projects / kconfig-hardened-check.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d7d76b0)
Add more precise typing for checklist: List[ChecklistObjType]
authorAlexander Popov <alex.popov@linux.com>
Mon, 13 May 2024 15:12:35 +0000 (18:12 +0300)
committerAlexander Popov <alex.popov@linux.com>
Mon, 13 May 2024 16:44:21 +0000 (19:44 +0300)
kernel_hardening_checker/__init__.py patch | blob | history
kernel_hardening_checker/checks.py patch | blob | history
kernel_hardening_checker/engine.py patch | blob | history

diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py
index 7db9e40f812589b48449f2fe881750f3374fdcad..ca163b7db5a077d0895faf4baa6f161f5b16e9bd 100644 (file)
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -19,7 +19,7 @@ import re
 import json
 from .__about__ import __version__
 from .checks import add_kconfig_checks, add_cmdline_checks, normalize_cmdline_options, add_sysctl_checks
-from .engine import StrOrNone, TupleOrNone, print_unknown_options, populate_with_data, perform_checks, override_expected_value
+from .engine import StrOrNone, TupleOrNone, ChecklistObjType, print_unknown_options, populate_with_data, perform_checks, override_expected_value
 
 
 def _open(file: str, *args, **kwargs) -> TextIO:
@@ -80,7 +80,7 @@ def detect_compiler(fname: str) -> Tuple[StrOrNone, str]:
     sys.exit(f'[!] ERROR: invalid GCC_VERSION and CLANG_VERSION: {gcc_version} {clang_version}')
 
 
-def print_checklist(mode: StrOrNone, checklist: List, with_results: bool) -> None:
+def print_checklist(mode: StrOrNone, checklist: List[ChecklistObjType], with_results: bool) -> None:
     if mode == 'json':
         output = []
         for opt in checklist:
@@ -234,7 +234,7 @@ def main() -> None:
         if mode != 'json':
             print(f'[+] Special report mode: {mode}')
 
-    config_checklist = [] # type: List
+    config_checklist = [] # type: List[ChecklistObjType]
 
     if args.config:
         if args.print:
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index ab2432e327d7afd7ecd322ee71f66559a3e2885e..0e2bb7443a426975bfea0a59eeb5a566e7446534 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -11,11 +11,11 @@ This module contains knowledge for checks.
 # pylint: disable=missing-function-docstring,line-too-long,invalid-name
 # pylint: disable=too-many-branches,too-many-statements,too-many-locals
 
-from .engine import StrOrNone, KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND
+from .engine import StrOrNone, ChecklistObjType, KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND
 from typing import List
 
 
-def add_kconfig_checks(l: List, arch: str) -> None:
+def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
     assert(arch), 'empty arch'
 
     # Calling the KconfigCheck class constructor:
@@ -423,7 +423,7 @@ def add_kconfig_checks(l: List, arch: str) -> None:
         l += [KconfigCheck('harden_userspace', 'a13xp0p0v', 'X86_USER_SHADOW_STACK', 'y')]
 
 
-def add_cmdline_checks(l: List, arch: str) -> None:
+def add_cmdline_checks(l: List[ChecklistObjType], arch: str) -> None:
     assert(arch), 'empty arch'
 
     # Calling the CmdlineCheck class constructor:
@@ -658,7 +658,7 @@ def normalize_cmdline_options(option: str, value: str) -> str:
 #    kernel.warn_limit (think about a proper value)
 #    net.ipv4.tcp_syncookies=1 (?)
 
-def add_sysctl_checks(l: List, _arch: StrOrNone) -> None:
+def add_sysctl_checks(l: List[ChecklistObjType], _arch: StrOrNone) -> None:
 # This function may be called with arch=None
 
 # Calling the SysctlCheck class constructor:
diff --git a/kernel_hardening_checker/engine.py b/kernel_hardening_checker/engine.py
index 2a371e464ef24d1917527fb859cae4c07b359292..b6beb6c17fc591b05d53a07cdda49681d5619a81 100644 (file)
--- a/kernel_hardening_checker/engine.py
+++ b/kernel_hardening_checker/engine.py
@@ -380,12 +380,12 @@ def populate_opt_with_data(opt: AnyOptCheckType, data: TupleOrOrderedDict, data_
                 populate_opt_with_data(o, data, data_type)
 
 
-def populate_with_data(checklist: List, data: TupleOrOrderedDict, data_type: str) -> None:
+def populate_with_data(checklist: List[ChecklistObjType], data: TupleOrOrderedDict, data_type: str) -> None:
     for opt in checklist:
         populate_opt_with_data(opt, data, data_type)
 
 
-def override_expected_value(checklist: List, name: str, new_val: str) -> None:
+def override_expected_value(checklist: List[ChecklistObjType], name: str, new_val: str) -> None:
     for opt in checklist:
         if opt.name == name:
             assert(opt.opt_type in ('kconfig', 'cmdline', 'sysctl')), \
@@ -393,12 +393,12 @@ def override_expected_value(checklist: List, name: str, new_val: str) -> None:
             opt.expected = new_val
 
 
-def perform_checks(checklist: List) -> None:
+def perform_checks(checklist: List[ChecklistObjType]) -> None:
     for opt in checklist:
         opt.check()
 
 
-def print_unknown_options(checklist: List, parsed_options: OrderedDict[str, str], opt_type: str) -> None:
+def print_unknown_options(checklist: List[ChecklistObjType], parsed_options: OrderedDict[str, str], opt_type: str) -> None:
     known_options = []
 
     for o1 in checklist:
kconfig-hardened-check