X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=cdb08288fa0f3ccf2b938cf88fb92462070da61f;hb=74f975ac7909f4c0f8433d12defb6012ab6c9ff5;hp=8f244985ecbb4d55f6ee53426e9ac6462d9eeb7f;hpb=b630183a7fd78183d24f01fd5a1cdf02410e5626;p=kconfig-hardened-check.git diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 8f24498..cdb0828 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -12,6 +12,7 @@ This module performs input/output. # pylint: disable=missing-function-docstring,line-too-long,invalid-name,too-many-branches,too-many-statements +import gzip import sys from argparse import ArgumentParser from collections import OrderedDict @@ -19,11 +20,19 @@ import re import json from .__about__ import __version__ from .checks import add_kconfig_checks, add_cmdline_checks, normalize_cmdline_options -from .engine import populate_with_data, perform_checks +from .engine import populate_with_data, perform_checks, override_expected_value + + +def _open(file: str, *args, **kwargs): + open_method = open + if file.endswith(".gz"): + open_method = gzip.open + + return open_method(file, *args, **kwargs) def detect_arch(fname, archs): - with open(fname, 'r', encoding='utf-8') as f: + with _open(fname, 'rt', encoding='utf-8') as f: arch_pattern = re.compile("CONFIG_[a-zA-Z0-9_]*=y") arch = None for line in f.readlines(): @@ -40,7 +49,7 @@ def detect_arch(fname, archs): def detect_kernel_version(fname): - with open(fname, 'r', encoding='utf-8') as f: + with _open(fname, 'rt', encoding='utf-8') as f: ver_pattern = re.compile("# Linux/.* Kernel Configuration") for line in f.readlines(): if ver_pattern.match(line): @@ -58,7 +67,7 @@ def detect_kernel_version(fname): def detect_compiler(fname): gcc_version = None clang_version = None - with open(fname, 'r', encoding='utf-8') as f: + with _open(fname, 'rt', encoding='utf-8') as f: gcc_version_pattern = re.compile("CONFIG_GCC_VERSION=[0-9]*") clang_version_pattern = re.compile("CONFIG_CLANG_VERSION=[0-9]*") for line in f.readlines(): @@ -146,7 +155,7 @@ def print_checklist(mode, checklist, with_results): def parse_kconfig_file(parsed_options, fname): - with open(fname, 'r', encoding='utf-8') as f: + with _open(fname, 'rt', encoding='utf-8') as f: opt_is_on = re.compile("CONFIG_[a-zA-Z0-9_]*=[a-zA-Z0-9_\"]*") opt_is_off = re.compile("# CONFIG_[a-zA-Z0-9_]* is not set") @@ -204,7 +213,7 @@ def main(): parser.add_argument('-p', '--print', choices=supported_archs, help='print security hardening preferences for the selected architecture') parser.add_argument('-c', '--config', - help='check the kernel kconfig file against these preferences') + help='check the kernel kconfig file against these preferences (also supports *.gz files)') parser.add_argument('-l', '--cmdline', help='check the kernel cmdline file against these preferences') parser.add_argument('-m', '--mode', choices=report_modes, @@ -268,6 +277,11 @@ def main(): parse_cmdline_file(parsed_cmdline_options, args.cmdline) populate_with_data(config_checklist, parsed_cmdline_options, 'cmdline') + # hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check + mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None) + if mmap_rnd_bits_max: + override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max) + # now everything is ready, perform the checks perform_checks(config_checklist)