projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add cmdline checks to '--print'
[kconfig-hardened-check.git]
/
kconfig_hardened_check
/
__init__.py
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index 9b3c94c6c33cf0f062233a7d80f2dc8da5470ec1..7324a9eebaece13b9a0f2800651281f30e4f7251 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-132,6
+132,12
@@
class OptCheck:
if with_results:
print('| {}'.format(self.result), end='')
if with_results:
print('| {}'.format(self.result), end='')
+ def json_dump(self, with_results):
+ dump = [self.name, self.type, self.expected, self.decision, self.reason]
+ if with_results:
+ dump.append(self.result)
+ return dump
+
class KconfigCheck(OptCheck):
def __init__(self, *args, **kwargs):
class KconfigCheck(OptCheck):
def __init__(self, *args, **kwargs):
@@
-142,11
+148,11
@@
class KconfigCheck(OptCheck):
def type(self):
return 'kconfig'
def type(self):
return 'kconfig'
- def json_dump(self, with_results):
- dump = [self.name, self.type, self.expected, self.decision, self.reason]
- if with_results:
- dump.append(self.result)
- return
dump
+
+class CmdlineCheck(OptCheck):
+ @property
+ def type(self):
+ return
'cmdline'
class VersionCheck:
class VersionCheck:
@@
-185,7
+191,7
@@
class ComplexOptCheck:
sys.exit('[!] ERROR: empty {} check'.format(self.__class__.__name__))
if len(self.opts) == 1:
sys.exit('[!] ERROR: useless {} check'.format(self.__class__.__name__))
sys.exit('[!] ERROR: empty {} check'.format(self.__class__.__name__))
if len(self.opts) == 1:
sys.exit('[!] ERROR: useless {} check'.format(self.__class__.__name__))
- if not isinstance(opts[0], KconfigCheck):
+ if not isinstance(opts[0], KconfigCheck)
and not isinstance(opts[0], CmdlineCheck)
:
sys.exit('[!] ERROR: invalid {} check: {}'.format(self.__class__.__name__, opts))
self.result = None
sys.exit('[!] ERROR: invalid {} check: {}'.format(self.__class__.__name__, opts))
self.result = None
@@
-650,6
+656,14
@@
def add_kconfig_checks(l, arch):
# l += [KconfigCheck('feature_test', 'my', 'LKDTM', 'm')] # only for debugging!
# l += [KconfigCheck('feature_test', 'my', 'LKDTM', 'm')] # only for debugging!
+def add_cmdline_checks(l, arch):
+ # Calling the CmdlineCheck class constructor:
+ # CmdlineCheck(reason, decision, name, expected)
+
+ l += [CmdlineCheck('self_protection', 'kspp', 'randomize_kstack_offset', 'on')]
+ # TODO: add other
+
+
def print_unknown_options(checklist, parsed_options):
known_options = []
def print_unknown_options(checklist, parsed_options):
known_options = []
@@
-855,6
+869,7
@@
def main():
sys.exit('[!] ERROR: wrong mode "{}" for --print'.format(mode))
arch = args.print
add_kconfig_checks(config_checklist, arch)
sys.exit('[!] ERROR: wrong mode "{}" for --print'.format(mode))
arch = args.print
add_kconfig_checks(config_checklist, arch)
+ add_cmdline_checks(config_checklist, arch)
if mode != 'json':
print('[+] Printing kernel security hardening preferences for {}...'.format(arch))
print_checklist(mode, config_checklist, False)
if mode != 'json':
print('[+] Printing kernel security hardening preferences for {}...'.format(arch))
print_checklist(mode, config_checklist, False)