fix: fix duplicate entries

[slimm609]

• fix duplicate entries in fortifed count
• check binary to validate that it relies on glibc before comparing against glibc

[teoberi]

The solution chosen to test the libc dependency:
ldd "${1}" 2> /dev/null | grep 'libc\.so' | cut -d' ' -f3
differs a bit from the one I thought of, that is was:
${readelf} -d "${1}" 2> /dev/null | grep 'NEEDED' | grep 'libc\.so'
or (maybe)
${readelf} -d "${1}" 2> /dev/null | grep 'NEEDED' | grep 'libc\.so' | awk '{print $5}

Source:
https://www.baeldung.com/linux/show-shared-libraries-executables

3. Using the ldd Command
...
The ldd command is pretty handy to list the shared libraries of a program.
However, we should use it with caution, as the ldd utility may execute the program to get the list of the shared libraries. We should never run the ldd command on untrusted executables.

7. Conclusion
In this article, we’ve discussed different ways to list shared libraries of a program.
The ldd command is the most straightforward one to show the shared libraries of a program. The readelf command is a better choice compared to the rest since we deal with “ELF” format on Linux. However, we must keep in mind that we should never use it on untrusted executables.

[teoberi]

For your request from here: #236 (comment) maybe we could add to Fortify, for "N/A" case in tests/binaries:

1. from here a version of "Hello World" in C + ASM to test the binary file case without libc dependency
   Build commands:

gcc -o hello main.c start.S hello.S -w -nostdlib -no-pie -s
clang -o hello_cl main.c start.S hello.S -w -nostdlib -no-pie -s
gcc -m32 -o hello32 main.c start.S hello.S -w -nostdlib -no-pie -s
clang -m32 -o hello_cl32 main.c start.S hello.S -w -nostdlib -no-pie -s

2. from here a version of "Hello World" in C to test the binary file case when "${FS_cnt_total}" == "0"
   Build commands:

gcc -o helloworld helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s
clang -o helloworld_cl helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s
gcc -m32 -o helloworld32 helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s
clang -m32 -o helloworld_cl32 helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s

Source files:
hello.zip
helloworld.zip

Fortify testing for the "N/A" case in tests/hardening-checks.sh
using:

# N/A
for bin in rel.o rel32.o rel_cl.o rel_cl32.o; do

is not working!
It works instead with the previously generated files, that is:

# N/A
for bin in hello hello_cl hello32 hello_cl32 helloworld helloworld_cl helloworld32 helloworld_cl32; do