X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kernel_hardening_checker%2Ftest_engine.py;h=05e640c91e065bf7dcbc07f562e2b923fb5de7f4;hb=d38ec317bd74b6144164346314599ddf391f2a32;hp=4db8f2134de52cd6a18a1bab6a96b08d6b9cad37;hpb=9015662bb264a2aaff9913d31c8d4974ad6b945c;p=kconfig-hardened-check.git diff --git a/kernel_hardening_checker/test_engine.py b/kernel_hardening_checker/test_engine.py old mode 100644 new mode 100755 index 4db8f21..05e640c --- a/kernel_hardening_checker/test_engine.py +++ b/kernel_hardening_checker/test_engine.py @@ -13,10 +13,14 @@ This module performs unit-testing of the kernel-hardening-checker engine. import unittest import io import sys -from collections import OrderedDict import json import inspect -from .engine import KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND, populate_with_data, perform_checks, override_expected_value +from typing import Union, Optional, List, Dict, Tuple +from .engine import StrOrBool, ChecklistObjType, KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND +from .engine import populate_with_data, perform_checks, override_expected_value + + +ResultType = List[Union[Dict[str, StrOrBool], str]] class TestEngine(unittest.TestCase): @@ -24,31 +28,31 @@ class TestEngine(unittest.TestCase): Example test scenario: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [KconfigCheck('reason_1', 'decision_1', 'KCONFIG_NAME', 'expected_1')] config_checklist += [CmdlineCheck('reason_2', 'decision_2', 'cmdline_name', 'expected_2')] config_checklist += [SysctlCheck('reason_3', 'decision_3', 'sysctl_name', 'expected_3')] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_KCONFIG_NAME'] = 'UNexpected_1' # 3. prepare the parsed cmdline options - parsed_cmdline_options = OrderedDict() + parsed_cmdline_options = {} parsed_cmdline_options['cmdline_name'] = 'expected_2' # 4. prepare the parsed sysctl options - parsed_sysctl_options = OrderedDict() + parsed_sysctl_options = {} parsed_sysctl_options['sysctl_name'] = 'expected_3' # 5. prepare the kernel version - kernel_version = (42, 43) + kernel_version = (42, 43, 44) # 6. run the engine self.run_engine(config_checklist, parsed_kconfig_options, parsed_cmdline_options, parsed_sysctl_options, kernel_version) # 7. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual(... """ @@ -56,7 +60,11 @@ class TestEngine(unittest.TestCase): maxDiff = None @staticmethod - def run_engine(checklist, parsed_kconfig_options, parsed_cmdline_options, parsed_sysctl_options, kernel_version): + def run_engine(checklist: List[ChecklistObjType], + parsed_kconfig_options: Optional[Dict[str, str]], + parsed_cmdline_options: Optional[Dict[str, str]], + parsed_sysctl_options: Optional[Dict[str, str]], + kernel_version: Optional[Tuple[int, int, int]]) -> None: # populate the checklist with data if parsed_kconfig_options: populate_with_data(checklist, parsed_kconfig_options, 'kconfig') @@ -86,7 +94,7 @@ class TestEngine(unittest.TestCase): print() @staticmethod - def get_engine_result(checklist, result, result_type): + def get_engine_result(checklist: List[ChecklistObjType], result: ResultType, result_type: str) -> None: assert(result_type in ('json', 'stdout', 'stdout_verbose')), \ f'invalid result type "{result_type}"' @@ -106,9 +114,9 @@ class TestEngine(unittest.TestCase): sys.stdout = stdout_backup result.append(captured_output.getvalue()) - def test_simple_kconfig(self): + def test_simple_kconfig(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1')] config_checklist += [KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2')] config_checklist += [KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3')] @@ -121,7 +129,7 @@ class TestEngine(unittest.TestCase): config_checklist += [KconfigCheck('reason_10', 'decision_10', 'NAME_10', 'is not off')] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1' parsed_kconfig_options['CONFIG_NAME_2'] = 'UNexpected_2' parsed_kconfig_options['CONFIG_NAME_5'] = 'UNexpected_5' @@ -133,7 +141,7 @@ class TestEngine(unittest.TestCase): self.run_engine(config_checklist, parsed_kconfig_options, None, None, None) # 4. