X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=cfe0877e93a05b2dc2b63f2f94a77bdf1cd8e8c2;hb=53f1fc788c9d4256378e9fc564a766c05ed909cd;hp=f6e0305d237620762e06295ee7c88a056694d588;hpb=328a89c7703915bc9c8eb6e66eebb6944caf94bb;p=kconfig-hardened-check.git diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index f6e0305..cfe0877 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -1,15 +1,16 @@ #!/usr/bin/python3 -# This tool helps me to check Linux kernel options against -# my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -# Let the computers do their job! -# -# Author: Alexander Popov -# -# Please don't cry if my Python code looks like C. +""" +This tool helps me to check Linux kernel options against +my security hardening preferences for X86_64, ARM64, X86_32, and ARM. +Let the computers do their job! -# pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring -# pylint: disable=line-too-long,invalid-name,too-many-branches,too-many-statements +Author: Alexander Popov + +This module performs input/output. +""" + +# pylint: disable=missing-function-docstring,line-too-long,invalid-name,too-many-branches,too-many-statements import sys from argparse import ArgumentParser @@ -29,11 +30,11 @@ def detect_arch(fname, archs): if arch_pattern.match(line): option, _ = line[7:].split('=', 1) if option in archs: - if not arch: + if arch is None: arch = option else: return None, 'more than one supported architecture is detected' - if not arch: + if arch is None: return None, 'failed to detect architecture' return arch, 'OK' @@ -48,7 +49,7 @@ def detect_kernel_version(fname): ver_str = parts[2] ver_numbers = ver_str.split('.') if len(ver_numbers) < 3 or not ver_numbers[0].isdigit() or not ver_numbers[1].isdigit(): - msg = 'failed to parse the version "' + ver_str + '"' + msg = f'failed to parse the version "{ver_str}"' return None, msg return (int(ver_numbers[0]), int(ver_numbers[1])), None return None, 'no kernel version detected' @@ -65,7 +66,7 @@ def detect_compiler(fname): gcc_version = line[19:-1] if clang_version_pattern.match(line): clang_version = line[21:-1] - if not gcc_version or not clang_version: + if gcc_version is None or clang_version is None: return None, 'no CONFIG_GCC_VERSION or CONFIG_CLANG_VERSION' if gcc_version == '0' and clang_version != '0': return 'CLANG ' + clang_version, 'OK' @@ -110,7 +111,7 @@ def print_checklist(mode, checklist, with_results): if with_results: sep_line_len += 30 print('=' * sep_line_len) - print(f"{'option name':^40}|{'type':^7}|{'desired val':^12}|{'decision':^10}|{'reason':^18}", end='') + print(f'{"option name":^40}|{"type":^7}|{"desired val":^12}|{"decision":^10}|{"reason":^18}', end='') if with_results: print('| check result', end='') print() @@ -141,8 +142,7 @@ def print_checklist(mode, checklist, with_results): fail_suppressed = ' (suppressed in output)' if mode == 'show_fail': ok_suppressed = ' (suppressed in output)' - if mode != 'json': - print(f'[+] Config check is finished: \'OK\' - {ok_count}{ok_suppressed} / \'FAIL\' - {fail_count}{fail_suppressed}') + print(f'[+] Config check is finished: \'OK\' - {ok_count}{ok_suppressed} / \'FAIL\' - {fail_count}{fail_suppressed}') def parse_kconfig_file(parsed_options, fname): @@ -229,13 +229,13 @@ def main(): print(f'[+] Kernel cmdline file to check: {args.cmdline}') arch, msg = detect_arch(args.config, supported_archs) - if not arch: + if arch is None: sys.exit(f'[!] ERROR: {msg}') if mode != 'json': print(f'[+] Detected architecture: {arch}') kernel_version, msg = detect_kernel_version(args.config) - if not kernel_version: + if kernel_version is None: sys.exit(f'[!] ERROR: {msg}') if mode != 'json': print(f'[+] Detected kernel version: {kernel_version[0]}.{kernel_version[1]}')