X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=635c927b4fbca6f75987c8d8c4d4f2c381f36e71;hb=4a0987242476561cd4e3157f9eb788568345901f;hp=cb794505bd7a597411d3356472925c0125215967;hpb=c1fc80cab0a55b90602ab8d03beefd723954820e;p=kconfig-hardened-check.git diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index cb79450..635c927 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -178,9 +178,9 @@ class ComplexOptCheck: class OR(ComplexOptCheck): # self.opts[0] is the option that this OR-check is about. - # Use case: + # Use cases: # OR(, ) - # OR(, ) + # OR(, ) def check(self): if not self.opts: @@ -200,8 +200,10 @@ class OR(ComplexOptCheck): class AND(ComplexOptCheck): # self.opts[0] is the option that this AND-check is about. - # Use case: AND(, ) - # Suboption is not checked if checking of the main_option is failed. + # Use cases: + # AND(, ) + # Suboption is not checked if checking of the main_option is failed. + # AND(, ) def check(self): for i, opt in reversed(list(enumerate(self.opts))): @@ -211,7 +213,7 @@ class AND(ComplexOptCheck): return ret if not ret: if hasattr(opt, 'expected'): - self.result = 'FAIL: CONFIG_{} is needed'.format(opt.name) + self.result = 'FAIL: CONFIG_{} not "{}"'.format(opt.name, opt.expected) else: self.result = opt.result return False @@ -539,6 +541,13 @@ def print_checklist(mode, checklist, with_results): # table contents for opt in checklist: + if with_results: + if mode == 'show_ok': + if not opt.result.startswith('OK'): + continue + if mode == 'show_fail': + if not opt.result.startswith('FAIL'): + continue opt.table_print(mode, with_results) print() if mode == 'verbose': @@ -547,10 +556,16 @@ def print_checklist(mode, checklist, with_results): # final score if with_results: - error_count = len(list(filter(lambda opt: opt.result.startswith('FAIL'), checklist))) + fail_count = len(list(filter(lambda opt: opt.result.startswith('FAIL'), checklist))) + fail_suppressed = '' ok_count = len(list(filter(lambda opt: opt.result.startswith('OK'), checklist))) + ok_suppressed = '' + if mode == 'show_ok': + fail_suppressed = ' (suppressed in output)' + if mode == 'show_fail': + ok_suppressed = ' (suppressed in output)' if mode != 'json': - print('[+] Config check is finished: \'OK\' - {} / \'FAIL\' - {}'.format(ok_count, error_count)) + print('[+] Config check is finished: \'OK\' - {}{} / \'FAIL\' - {}{}'.format(ok_count, ok_suppressed, fail_count, fail_suppressed)) def perform_checks(checklist, parsed_options, kernel_version): @@ -602,7 +617,7 @@ def main(): # - reporting about unknown kernel options in the config # - verbose printing of ComplexOptCheck items # * json mode for printing the results in JSON format - report_modes = ['verbose', 'json'] + report_modes = ['verbose', 'json', 'show_ok', 'show_fail'] supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM'] parser = ArgumentParser(prog='kconfig-hardened-check', description='Checks the hardening options in the Linux kernel config') @@ -610,7 +625,7 @@ def main(): parser.add_argument('-p', '--print', choices=supported_archs, help='print hardening preferences for selected architecture') parser.add_argument('-c', '--config', - help='check the config_file against these preferences') + help='check the kernel config file against these preferences') parser.add_argument('-m', '--mode', choices=report_modes, help='choose the report mode') args = parser.parse_args() @@ -651,6 +666,8 @@ def main(): sys.exit(0) if args.print: + if mode in ('show_ok', 'show_fail'): + sys.exit('[!] ERROR: please use "{}" mode for checking the kernel config'.format(mode)) arch = args.print construct_checklist(config_checklist, arch) if mode != 'json':