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result, @@ -149,9 +157,9 @@ class TestEngine(unittest.TestCase): {'option_name': 'CONFIG_NAME_10', 'type': 'kconfig', 'desired_val': 'is not off', 'decision': 'decision_10', 'reason': 'reason_10', 'check_result': 'FAIL: is off, not found', 'check_result_bool': False}] ) - def test_simple_cmdline(self): + def test_simple_cmdline(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [CmdlineCheck('reason_1', 'decision_1', 'name_1', 'expected_1')] config_checklist += [CmdlineCheck('reason_2', 'decision_2', 'name_2', 'expected_2')] config_checklist += [CmdlineCheck('reason_3', 'decision_3', 'name_3', 'expected_3')] @@ -164,7 +172,7 @@ class TestEngine(unittest.TestCase): config_checklist += [CmdlineCheck('reason_10', 'decision_10', 'name_10', 'is not off')] # 2. prepare the parsed cmdline options - parsed_cmdline_options = OrderedDict() + parsed_cmdline_options = {} parsed_cmdline_options['name_1'] = 'expected_1' parsed_cmdline_options['name_2'] = 'UNexpected_2' parsed_cmdline_options['name_5'] = '' @@ -176,7 +184,7 @@ class TestEngine(unittest.TestCase): self.run_engine(config_checklist, None, parsed_cmdline_options, None, None) # 4. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result, @@ -192,9 +200,9 @@ class TestEngine(unittest.TestCase): {'option_name': 'name_10', 'type': 'cmdline', 'desired_val': 'is not off', 'decision': 'decision_10', 'reason': 'reason_10', 'check_result': 'FAIL: is off, not found', 'check_result_bool': False}] ) - def test_simple_sysctl(self): + def test_simple_sysctl(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [SysctlCheck('reason_1', 'decision_1', 'name_1', 'expected_1')] config_checklist += [SysctlCheck('reason_2', 'decision_2', 'name_2', 'expected_2')] config_checklist += [SysctlCheck('reason_3', 'decision_3', 'name_3', 'expected_3')] @@ -207,7 +215,7 @@ class TestEngine(unittest.TestCase): config_checklist += [SysctlCheck('reason_10', 'decision_10', 'name_10', 'is not off')] # 2. prepare the parsed sysctl options - parsed_sysctl_options = OrderedDict() + parsed_sysctl_options = {} parsed_sysctl_options['name_1'] = 'expected_1' parsed_sysctl_options['name_2'] = 'UNexpected_2' parsed_sysctl_options['name_5'] = '' @@ -219,7 +227,7 @@ class TestEngine(unittest.TestCase): self.run_engine(config_checklist, None, None, parsed_sysctl_options, None) # 4. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result, @@ -235,9 +243,9 @@ class TestEngine(unittest.TestCase): {'option_name': 'name_10', 'type': 'sysctl', 'desired_val': 'is not off', 'decision': 'decision_10', 'reason': 'reason_10', 'check_result': 'FAIL: is off, not found', 'check_result_bool': False}] ) - def test_complex_or(self): + def test_complex_or(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [OR(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'), KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'))] config_checklist += [OR(KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3'), @@ -252,7 +260,7 @@ class TestEngine(unittest.TestCase): KconfigCheck('reason_12', 'decision_12', 'NAME_12', 'is not off'))] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1' parsed_kconfig_options['CONFIG_NAME_2'] = 'UNexpected_2' parsed_kconfig_options['CONFIG_NAME_3'] = 'UNexpected_3' @@ -266,7 +274,7 @@ class TestEngine(unittest.TestCase): self.run_engine(config_checklist, parsed_kconfig_options, None, None, None) # 4. