The checksec tool's Fortify Source check should be excluded when perf…

…orming offline checks, as it doesn't function as expected in this context. The Fortify Source check operates by using the running system's libraries to check for the supported Fortify-able library functions. In the case of firmware, this approach is not applicable as the binary and the running system's libraries are not the same. Therefore, the Fortify Source check is removed for offline checks. There is a possibility that in the future, this check may be reinstated if a viable workaround is identified. This could involve leveraging the firmware's own libc through mechanisms like chroot, for instance.
fkie-cad · Nov 10, 2023 · 9ebbfcd · 9ebbfcd
1 parent 358255a
commit 9ebbfcd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/plugins/analysis/checksec/code/checksec.py b/src/plugins/analysis/checksec/code/checksec.py
@@ -16,7 +16,7 @@ class AnalysisPlugin(AnalysisBasePlugin):
     DESCRIPTION = 'analyses ELF binaries within a firmware for present exploit mitigation techniques'
     DEPENDENCIES = ['file_type']  # noqa: RUF012
     MIME_WHITELIST = ['application/x-executable', 'application/x-object', 'application/x-sharedlib']  # noqa: RUF012
-    VERSION = '0.1.6'
+    VERSION = '0.2.0'
     FILE = __file__
 
     def additional_setup(self):