#!/usr/bin/python3
-
-# pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring
-# pylint: disable=line-too-long,invalid-name,too-many-branches,too-many-statements
"""
This tool helps me to check Linux kernel options against
my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
This module performs input/output.
"""
+# pylint: disable=missing-function-docstring,line-too-long,invalid-name,too-many-branches,too-many-statements
import sys
from argparse import ArgumentParser
if arch_pattern.match(line):
option, _ = line[7:].split('=', 1)
if option in archs:
- if not arch:
+ if arch is None:
arch = option
else:
return None, 'more than one supported architecture is detected'
- if not arch:
+ if arch is None:
return None, 'failed to detect architecture'
return arch, 'OK'
ver_str = parts[2]
ver_numbers = ver_str.split('.')
if len(ver_numbers) < 3 or not ver_numbers[0].isdigit() or not ver_numbers[1].isdigit():
- msg = 'failed to parse the version "' + ver_str + '"'
+ msg = f'failed to parse the version "{ver_str}"'
return None, msg
return (int(ver_numbers[0]), int(ver_numbers[1])), None
return None, 'no kernel version detected'
gcc_version = line[19:-1]
if clang_version_pattern.match(line):
clang_version = line[21:-1]
- if not gcc_version or not clang_version:
+ if gcc_version is None or clang_version is None:
return None, 'no CONFIG_GCC_VERSION or CONFIG_CLANG_VERSION'
if gcc_version == '0' and clang_version != '0':
return 'CLANG ' + clang_version, 'OK'
if with_results:
sep_line_len += 30
print('=' * sep_line_len)
- print(f"{'option name':^40}|{'type':^7}|{'desired val':^12}|{'decision':^10}|{'reason':^18}", end='')
+ print(f'{"option name":^40}|{"type":^7}|{"desired val":^12}|{"decision":^10}|{"reason":^18}', end='')
if with_results:
print('| check result', end='')
print()
fail_suppressed = ' (suppressed in output)'
if mode == 'show_fail':
ok_suppressed = ' (suppressed in output)'
- if mode != 'json':
- print(f'[+] Config check is finished: \'OK\' - {ok_count}{ok_suppressed} / \'FAIL\' - {fail_count}{fail_suppressed}')
+ print(f'[+] Config check is finished: \'OK\' - {ok_count}{ok_suppressed} / \'FAIL\' - {fail_count}{fail_suppressed}')
def parse_kconfig_file(parsed_options, fname):
print(f'[+] Kernel cmdline file to check: {args.cmdline}')
arch, msg = detect_arch(args.config, supported_archs)
- if not arch:
+ if arch is None:
sys.exit(f'[!] ERROR: {msg}')
if mode != 'json':
print(f'[+] Detected architecture: {arch}')
kernel_version, msg = detect_kernel_version(args.config)
- if not kernel_version:
+ if kernel_version is None:
sys.exit(f'[!] ERROR: {msg}')
if mode != 'json':
print(f'[+] Detected kernel version: {kernel_version[0]}.{kernel_version[1]}')
projects / kconfig-hardened-check.git / blobdiff