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result, @@ -278,9 +286,9 @@ class TestEngine(unittest.TestCase): {'option_name': 'CONFIG_NAME_11', 'type': 'kconfig', 'desired_val': 'expected_11', 'decision': 'decision_11', 'reason': 'reason_11', 'check_result': 'OK: CONFIG_NAME_12 is not off', 'check_result_bool': True}] ) - def test_complex_and(self): + def test_complex_and(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [AND(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'), KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'))] config_checklist += [AND(KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3'), @@ -295,7 +303,7 @@ class TestEngine(unittest.TestCase): KconfigCheck('reason_12', 'decision_12', 'NAME_12', 'is not off'))] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1' parsed_kconfig_options['CONFIG_NAME_2'] = 'expected_2' parsed_kconfig_options['CONFIG_NAME_3'] = 'expected_3' @@ -311,7 +319,7 @@ class TestEngine(unittest.TestCase): self.run_engine(config_checklist, parsed_kconfig_options, None, None, None) # 4. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result, @@ -323,9 +331,9 @@ class TestEngine(unittest.TestCase): {'option_name': 'CONFIG_NAME_11', 'type': 'kconfig', 'desired_val': 'expected_11', 'decision': 'decision_11', 'reason': 'reason_11', 'check_result': 'FAIL: CONFIG_NAME_12 is off, not found', 'check_result_bool': False}] ) - def test_complex_nested(self): + def test_complex_nested(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [AND(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'), OR(KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'), KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3')))] @@ -340,7 +348,7 @@ class TestEngine(unittest.TestCase): KconfigCheck('reason_12', 'decision_12', 'NAME_12', 'expected_12')))] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1' parsed_kconfig_options['CONFIG_NAME_2'] = 'UNexpected_2' parsed_kconfig_options['CONFIG_NAME_3'] = 'expected_3' @@ -358,7 +366,7 @@ class TestEngine(unittest.TestCase): self.run_engine(config_checklist, parsed_kconfig_options, None, None, None) # 4. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result, @@ -368,9 +376,9 @@ class TestEngine(unittest.TestCase): {'option_name': 'CONFIG_NAME_10', 'type': 'kconfig', 'desired_val': 'expected_10', 'decision': 'decision_10', 'reason': 'reason_10', 'check_result': 'FAIL: "UNexpected_10"', 'check_result_bool': False}] ) - def test_version(self): + def test_version(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [OR(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'), VersionCheck((41, 101, 0)))] config_checklist += [AND(KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'), @@ -385,7 +393,7 @@ class TestEngine(unittest.TestCase): VersionCheck((42, 43, 45)))] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_NAME_2'] = 'expected_2' parsed_kconfig_options['CONFIG_NAME_4'] = 'expected_4' parsed_kconfig_options['CONFIG_NAME_6'] = 'expected_6' @@ -397,7 +405,7 @@ class TestEngine(unittest.TestCase): self.run_engine(config_checklist, parsed_kconfig_options, None, None, kernel_version) # 5. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result, @@ -409,9 +417,9 @@ class TestEngine(unittest.TestCase): {'option_name': 'CONFIG_NAME_6', 'type': 'kconfig', 'desired_val': 'expected_6', 'decision': 'decision_6', 'reason': 'reason_6', 'check_result': 'FAIL: version < (42, 43, 45)', 'check_result_bool': False}] ) - def test_stdout(self): + def test_stdout(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [OR(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'), CmdlineCheck('reason_2', 'decision_2', 'name_2', 'expected_2'), SysctlCheck('reason_3', 'decision_3', 'name_3', 'expected_3'))] @@ -420,23 +428,23 @@ class TestEngine(unittest.TestCase): SysctlCheck('reason_6', 'decision_6', 'name_6', 'expected_6'))] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_NAME_1'] = 