kconfig_hardened_check/test_engine.py

   1 #!/usr/bin/python3
   2
   3 """
   4 This tool helps me to check Linux kernel options against
   5 my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
   6 Let the computers do their job!
   7
   8 Author: Alexander Popov <alex.popov@linux.com>
   9
  10 This module performs unit-testing of the kconfig-hardened-check engine.
  11 """
  12
  13 # pylint: disable=missing-function-docstring,line-too-long
  14
  15 import unittest
  16 from collections import OrderedDict
  17 import json
  18 from .engine import KconfigCheck, CmdlineCheck, populate_with_data, perform_checks
  19
  20
  21 class TestEngine(unittest.TestCase):
  22     """
  23     Example test scenario:
  24
  25         # 1. prepare the checklist
  26         config_checklist = []
  27         config_checklist += [KconfigCheck('reason_1', 'decision_1', 'KCONFIG_NAME', 'expected_1')]
  28         config_checklist += [CmdlineCheck('reason_2', 'decision_2', 'cmdline_name', 'expected_2')]
  29
  30         # 2. prepare the parsed kconfig options
  31         parsed_kconfig_options = OrderedDict()
  32         parsed_kconfig_options['CONFIG_KCONFIG_NAME'] = 'UNexpected_1'
  33
  34         # 3. prepare the parsed cmdline options
  35         parsed_cmdline_options = OrderedDict()
  36         parsed_cmdline_options['cmdline_name'] = 'expected_2'
  37
  38         # 4. prepare the kernel version
  39         kernel_version = (42, 43)
  40
  41         # 5. run the engine
  42         result = []
  43         self.run_engine(config_checklist,
  44                         parsed_kconfig_options, parsed_cmdline_options, kernel_version,
  45                         result)
  46
  47         # 6. check that the results are correct
  48         # self.assertEqual(...
  49     """
  50
  51     @staticmethod
  52     def run_engine(checklist,
  53                    parsed_kconfig_options, parsed_cmdline_options, kernel_version,
  54                    result):
  55         # populate the checklist with data
  56         if parsed_kconfig_options:
  57             populate_with_data(checklist, parsed_kconfig_options, 'kconfig')
  58         if parsed_cmdline_options:
  59             populate_with_data(checklist, parsed_cmdline_options, 'cmdline')
  60         if kernel_version:
  61             populate_with_data(checklist, kernel_version, 'version')
  62
  63         # now everything is ready, perform the checks
  64         perform_checks(checklist)
  65
  66         # print the table with the results
  67         print('TABLE:')
  68         for opt in checklist:
  69             opt.table_print(None, True) # default mode, with_results
  70             print()
  71
  72         # print the results in JSON
  73         print('JSON:')
  74         for opt in checklist:
  75             result.append(opt.json_dump(True)) # with_results
  76         print(json.dumps(result))
  77         print()
  78
  79     def test_kconfig_ok(self):
  80         # 1. prepare the checklist
  81         config_checklist = []
  82         config_checklist += [KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1')]
  83
  84         # 2. prepare the parsed kconfig options
  85         parsed_kconfig_options = OrderedDict()
  86         parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1'
  87
  88         # 3. run the engine
  89         result = []
  90         self.run_engine(config_checklist, parsed_kconfig_options, None, None, result)
  91
  92         # 4. check that the results are correct
  93         self.assertEqual(
  94                 result,
  95                 [["CONFIG_NAME_1", "kconfig", "expected_1", "decision_1", "reason_1", "OK"]]
  96         )
  97
  98     def test_kconfig_fail(self):
  99         # 1. prepare the checklist
 100         config_checklist = []
 101         config_checklist += [KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2')]
 102
 103         # 2. prepare the parsed kconfig options
 104         parsed_kconfig_options = OrderedDict()
 105         parsed_kconfig_options['CONFIG_NAME_2'] = 'UNexpected_2'
 106
 107         # 3. run the engine
 108         result = []
 109         self.run_engine(config_checklist, parsed_kconfig_options, None, None, result)
 110
 111         # 4. check that the results are correct
 112         self.assertEqual(
 113                 result,
 114                 [["CONFIG_NAME_2", "kconfig", "expected_2", "decision_2", "reason_2", "FAIL: \"UNexpected_2\""]]
 115         )
 116
 117     def test_cmdline_ok(self):
 118         # 1. prepare the checklist
 119         config_checklist = []
 120         config_checklist += [CmdlineCheck('reason_3', 'decision_3', 'name_3', 'expected_3')]
 121
 122         # 2. prepare the parsed cmdline options
 123         parsed_cmdline_options = OrderedDict()
 124         parsed_cmdline_options['name_3'] = 'expected_3'
 125
 126         # 3. run the engine
 127         result = []
 128         self.run_engine(config_checklist, None, parsed_cmdline_options, None, result)
 129
 130         # 4. check that the results are correct
 131         self.assertEqual(
 132                 result,
 133                 [["name_3", "cmdline", "expected_3", "decision_3", "reason_3", "OK"]]
 134         )
 135
 136     def test_cmdline_fail(self):
 137         # 1. prepare the checklist
 138         config_checklist = []
 139         config_checklist += [CmdlineCheck('reason_4', 'decision_4', 'name_4', 'expected_4')]
 140
 141         # 2. prepare the parsed cmdline options
 142         parsed_cmdline_options = OrderedDict()
 143         parsed_cmdline_options['name_4'] = 'UNexpected_4'
 144
 145         # 3. run the engine
 146         result = []
 147         self.run_engine(config_checklist, None, parsed_cmdline_options, None, result)
 148
 149         # 4. check that the results are correct
 150         self.assertEqual(
 151                 result,
 152                 [["name_4", "cmdline", "expected_4", "decision_4", "reason_4", "FAIL: \"UNexpected_4\""]]
 153         )
 154
 155     def test_kconfig_not_found(self):
 156         # 1. prepare the checklist
 157         config_checklist = []
 158         config_checklist += [KconfigCheck('reason_5', 'decision_5', 'NAME_5', 'expected_5')]
 159         config_checklist += [KconfigCheck('reason_6', 'decision_6', 'NAME_6', 'is not set')]
 160
 161         # 2. run the engine
 162         result = []
 163         self.run_engine(config_checklist, None, None, None, result)
 164
 165         # 3. check that the results are correct
 166         self.assertEqual(
 167                 result,
 168                 [["CONFIG_NAME_5", "kconfig", "expected_5", "decision_5", "reason_5", "FAIL: is not found"],
 169                  ["CONFIG_NAME_6", "kconfig", "is not set", "decision_6", "reason_6", "OK: is not found"]]
 170         )