remove ropgadget module

Relates to #8749 Signed-off-by: Konrad Weihmann <[email protected]>
priv-kweihmann · Apr 27, 2022 · 48d2870 · 48d2870
1 parent d425b7d
commit 48d2870
Show file tree

Hide file tree

Showing 10 changed files with 0 additions and 316 deletions.
diff --git a/README.md b/README.md
@@ -225,7 +225,6 @@ The layer can check on a recipe-level or on an image-level.
 | reconbf         | security audit tool                                   | https://github.com/HewlettPackard/reconbf                             |                                              |                        | x            |               |     |     |        |       |            |     |     | x      |     |          |         |          |          |               | x              |                  |             |
 | reuse           | Scan code for license information                     | https://github.com/fsfe/reuse-tool                                    |                                              |                        |              | x             |     |     |        |       |            |     |     |        |     |          |         |          |          | x             | x              |                  |             |
 | revive          | GO linter                                             | https://github.com/mgechev/revive                                     |                                              |                        |              | x             |     |     |        |       |            |     | x   |        |     |          |         |          |          |               |                | x                | x           |
-| ropgadget       | Determine ROP exploitability in binaries              | https://github.com/JonathanSalwan/ROPgadget                           | manual enable                                |                        |              | x             |     |     |        |       |            |     |     |        |     |          |         | x        |          |               | x              |                  |             |
 | rubycritic      | Ruby linter                                           | https://github.com/whitesmith/rubycritic/                             | meta-rubygems, manual enable                 |                        |              | x             |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                |                  | x           |
 | safety          | Check for known vulnerabilities in python-packages    | https://github.com/pyupio/safety                                      |                                              |                        |              | x             |     |     | x      |       |            |     |     |        |     |          |         |          | x        |               | x              |                  |             |
 | scancode        | Scan code for license information                     | https://github.com/nexB/scancode-toolkit                              |                                              |                        |              | x             |     |     |        |       |            |     |     |        |     |          |         |          |          | x             | x              |                  |             |
@@ -316,7 +315,6 @@ each tool does have it's own benefits and flaws so don't be mad if you have 10k+
     - [reconbf](docs/conf/module/reconbf.md)
     - [reuse](docs/conf/module/reuse.md)
     - [revive](docs/conf/module/revive.md)
-    - [ropgadget](docs/conf/module/ropgadget.md)
     - [rubycritic](docs/conf/module/rubycritic.md)
     - [safety](docs/conf/module/safety.md)
     - [scancode](docs/conf/module/scancode.md)

diff --git a/classes/sca-blacklist.bbclass b/classes/sca-blacklist.bbclass
@@ -53,7 +53,6 @@ SCA_BLACKLIST_pysymcheck ?= ""
 SCA_BLACKLIST_rats ?= ""
 SCA_BLACKLIST_reconbf ?= ""
 SCA_BLACKLIST_revive ?= "openssh"
-SCA_BLACKLIST_ropgadget ?= "linux-.*"
 SCA_BLACKLIST_rubycritic ?= ""
 SCA_BLACKLIST_safety ?= ""
 SCA_BLACKLIST_scancode ?= ""

diff --git a/classes/sca-on-recipe.bbclass b/classes/sca-on-recipe.bbclass
@@ -53,7 +53,6 @@ SCA_ENABLED_MODULES_RECIPE ?= "\
                             rats \
                             reuse \
                             revive \
-                            ropgadget \
                             rubycritic \
                             safety \
                             scancode \

diff --git a/classes/sca-ropgadget.bbclass b/classes/sca-ropgadget.bbclass
diff --git a/docs/casestudy/adv_security.md b/docs/casestudy/adv_security.md
@@ -114,26 +114,6 @@ SCA_AVAILABLE_MODULES = "tlv"
 
 in the conf/local.conf-file.
 
-#### Hardening if user defined code is executed
-
-In this case it might be worth a look if your code does have a larger weakness for [ROP](https://en.wikipedia.org/wiki/Return-oriented_programming).
-Mostly it can't be fully avoided, but the chances of being exploited by that technique could be mitigated.
-
-The [ropgadget](../conf/module/ropgadget.md) module does scan your code for such pattern.
-As there are a large number of occurrences the global loglevel need to be turned to "info" to see all findings.
-
-To active add/set
-
-```bitbake
-SCA_AVAILABLE_MODULES = "ropgadget"
-SCA_WARNING_LEVEL = "info"
-```
-
-in the conf/local.conf-file.
-
-To fix it, try to write the code pattern in a different style so the compiler doesn't translate it into a exploitable pattern.
-This might need some time and should be done by an experienced developer.
-
 #### Usage of metrics
 
 Metrics have proven to be quite a good indicator of improvable code.
@@ -176,7 +156,6 @@ The full applied configuration may look like this
 SCA_AVAILABLE_MODULES = "\
                         gcc \
                         bitbake \
-                        ropgadget \
                         tlv \
                         multimetric \
                         cppcheck \

diff --git a/docs/conf/module/ropgadget.md b/docs/conf/module/ropgadget.md
diff --git a/files/module_list.csv b/files/module_list.csv
@@ -50,7 +50,6 @@ rats,Check on insecurities in several languages,https://github.com/redNixon/rats
 reconbf,security audit tool,https://github.com/HewlettPackard/reconbf,,,x,,,,,,,,,x,,,,,,,x,,
 reuse,Scan code for license information,https://github.com/fsfe/reuse-tool,,,,x,,,,,,,,,,,,,,x,x,,
 revive,GO linter,https://github.com/mgechev/revive,,,,x,,,,,,,x,,,,,,,,,x,x
-ropgadget,Determine ROP exploitability in binaries,https://github.com/JonathanSalwan/ROPgadget,manual enable,,,x,,,,,,,,,,,,x,,,x,,
 rubycritic,Ruby linter,https://github.com/whitesmith/rubycritic/,"meta-rubygems, manual enable",,,x,,,,,,,,,,,,,,x,,,x
 safety,Check for known vulnerabilities in python-packages,https://github.com/pyupio/safety,,,,x,,,x,,,,,,,,,,x,,x,,
 scancode,Scan code for license information,https://github.com/nexB/scancode-toolkit,,,,x,,,,,,,,,,,,,,x,x,,

diff --git a/recipes-sca/python3-ropgadget-native/files/ropgadget.sca.description b/recipes-sca/python3-ropgadget-native/files/ropgadget.sca.description
diff --git a/recipes-sca/python3-ropgadget-native/python3-ropgadget-native_6.7.bb b/recipes-sca/python3-ropgadget-native/python3-ropgadget-native_6.7.bb
diff --git a/test/lang_standard_03.txt b/test/lang_standard_03.txt
@@ -3,7 +3,6 @@ configcheck
 lse
 lynis
 nixauditor
-ropgadget
 reconbf
 sudokiller
 systemdlint