC_ENCRYPTION_INFO_64)
    pub encrypted: bool,
    /// Non-Executable Heap (MH_NO_HEAP_EXECUTION)
    pub nx_heap: bool,
    /// Non-Executable Stack (MH_ALLOW_STACK_EXECUTION)
    pub nx_stack: bool,
    /// Position Independent Executable (MH_PIE)
    pub pie: bool,
    /// Restrict segment
    pub restrict: bool,
    /// Load Command @rpath
    //rpath: VecRpath,
    pub rpath: bool,
}
impl MachOCheckSecResults {
    pub fn parse(macho: &MachO) -> MachOCheckSecResults {
        MachOCheckSecResults {
            arc: macho.has_arc(),
            canary: macho.has_canary(),
            code_signature: macho.has_code_signature(),
            encrypted: macho.has_encrypted(),
            nx_heap: macho.has_nx_heap(),
            nx_stack: macho.has_nx_stack(),
            pie: macho.has_pie(),
            restrict: macho.has_restrict(),
            rpath: macho.has_rpath(),
        }
    }
}
#[cfg(not(feature = "color"))]
impl fmt::Display for MachOCheckSecResults {
    /// Colorized human readable format output
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "ARC: {} Canary: {} Code Signature: {} Encryption: {} \
            NX Heap: {} NX Stack: {} PIE: {} Restrict: {} \
            RPath: {}",
            self.arc,
            self.canary,
            self.code_signature,
            self.encrypted,
            self.nx_heap,
            self.nx_stack,
            self.pie,
            self.restrict,
            self.rpath
        )
    }
}

#[cfg(feature = "color")]
impl fmt::Display for MachOCheckSecResults {
    /// Colorized human readable format output
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "{} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {}",
            "ARC:".bold(),
            colorize_bool!(self.arc),
            "Canary:".bold(),
            colorize_bool!(self.canary),
            "Code Signature:".bold(),
            colorize_bool!(self.code_signature),
            "Encrypted:".bold(),
            colorize_bool!(self.encrypted),
            "NX Heap:".bold(),
            colorize_bool!(self.nx_heap),
            "NX Stack:".bold(),
            colorize_bool!(self.nx_stack),
            "PIE:".bold(),
            colorize_bool!(self.pie),
            "Restrict:".bold(),
            colorize_bool!(self.restrict),
            "RPath:".bold(),
            //self.rpath
            colorize_bool!(self.rpath)
        )
    }
}

/// checksec Trait implementation for
/// [goblin::mach::MachO](https://docs.rs/goblin/latest/goblin/mach/struct.MachO.html)
///
/// **Example**
///
/// ```rust
/// use checksec::macho::MachOProperties;
/// use goblin::mach::MachO;
/// use std::fs;
///
/// pub fn print_results(binary: &String) {
///     if let Ok(fp) = fs::File::open(&binary) {
///         if let Ok(buf) = fs::read(fp) {
///             if let Ok(macho) = MachO::parse(&buf) {
///                 println!("arc: {}", macho.has_arc());
///             }
///         }
///     }
/// }
/// ```
pub trait MachOProperties {
    /// check import names for `_objc_release`
    fn has_arc(&self) -> bool;
    /// check import names for `___stack_chk_fail` or `___stack_chk_guard`
    fn has_canary(&self) -> bool;
    /// check data size of code signature in load commands
    fn has_code_signature(&self) -> bool;
    /// check if `cryptid` has a value set for EncryptionInfo32/64 in load
    /// commands
    fn has_encrypted(&self) -> bool;
    /// check `MH_NO_HEAP_EXECUTION` *(0x01000000)* in MachO header flags
    fn has_nx_heap(&self) -> bool;
    /// check `MH_ALLOW_STACK_EXECUTION` *(0x00020000)* in MachO header flags
    fn has_nx_stack(&self) -> bool;
    /// check `MH_PIE` *(0x00200000)* in MachO header flags
    fn has_pie(&self) -> bool;
    /// check for `___restrict` segment name
    fn has_restrict(&self) -> bool;
    //fn has_rpath(&self) -> VecRpath;
    /// check for RPath in load commands
    fn has_rpath(&self) -> bool;
}
impl MachOProperties for MachO<'_> {
    fn has_arc(&self) -> bool {
        if let Ok(imports) = self.imports() {
            for import in imports.iter() {
                if import.name == "_objc_release" {
                    return true;
                }
            }
        }
        false
    }
    fn has_canary(&self) -> bool {
        if let Ok(imports) = self.imports() {
            for import in imports.iter() {
                match import.name {
                    "___stack_chk_fail" => return true,
                    "___stack_chk_guard" => return true,
                    _ => continue,
                }
            }
        }
        false
    }
    fn has_code_signature(&self) -> bool {
        for loadcmd in self.load_commands.iter() {
            if let CommandVariant::CodeSignature(cmd) = loadcmd.command {
                // just check for existence, todo full validation
                if cmd.datasize > 0 {
                    return true;
                }
            }
        }
        false
    }
    fn has_encrypted(&self) -> bool {
        for loadcmd in self.load_commands.iter() {
            match loadcmd.command {
                CommandVariant::EncryptionInfo32(cmd) => {
                    if cmd.cryptid != 0 {
                        return true;
                    }
                }
                CommandVariant::EncryptionInfo64(cmd) => {
                    if cmd.cryptid != 0 {
                        return true;
                    }
                }
                _ => (),
            }
        }
        false
    }
    fn has_nx_heap(&self) -> bool {
        matches!(self.header.flags & MH_NO_HEAP_EXECUTION, x if x != 0)
    }
    fn has_nx_stack(&self) -> bool {
        !matches!(self.header.flags & MH_ALLOW_STACK_EXECUTION, x if x != 0)
    }
    fn has_pie(&self) -> bool {
        matches!(self.header.flags & MH_PIE, x if x != 0)
    }
    fn has_restrict(&self) -> bool {
        for segment in self.segments.iter() {
            if let Ok(name) = segment.name() {
                if name.to_string().to_lowercase() == "__restrict" {
                    return true;
                }
            }
        }
        false
    }
    //fn has_rpath(&self) -> VecRpath {
    fn has_rpath(&self) -> bool {
        // simply check for existence of @rpath command for now
        // parse out rpath entries similar to elf later
        // paths separated by `;` instead of `:` like the elf counterpart
        for loadcmd in self.load_commands.iter() {
            if let CommandVariant::Rpath(_) = loadcmd.command {
                return true;
                //return VecRpath::new(vec![Rpath::Yes("true".to_string())]);
            }
        }
        //VecRpath::new(vec![Rpath::None])
        false
    }
}