4 This tool helps me to check Linux kernel options against
5 my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
6 Let the computers do their job!
8 Author: Alexander Popov <alex.popov@linux.com>
10 This module performs unit-testing of the kconfig-hardened-check engine.
13 # pylint: disable=missing-function-docstring,line-too-long
16 from collections import OrderedDict
18 from .engine import KconfigCheck, CmdlineCheck, OR, AND, populate_with_data, perform_checks
21 class TestEngine(unittest.TestCase):
23 Example test scenario:
25 # 1. prepare the checklist
27 config_checklist += [KconfigCheck('reason_1', 'decision_1', 'KCONFIG_NAME', 'expected_1')]
28 config_checklist += [CmdlineCheck('reason_2', 'decision_2', 'cmdline_name', 'expected_2')]
30 # 2. prepare the parsed kconfig options
31 parsed_kconfig_options = OrderedDict()
32 parsed_kconfig_options['CONFIG_KCONFIG_NAME'] = 'UNexpected_1'
34 # 3. prepare the parsed cmdline options
35 parsed_cmdline_options = OrderedDict()
36 parsed_cmdline_options['cmdline_name'] = 'expected_2'
38 # 4. prepare the kernel version
39 kernel_version = (42, 43)
43 self.run_engine(config_checklist,
44 parsed_kconfig_options, parsed_cmdline_options, kernel_version,
47 # 6. check that the results are correct
48 # self.assertEqual(...
52 def run_engine(checklist,
53 parsed_kconfig_options, parsed_cmdline_options, kernel_version,
55 # populate the checklist with data
56 if parsed_kconfig_options:
57 populate_with_data(checklist, parsed_kconfig_options, 'kconfig')
58 if parsed_cmdline_options:
59 populate_with_data(checklist, parsed_cmdline_options, 'cmdline')
61 populate_with_data(checklist, kernel_version, 'version')
63 # now everything is ready, perform the checks
64 perform_checks(checklist)
66 # print the table with the results
69 opt.table_print(None, True) # default mode, with_results
72 # print the results in JSON
75 result.append(opt.json_dump(True)) # with_results
76 print(json.dumps(result))
79 def test_single_kconfig(self):
80 # 1. prepare the checklist
82 config_checklist += [KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1')]
83 config_checklist += [KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2')]
84 config_checklist += [KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3')]
85 config_checklist += [KconfigCheck('reason_4', 'decision_4', 'NAME_4', 'is not set')]
87 # 2. prepare the parsed kconfig options
88 parsed_kconfig_options = OrderedDict()
89 parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1'
90 parsed_kconfig_options['CONFIG_NAME_2'] = 'UNexpected_2'
94 self.run_engine(config_checklist, parsed_kconfig_options, None, None, result)
96 # 4. check that the results are correct
99 [["CONFIG_NAME_1", "kconfig", "expected_1", "decision_1", "reason_1", "OK"],
100 ["CONFIG_NAME_2", "kconfig", "expected_2", "decision_2", "reason_2", "FAIL: \"UNexpected_2\""],
101 ["CONFIG_NAME_3", "kconfig", "expected_3", "decision_3", "reason_3", "FAIL: is not found"],
102 ["CONFIG_NAME_4", "kconfig", "is not set", "decision_4", "reason_4", "OK: is not found"]]
105 def test_single_cmdline(self):
106 # 1. prepare the checklist
107 config_checklist = []
108 config_checklist += [CmdlineCheck('reason_1', 'decision_1', 'name_1', 'expected_1')]
109 config_checklist += [CmdlineCheck('reason_2', 'decision_2', 'name_2', 'expected_2')]
110 config_checklist += [CmdlineCheck('reason_3', 'decision_3', 'name_3', 'expected_3')]
111 config_checklist += [CmdlineCheck('reason_4', 'decision_4', 'name_4', 'is not set')]
114 # 2. prepare the parsed cmdline options
115 parsed_cmdline_options = OrderedDict()
