X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=cb794505bd7a597411d3356472925c0125215967;hb=c1fc80cab0a55b90602ab8d03beefd723954820e;hp=548774526fc88ff78ccb19f8b89037a6f3684cce;hpb=eeb0b9ee58eec087b0bd7b5b3428b4c9d1078c4a;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 5487745..cb79450 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -64,17 +64,6 @@ from .__about__ import __version__
 # pylint: disable=line-too-long,bad-whitespace,too-many-branches
 # pylint: disable=too-many-statements,global-statement
 
-# Report modes:
-#   * verbose mode for
-#     - reporting about unknown kernel options in the config
-#     - verbose printing of ComplexOptCheck items
-#   * json mode for printing the results in JSON format
-report_modes = ['verbose', 'json']
-
-supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM']
-
-kernel_version = None
-
 
 class OptCheck:
     def __init__(self, reason, decision, name, expected):
@@ -109,16 +98,17 @@ class OptCheck:
 class VerCheck:
     def __init__(self, ver_expected):
         self.ver_expected = ver_expected
+        self.ver = None
         self.result = None
 
     def check(self):
-        if kernel_version[0] > self.ver_expected[0]:
+        if self.ver[0] > self.ver_expected[0]:
             self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
             return True
-        if kernel_version[0] < self.ver_expected[0]:
+        if self.ver[0] < self.ver_expected[0]:
             self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
             return False
-        if kernel_version[1] >= self.ver_expected[1]:
+        if self.ver[1] >= self.ver_expected[1]:
             self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
             return True
         self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
@@ -229,14 +219,14 @@ class AND(ComplexOptCheck):
         sys.exit('[!] ERROR: invalid AND check')
 
 
-def detect_arch(fname):
+def detect_arch(fname, archs):
     with open(fname, 'r') as f:
         arch_pattern = re.compile("CONFIG_[a-zA-Z0-9_]*=y")
         arch = None
         for line in f.readlines():
             if arch_pattern.match(line):
                 option, _ = line[7:].split('=', 1)
-                if option in supported_archs:
+                if option in archs:
                     if not arch:
                         arch = option
                     else:
@@ -563,13 +553,15 @@ def print_checklist(mode, checklist, with_results):
             print('[+] Config check is finished: \'OK\' - {} / \'FAIL\' - {}'.format(ok_count, error_count))
 
 
-def perform_checks(checklist, parsed_options):
+def perform_checks(checklist, parsed_options, kernel_version):
     for opt in checklist:
         if hasattr(opt, 'opts'):
             # prepare ComplexOptCheck
             for o in opt.opts:
                 if hasattr(o, 'state'):
                     o.state = parsed_options.get(o.name, None)
+                if hasattr(o, 'ver'):
+                    o.ver = kernel_version
         else:
             # prepare simple check
             if not hasattr(opt, 'state'):
@@ -605,12 +597,13 @@ def parse_config_file(parsed_options, fname):
 
 
 def main():
-    global kernel_version
-
-    mode = None
-    config_checklist = []
-    parsed_options = OrderedDict()
-
+    # Report modes:
+    #   * verbose mode for
+    #     - reporting about unknown kernel options in the config
+    #     - verbose printing of ComplexOptCheck items
+    #   * json mode for printing the results in JSON format
+    report_modes = ['verbose', 'json']
+    supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM']
     parser = ArgumentParser(prog='kconfig-hardened-check',
                             description='Checks the hardening options in the Linux kernel config')
     parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
@@ -622,16 +615,19 @@ def main():
                         help='choose the report mode')
     args = parser.parse_args()
 
+    mode = None
     if args.mode:
         mode = args.mode
         if mode != 'json':
             print("[+] Special report mode: {}".format(mode))
 
+    config_checklist = []
+
     if args.config:
         if mode != 'json':
             print('[+] Config file to check: {}'.format(args.config))
 
-        arch, msg = detect_arch(args.config)
+        arch, msg = detect_arch(args.config, supported_archs)
         if not arch:
             sys.exit('[!] ERROR: {}'.format(msg))
         if mode != 'json':
@@ -644,8 +640,9 @@ def main():
             print('[+] Detected kernel version: {}.{}'.format(kernel_version[0], kernel_version[1]))
 
         construct_checklist(config_checklist, arch)
+        parsed_options = OrderedDict()
         parse_config_file(parsed_options, args.config)
-        perform_checks(config_checklist, parsed_options)
+        perform_checks(config_checklist, parsed_options, kernel_version)
 
         if mode == 'verbose':
             print_unknown_options(config_checklist, parsed_options)