X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kernel_hardening_checker%2Fengine.py;h=7195bc01e8050e96a8c7218f048f368f5e9568ed;hb=4a4ac47bb27161044480181f7f7f3ec8adb9e732;hp=1c1f0c6ceb6a66388fef52008a452b51589124b1;hpb=ac56b1d1b46e28fd4296a21c17e725b069ed4aec;p=kconfig-hardened-check.git

diff --git a/kernel_hardening_checker/engine.py b/kernel_hardening_checker/engine.py
index 1c1f0c6..7195bc0 100644
--- a/kernel_hardening_checker/engine.py
+++ b/kernel_hardening_checker/engine.py
@@ -14,10 +14,10 @@ This module is the engine of checks.
 from __future__ import annotations
 import sys
 
-from typing import Union, Optional, List, Dict, OrderedDict, Tuple
+from typing import Union, Optional, List, Dict, Tuple
 StrOrNone = Optional[str]
 TupleOrNone = Optional[Tuple]
-TupleOrOrderedDict = Union[Tuple, OrderedDict[str, str]]
+DictOrTuple = Union[Dict[str, str], Tuple]
 StrOrBool = Union[str, bool]
 
 GREEN_COLOR = '\x1b[32m'
@@ -126,7 +126,7 @@ class OptCheck:
             "reason": self.reason,
         } # type: Dict[str, StrOrBool]
         if with_results:
-            assert self.result, f'unexpected empty result in {self.name}'
+            assert(self.result), f'unexpected empty result in {self.name}'
             dump["check_result"] = self.result
             dump["check_result_bool"] = self.result.startswith('OK')
         return dump
@@ -246,7 +246,7 @@ class ComplexOptCheck:
         dump = self.opts[0].json_dump(False)
         if with_results:
             # Add the 'check_result' and 'check_result_bool' keys to the dictionary
-            assert self.result, f'unexpected empty result in {self.name}'
+            assert(self.result), f'unexpected empty result in {self.name}'
             dump["check_result"] = self.result
             dump["check_result_bool"] = self.result.startswith('OK')
         return dump
@@ -338,7 +338,7 @@ ChecklistObjType = Union[KconfigCheck, CmdlineCheck, SysctlCheck, OR, AND]
 AnyOptCheckType = Union[KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND]
 
 
-def populate_simple_opt_with_data(opt: SimpleOptCheckType, data: TupleOrOrderedDict, data_type: str) -> None:
+def populate_simple_opt_with_data(opt: SimpleOptCheckType, data: DictOrTuple, data_type: str) -> None:
     assert(opt.opt_type != 'complex'), f'unexpected opt_type "{opt.opt_type}" for {opt}'
     assert(opt.opt_type in SIMPLE_OPTION_TYPES), f'invalid opt_type "{opt.opt_type}"'
     assert(data_type in SIMPLE_OPTION_TYPES), f'invalid data_type "{data_type}"'
@@ -348,7 +348,7 @@ def populate_simple_opt_with_data(opt: SimpleOptCheckType, data: TupleOrOrderedD
         return
 
     if data_type in ('kconfig', 'cmdline', 'sysctl'):
-        assert(isinstance(data, OrderedDict)), \
+        assert(isinstance(data, dict)), \
                f'unexpected data with data_type {data_type}'
         assert(isinstance(opt, SimpleNamedOptCheckTypes)), \
                f'unexpected VersionCheck with opt_type "{opt.opt_type}"'
@@ -361,7 +361,7 @@ def populate_simple_opt_with_data(opt: SimpleOptCheckType, data: TupleOrOrderedD
         opt.set_state(data)
 
 
-def populate_opt_with_data(opt: AnyOptCheckType, data: TupleOrOrderedDict, data_type: str) -> None:
+def populate_opt_with_data(opt: AnyOptCheckType, data: DictOrTuple, data_type: str) -> None:
     assert(opt.opt_type != 'version'), 'a single VersionCheck is useless'
     if opt.opt_type != 'complex':
         assert(isinstance(opt, SimpleOptCheckTypes)), \
@@ -380,39 +380,43 @@ def populate_opt_with_data(opt: AnyOptCheckType, data: TupleOrOrderedDict, data_
                 populate_opt_with_data(o, data, data_type)
 
 
-def populate_with_data(checklist: List, data: TupleOrOrderedDict, data_type: str) -> None:
+def populate_with_data(checklist: List[ChecklistObjType], data: DictOrTuple, data_type: str) -> None:
     for opt in checklist:
         populate_opt_with_data(opt, data, data_type)
 
 
-def override_expected_value(checklist: List, name: str, new_val: str) -> None:
+def override_expected_value(checklist: List[ChecklistObjType], name: str, new_val: str) -> None:
     for opt in checklist:
         if opt.name == name:
-            assert(opt.opt_type in ('kconfig', 'cmdline', 'sysctl')), \
-                   f'overriding an expected value for "{opt.opt_type}" checks is not supported yet'
+            assert(isinstance(opt, SimpleNamedOptCheckTypes)), \
+                   f'overriding an expected value for {opt}" is not supported yet'
             opt.expected = new_val
 
 
-def perform_checks(checklist: List) -> None:
+def perform_checks(checklist: List[ChecklistObjType]) -> None:
     for opt in checklist:
         opt.check()
 
 
-def print_unknown_options(checklist: List, parsed_options: OrderedDict[str, str], opt_type: str) -> None:
+def print_unknown_options(checklist: List[ChecklistObjType], parsed_options: Dict[str, str], opt_type: str) -> None:
     known_options = []
 
     for o1 in checklist:
-        if o1.opt_type != 'complex':
+        if isinstance(o1, SimpleOptCheckTypes):
+            assert(o1.opt_type != 'complex'), f'{o1} with complex opt_type'
+            assert(not isinstance(o1, VersionCheck)), 'single VersionCheck in checklist'
             known_options.append(o1.name)
             continue
         for o2 in o1.opts:
-            if o2.opt_type != 'complex':
+            if isinstance(o2, SimpleOptCheckTypes):
+                assert(o2.opt_type != 'complex'), f'{o2} with complex opt_type'
                 if hasattr(o2, 'name'):
                     known_options.append(o2.name)
                 continue
             for o3 in o2.opts:
-                assert(o3.opt_type != 'complex'), \
+                assert(isinstance(o3, SimpleOptCheckTypes)), \
                        f'unexpected ComplexOptCheck inside {o2.name}'
+                assert(o3.opt_type != 'complex'), f'{o3} with complex opt_type'
                 if hasattr(o3, 'name'):
                     known_options.append(o3.name)