projects / kconfig-hardened-check.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: c239bfb)
Merge remote-tracking branch 'origin/pylint'
authorAlexander Popov <alex.popov@linux.com>
Tue, 14 May 2024 14:07:04 +0000 (17:07 +0300)
committerAlexander Popov <alex.popov@linux.com>
Tue, 14 May 2024 14:07:04 +0000 (17:07 +0300)
Refers to #136

.github/workflows/static_analysis.yml [new file with mode: 0644] patch | blob
.github/workflows/static_typing_test.yml [deleted file] patch | blob | history
.woodpecker/functional_test.yml patch | blob | history
kernel_hardening_checker/__about__.py [deleted file] patch | blob | history
kernel_hardening_checker/__init__.py patch | blob | history
kernel_hardening_checker/checks.py patch | blob | history
kernel_hardening_checker/engine.py patch | blob | history
setup.cfg patch | blob | history
setup.py patch | blob | history

diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
new file mode 100644 (file)
index 0000000..e23d7e1
--- /dev/null
+++ b/.github/workflows/static_analysis.yml
@@ -0,0 +1,39 @@
+name: static analysis
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  static_analysis:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        python-version: ['3.12']
+
+    steps:
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Get the source code
+      uses: actions/checkout@v4
+
+    - name: Check static typing with mypy
+      run: |
+        pip install mypy
+        mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
+
+    - name: Check code with pylint
+      run: |
+        pip install pylint
+        pip install setuptools
+        pylint --recursive=y kernel_hardening_checker setup.py
diff --git a/.github/workflows/static_typing_test.yml b/.github/workflows/static_typing_test.yml
deleted file mode 100644 (file)
index 92761f7..0000000
--- a/.github/workflows/static_typing_test.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-name: static typing test
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  static_typing_test:
-
-    runs-on: ubuntu-latest
-
-    strategy:
-      max-parallel: 1
-      fail-fast: false
-      matrix:
-        python-version: ['3.12']
-
-    steps:
-
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
-      with:
-        python-version: ${{ matrix.python-version }}
-
-    - name: Get the source code
-      uses: actions/checkout@v4
-
-    - name: Check static typing with mypy
-      run: |
-        pip install mypy
-        mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
diff --git a/.woodpecker/functional_test.yml b/.woodpecker/functional_test.yml
index 2196f6c5b189b65694dd04658298d8c1113999d2..6eab6a51c58dedfd46c56df4db34588fa3cb2808 100644 (file)
--- a/.woodpecker/functional_test.yml
+++ b/.woodpecker/functional_test.yml
@@ -29,6 +29,15 @@ steps:
       - python --version
       - pip install --no-cache-dir mypy
       - mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
+  pylint-checking:
+    image: python:3
+    pull: true
+    commands:
+      - echo "Install the pylint tool..."
+      - python --version
+      - pip install --no-cache-dir pylint
+      - pip install --no-cache-dir setuptools
+      - pylint --recursive=y kernel_hardening_checker setup.py
   functional-test-with-coverage:
     image: python:3
     pull: true
diff --git a/kernel_hardening_checker/__about__.py b/kernel_hardening_checker/__about__.py
deleted file mode 100644 (file)
index 09abf88..0000000
--- a/kernel_hardening_checker/__about__.py
+++ /dev/null
@@ -1,5 +0,0 @@
-"""
-Version
-"""
-
-__version__ = '0.6.6'
diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py
index bb4af6c1fedeb5991df48a57eaa42424445a9920..91742c3923d78973a2d865b05adee609851c4568 100644 (file)
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -8,7 +8,7 @@ Author: Alexander Popov <alex.popov@linux.com>
 This module performs input/output.
 """
 
-# pylint: disable=missing-function-docstring,line-too-long,invalid-name,too-many-branches,too-many-statements
+# pylint: disable=missing-function-docstring,line-too-long,too-many-branches,too-many-statements
 
 import gzip
 import sys
@@ -16,12 +16,15 @@ from argparse import ArgumentParser
 from typing import List, Tuple, Dict, TextIO
 import re
 import json
-from .__about__ import __version__
 from .checks import add_kconfig_checks, add_cmdline_checks, normalize_cmdline_options, add_sysctl_checks
 from .engine import StrOrNone, TupleOrNone, ChecklistObjType
 from .engine import print_unknown_options, populate_with_data, perform_checks, override_expected_value
 
 
+# kernel-hardening-checker version
+__version__ = '0.6.6'
+
+
 def _open(file: str) -> TextIO:
     if file.endswith('.gz'):
         return gzip.open(file, 'rt', encoding='utf-8')
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index d910698c7e26a965517c8a726074cbc5a871f008..f2e4c34fd6da0a81a046563329dd5e2736a09f46 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -8,7 +8,7 @@ Author: Alexander Popov <alex.popov@linux.com>
 This module contains knowledge for checks.
 """
 
-# pylint: disable=missing-function-docstring,line-too-long,invalid-name
+# pylint: disable=missing-function-docstring,line-too-long
 # pylint: disable=too-many-branches,too-many-statements,too-many-locals
 
 from typing import List
@@ -647,7 +647,7 @@ def normalize_cmdline_options(option: str, value: str) -> str:
     return value
 
 
-# TODO: draft of security hardening sysctls:
+# Ideas of security hardening sysctls:
 #    what about bpf_jit_enable?
 #    vm.mmap_min_addr has a good value
 #    nosmt sysfs control file
diff --git a/kernel_hardening_checker/engine.py b/kernel_hardening_checker/engine.py
index 569809afee3180d47235877b7d747922713fdf1a..ee56d637b9b763e0dec0e9cfc41d38fcab3827cc 100644 (file)
--- a/kernel_hardening_checker/engine.py
+++ b/kernel_hardening_checker/engine.py
@@ -9,7 +9,7 @@ This module is the engine of checks.
 """
 
 # pylint: disable=missing-class-docstring,missing-function-docstring
-# pylint: disable=line-too-long,invalid-name,too-many-branches
+# pylint: disable=line-too-long,too-many-branches
 
 from __future__ import annotations
 import sys
diff --git a/setup.cfg b/setup.cfg
index 953b045d731fb3b1ca3afeed41375d423555763a..bfe51052b252bfdaae84cc112ad1656e4aa77339 100644 (file)
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,6 @@
 [metadata]
 name = kernel-hardening-checker
+version = attr: kernel_hardening_checker.__version__
 author = Alexander Popov
 author_email = alex.popov@linux.com
 home_page = https://github.com/a13xp0p0v/kernel-hardening-checker
diff --git a/setup.py b/setup.py
index 853fcae08a39b4b0f6073508da93e6a936c53b2c..127bfae22b2da9b11104afad21e1d60581004125 100755 (executable)
--- a/setup.py
+++ b/setup.py
@@ -1,12 +1,14 @@
 #!/usr/bin/env python3
 
-from setuptools import setup
+"""
+This tool is for checking the security hardening options of the Linux kernel.
+
+Author: Alexander Popov <alex.popov@linux.com>
 
-about = {}
-with open('kernel_hardening_checker/__about__.py') as f:
-    exec(f.read(), about)
+This module performs installing of the kernel-hardening-checker package.
+"""
 
-print('v: "{}"'.format(about['__version__']))
+from setuptools import setup
 
 # See the options in setup.cfg
-setup(version = about['__version__'])
+setup()
kconfig-hardened-check