116 parsed_cmdline_options['name_1'] = 'expected_1'
117 parsed_cmdline_options['name_2'] = 'UNexpected_2'
121 self.run_engine(config_checklist, None, parsed_cmdline_options, None, result)
123 # 4. check that the results are correct
126 [["name_1", "cmdline", "expected_1", "decision_1", "reason_1", "OK"],
127 ["name_2", "cmdline", "expected_2", "decision_2", "reason_2", "FAIL: \"UNexpected_2\""],
128 ["name_3", "cmdline", "expected_3", "decision_3", "reason_3", "FAIL: is not found"],
129 ["name_4", "cmdline", "is not set", "decision_4", "reason_4", "OK: is not found"]]
133 # 1. prepare the checklist
134 config_checklist = []
135 config_checklist += [OR(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'),
136 KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'))]
137 config_checklist += [OR(KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3'),
138 KconfigCheck('reason_4', 'decision_4', 'NAME_4', 'expected_4'))]
139 config_checklist += [OR(KconfigCheck('reason_5', 'decision_5', 'NAME_5', 'expected_5'),
140 KconfigCheck('reason_6', 'decision_6', 'NAME_6', 'expected_6'))]
141 config_checklist += [OR(KconfigCheck('reason_6', 'decision_6', 'NAME_6', 'expected_6'),
142 KconfigCheck('reason_7', 'decision_7', 'NAME_7', 'is not set'))]
144 # 2. prepare the parsed kconfig options
145 parsed_kconfig_options = OrderedDict()
146 parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1'
147 parsed_kconfig_options['CONFIG_NAME_2'] = 'UNexpected_2'
148 parsed_kconfig_options['CONFIG_NAME_3'] = 'UNexpected_3'
149 parsed_kconfig_options['CONFIG_NAME_4'] = 'expected_4'
150 parsed_kconfig_options['CONFIG_NAME_5'] = 'UNexpected_5'
151 parsed_kconfig_options['CONFIG_NAME_6'] = 'UNexpected_6'
155 self.run_engine(config_checklist, parsed_kconfig_options, None, None, result)
157 # 4. check that the results are correct
160 [["CONFIG_NAME_1", "kconfig", "expected_1", "decision_1", "reason_1", "OK"],
161 ["CONFIG_NAME_3", "kconfig", "expected_3", "decision_3", "reason_3", "OK: CONFIG_NAME_4 is \"expected_4\""],
162 ["CONFIG_NAME_5", "kconfig", "expected_5", "decision_5", "reason_5", "FAIL: \"UNexpected_5\""],
163 ["CONFIG_NAME_6", "kconfig", "expected_6", "decision_6", "reason_6", "OK: CONFIG_NAME_7 is not found"]]
167 # 1. prepare the checklist
168 config_checklist = []
169 config_checklist += [AND(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'),
170 KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'))]
171 config_checklist += [AND(KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3'),
172 KconfigCheck('reason_4', 'decision_4', 'NAME_4', 'expected_4'))]
173 config_checklist += [AND(KconfigCheck('reason_5', 'decision_5', 'NAME_5', 'expected_5'),
174 KconfigCheck('reason_6', 'decision_6', 'NAME_6', 'expected_6'))]
176 # 2. prepare the parsed kconfig options
177 parsed_kconfig_options = OrderedDict()
178 parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1'
179 parsed_kconfig_options['CONFIG_NAME_2'] = 'expected_2'
180 parsed_kconfig_options['CONFIG_NAME_3'] = 'expected_3'
181 parsed_kconfig_options['CONFIG_NAME_4'] = 'UNexpected_4'
182 parsed_kconfig_options['CONFIG_NAME_5'] = 'UNexpected_5'
183 parsed_kconfig_options['CONFIG_NAME_6'] = 'expected_6'
187 self.run_engine(config_checklist, parsed_kconfig_options, None, None, result)
189 # 4. check that the results are correct
192 [["CONFIG_NAME_1", "kconfig", "expected_1", "decision_1", "reason_1", "OK"],
193 ["CONFIG_NAME_3", "kconfig", "expected_3", "decision_3", "reason_3", "FAIL: CONFIG_NAME_4 is not \"expected_4\""],
194 ["CONFIG_NAME_5", "kconfig", "expected_5", "decision_5", "reason_5", "FAIL: \"UNexpected_5\""]]