X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=5a7ff7f201090de672c3724f77d7616a90722308;hb=f8e47e12ddf6b5c7b7562af6b85b8f65481e4b07;hp=7b4993faea3a7f246498c2b0792d8fc28cf2e630;hpb=92abe5f106c2b3522f7139f12f57dd83ffe7ab4e;p=kconfig-hardened-check.git diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 7b4993f..5a7ff7f 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -168,8 +168,8 @@ def parse_kconfig_file(mode, parsed_options, fname): option, value = line[2:].split(' ', 1) assert(value == 'is not set'), \ f'unexpected value of disabled Kconfig option "{line}"' - elif line != '' and not line.startswith('#') and mode != 'json': - print(f'[!] WARNING: strange line in Kconfig file: "{line}"') + elif line != '' and not line.startswith('#'): + sys.exit(f'[!] ERROR: unexpected line in Kconfig file: "{line}"') if option in parsed_options: sys.exit(f'[!] ERROR: Kconfig option "{line}" is found multiple times') @@ -201,11 +201,11 @@ def parse_cmdline_file(mode, parsed_options, fname): def parse_sysctl_file(mode, parsed_options, fname): with open(fname, 'r', encoding='utf-8') as f: - sysctl_pattern = re.compile("[a-zA-Z0-9\._-]+ =.*$") + sysctl_pattern = re.compile("[a-zA-Z0-9/\._-]+ =.*$") for line in f.readlines(): line = line.strip() if not sysctl_pattern.match(line): - sys.exit(f'[!] ERROR: unexpected line in sysctl file: {line}') + sys.exit(f'[!] ERROR: unexpected line in sysctl file: "{line}"') option, value = line.split('=', 1) option = option.strip() value = value.strip() @@ -258,7 +258,6 @@ def main(): if args.config: if args.print: sys.exit('[!] ERROR: --config and --print can\'t be used together') - if args.generate: sys.exit('[!] ERROR: --config and --generate can\'t be used together') @@ -338,16 +337,43 @@ def main(): # finally print the results print_checklist(mode, config_checklist, True) - sys.exit(0) elif args.cmdline: sys.exit('[!] ERROR: checking cmdline depends on checking Kconfig') elif args.sysctl: - # TODO: sysctl check should also work separately - sys.exit('[!] ERROR: checking sysctl depends on checking Kconfig') + # separate sysctl checking (without kconfig) + assert(args.config is None and args.cmdline is None), 'unexpected args' + if args.print: + sys.exit('[!] ERROR: --sysctl and --print can\'t be used together') + if args.generate: + sys.exit('[!] ERROR: --sysctl and --generate can\'t be used together') + + if mode != 'json': + print(f'[+] Sysctl output file to check: {args.sysctl}') + + # add relevant sysctl checks to the checklist + add_sysctl_checks(config_checklist, None) + + # populate the checklist with the parsed sysctl data + parsed_sysctl_options = OrderedDict() + parse_sysctl_file(mode, parsed_sysctl_options, args.sysctl) + populate_with_data(config_checklist, parsed_sysctl_options, 'sysctl') + + # now everything is ready, perform the checks + perform_checks(config_checklist) + + if mode == 'verbose': + # print the parsed options without the checks (for debugging) + print_unknown_options(config_checklist, parsed_sysctl_options) + + # finally print the results + print_checklist(mode, config_checklist, True) + sys.exit(0) if args.print: assert(args.config is None and args.cmdline is None and args.sysctl is None), 'unexpected args' + if args.generate: + sys.exit('[!] ERROR: --print and --generate can\'t be used together') if mode and mode not in ('verbose', 'json'): sys.exit(f'[!] ERROR: wrong mode "{mode}" for --print') arch = args.print @@ -360,7 +386,7 @@ def main(): sys.exit(0) if args.generate: - assert(args.config is None and args.cmdline is None and args.sysctl is None), 'unexpected args' + assert(args.config is None and args.cmdline is None and args.sysctl is None and args.print is None), 'unexpected args' if mode: sys.exit(f'[!] ERROR: wrong mode "{mode}" for --generate') arch = args.generate