X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fengine.py;h=e9140447c90bf697d9a18b41ef39bc32bb72ead2;hb=db71a9e236bfca77e717aa6c680cbed479a32ca7;hp=621fdc707c2838d475f1701d7d54bf89db4aeea4;hpb=4de5662ebaf4f72aeffbe40fc78433ca5d81635e;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/engine.py b/kconfig_hardened_check/engine.py
index 621fdc7..e914044 100644
--- a/kconfig_hardened_check/engine.py
+++ b/kconfig_hardened_check/engine.py
@@ -1,9 +1,7 @@
 #!/usr/bin/python3
 
 """
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
 
 Author: Alexander Popov <alex.popov@linux.com>
 
@@ -45,10 +43,6 @@ class OptCheck:
         self.state = None
         self.result = None
 
-    @property
-    def type(self):
-        return None
-
     def check(self):
         # handle the 'is present' check
         if self.expected == 'is present':
@@ -62,12 +56,12 @@ class OptCheck:
         if self.expected == 'is not off':
             if self.state == 'off':
                 self.result = 'FAIL: is off'
-            if self.state == '0':
+            elif self.state == '0':
                 self.result = 'FAIL: is off, "0"'
             elif self.state is None:
                 self.result = 'FAIL: is off, not found'
             else:
-                self.result = 'OK: is not off, "' + self.state + '"'
+                self.result = f'OK: is not off, "{self.state}"'
             return
 
         # handle the option value check
@@ -79,7 +73,7 @@ class OptCheck:
             else:
                 self.result = 'FAIL: is not found'
         else:
-            self.result = 'FAIL: "' + self.state + '"'
+            self.result = f'FAIL: "{self.state}"'
 
     def table_print(self, _mode, with_results):
         print(f'{self.name:<40}|{self.type:^7}|{self.expected:^12}|{self.decision:^10}|{self.reason:^18}', end='')
@@ -123,18 +117,18 @@ class VersionCheck:
 
     def check(self):
         if self.ver[0] > self.ver_expected[0]:
-            self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
+            self.result = f'OK: version >= {self.ver_expected[0]}.{self.ver_expected[1]}'
             return
         if self.ver[0] < self.ver_expected[0]:
-            self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
+            self.result = f'FAIL: version < {self.ver_expected[0]}.{self.ver_expected[1]}'
             return
         if self.ver[1] >= self.ver_expected[1]:
-            self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
+            self.result = f'OK: version >= {self.ver_expected[0]}.{self.ver_expected[1]}'
             return
-        self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
+        self.result = f'FAIL: version < {self.ver_expected[0]}.{self.ver_expected[1]}'
 
     def table_print(self, _mode, with_results):
-        ver_req = 'kernel version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
+        ver_req = f'kernel version >= {self.ver_expected[0]}.{self.ver_expected[1]}'
         print(f'{ver_req:<91}', end='')
         if with_results:
             print(f'| {self.result}', end='')
@@ -165,7 +159,7 @@ class ComplexOptCheck:
 
     def table_print(self, mode, with_results):
         if mode == 'verbose':
-            print(f"    {'<<< ' + self.__class__.__name__ + ' >>>':87}", end='')
+            print(f'    {"<<< " + self.__class__.__name__ + " >>>":87}', end='')
             if with_results:
                 print(f'| {self.result}', end='')
             for o in self.opts:
@@ -254,6 +248,8 @@ def populate_simple_opt_with_data(opt, data, data_type):
            f'invalid opt type "{opt.type}"'
     assert(data_type in SIMPLE_OPTION_TYPES), \
            f'invalid data type "{data_type}"'
+    assert(data), \
+           'empty data'
 
     if data_type != opt.type:
         return
@@ -285,6 +281,14 @@ def populate_with_data(checklist, data, data_type):
         populate_opt_with_data(opt, data, data_type)
 
 
+def override_expected_value(checklist, name, new_val):
+    for opt in checklist:
+        if opt.name == name:
+            assert(opt.type in ('kconfig', 'cmdline')), \
+                   f'overriding an expected value for "{opt.type}" checks is not supported yet'
+            opt.expected = new_val
+
+
 def perform_checks(checklist):
     for opt in checklist:
         opt.check()