Implement parse_sysctl_file()

Refers to #65

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index a98fbe81c582462a8c85b71999d16109a62305ea..143da1d92be3831da59402d63b4f4db4fea5d9fe 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -200,7 +200,26 @@ def parse_cmdline_file(parsed_options, fname):
 
 
 def parse_sysctl_file(parsed_options, fname):
-    print('parse_sysctl_file: TODO')
+    with open(fname, 'r', encoding='utf-8') as f:
+        sysctl_pattern = re.compile("[a-zA-Z0-9\._-]+ =.*$")
+        for line in f.readlines():
+            line = line.strip()
+            if not sysctl_pattern.match(line):
+                sys.exit(f'[!] ERROR: unexpected line in sysctl file: {line}')
+            option, value = line.split('=', 1)
+            option = option.strip()
+            value = value.strip()
+            # sysctl options may be found multiple times, let's save the last value:
+            parsed_options[option] = value
+
+    # let's check the presence of some ancient sysctl option
+    # to ensure that we are parsing the output of `sudo sysctl -a > file`
+    if 'kernel.printk' not in parsed_options:
+        sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`')
+
+    # let's check the presence of a sysctl option available for root
+    if 'net.core.bpf_jit_harden' not in parsed_options:
+        print(f'[!] WARNING: sysctl option "net.core.bpf_jit_harden" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`')
 
 
 def main():