'UNexpected_1' # 3. prepare the parsed cmdline options - parsed_cmdline_options = OrderedDict() + parsed_cmdline_options = {} parsed_cmdline_options['name_2'] = 'expected_2' parsed_cmdline_options['name_5'] = 'UNexpected_5' # 4. prepare the parsed sysctl options - parsed_sysctl_options = OrderedDict() + parsed_sysctl_options = {} parsed_sysctl_options['name_6'] = 'expected_6' # 5. run the engine self.run_engine(config_checklist, parsed_kconfig_options, parsed_cmdline_options, parsed_sysctl_options, None) # 6. check that the results are correct - json_result = [] + json_result = [] # type: ResultType self.get_engine_result(config_checklist, json_result, 'json') self.assertEqual( json_result, @@ -444,14 +452,14 @@ class TestEngine(unittest.TestCase): {'option_name': 'CONFIG_NAME_4', 'type': 'kconfig', 'desired_val': 'expected_4', 'decision': 'decision_4', 'reason': 'reason_4', 'check_result': 'FAIL: name_5 is not "expected_5"', 'check_result_bool': False}] ) - stdout_result = [] + stdout_result = [] # type: ResultType self.get_engine_result(config_checklist, stdout_result, 'stdout') self.assertEqual( stdout_result, [ '\ -CONFIG_NAME_1 |kconfig| expected_1 |decision_1| reason_1 | \x1b[32mOK: name_2 is "expected_2"\x1b[0m\ -CONFIG_NAME_4 |kconfig| expected_4 |decision_4| reason_4 | \x1b[31mFAIL: name_5 is not "expected_5"\x1b[0m\ +CONFIG_NAME_1 |kconfig| expected_1 |decision_1| reason_1 | OK: name_2 is "expected_2"\ +CONFIG_NAME_4 |kconfig| expected_4 |decision_4| reason_4 | FAIL: name_5 is not "expected_5"\ ' ] ) @@ -461,43 +469,43 @@ CONFIG_NAME_4 |kconfig| expected_4 |decision_4| re stdout_result, [ '\ - <<< OR >>> | \x1b[32mOK: name_2 is "expected_2"\x1b[0m\n\ -CONFIG_NAME_1 |kconfig| expected_1 |decision_1| reason_1 | \x1b[31mFAIL: "UNexpected_1"\x1b[0m\n\ -name_2 |cmdline| expected_2 |decision_2| reason_2 | \x1b[32mOK\x1b[0m\n\ + <<< OR >>> | OK: name_2 is "expected_2"\n\ +CONFIG_NAME_1 |kconfig| expected_1 |decision_1| reason_1 | FAIL: "UNexpected_1"\n\ +name_2 |cmdline| expected_2 |decision_2| reason_2 | OK\n\ name_3 |sysctl | expected_3 |decision_3| reason_3 | None\ '\ '\ - <<< AND >>> | \x1b[31mFAIL: name_5 is not "expected_5"\x1b[0m\n\ + <<< AND >>> | FAIL: name_5 is not "expected_5"\n\ CONFIG_NAME_4 |kconfig| expected_4 |decision_4| reason_4 | None\n\ -name_5 |cmdline| expected_5 |decision_5| reason_5 | \x1b[31mFAIL: "UNexpected_5"\x1b[0m\n\ -name_6 |sysctl | expected_6 |decision_6| reason_6 | \x1b[32mOK\x1b[0m\ +name_5 |cmdline| expected_5 |decision_5| reason_5 | FAIL: "UNexpected_5"\n\ +name_6 |sysctl | expected_6 |decision_6| reason_6 | OK\ ' ] ) - def test_value_overriding(self): + def test_value_overriding(self) -> None: # 1. prepare the checklist - config_checklist = [] + config_checklist = [] # type: List[ChecklistObjType] config_checklist += [KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1')] config_checklist += [CmdlineCheck('reason_2', 'decision_2', 'name_2', 'expected_2')] config_checklist += [SysctlCheck('reason_3', 'decision_3', 'name_3', 'expected_3')] # 2. prepare the parsed kconfig options - parsed_kconfig_options = OrderedDict() + parsed_kconfig_options = {} parsed_kconfig_options['CONFIG_NAME_1'] = 'expected_1_new' # 3. prepare the parsed cmdline options - parsed_cmdline_options = OrderedDict() + parsed_cmdline_options = {} parsed_cmdline_options['name_2'] = 'expected_2_new' # 4. prepare the parsed sysctl options - parsed_sysctl_options = OrderedDict() + parsed_sysctl_options = {} parsed_sysctl_options['name_3'] = 'expected_3_new' # 5. run the engine self.run_engine(config_checklist, parsed_kconfig_options, parsed_cmdline_options, parsed_sysctl_options, None) # 6. check that the results are correct - result = [] + result = [] # type: ResultType self.get_engine_result(config_checklist, result, 'json') self.assertEqual( result,