From: Alexander Popov Date: Wed, 9 Nov 2022 15:24:52 +0000 (+0300) Subject: Add a special 'desired val' -- 'is not off' X-Git-Tag: v0.6.1~55 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=0a9d3d0f700260d38a39cc1735ee5bd63d3e8f36;p=kconfig-hardened-check.git Add a special 'desired val' -- 'is not off' This check gives FAIL if the option value is 'off' or the option is not found. In other cases this check gives OK. This feature is needed for checking that the CPU vulnerability mitigations are not disabled. Let's see how it works and maybe improve it in future. --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index a344e17..3e3997d 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -94,7 +94,7 @@ class OptCheck: 'invalid expected value "{}" for "{}" check (1)'.format(expected, name) val_len = len(expected.split()) if val_len == 3: - assert(expected == 'is not set'), \ + assert(expected == 'is not set' or expected == 'is not off'), \ 'invalid expected value "{}" for "{}" check (2)'.format(expected, name) else: assert(val_len == 1), \ @@ -117,6 +117,16 @@ class OptCheck: self.result = 'OK: is present' return + # handle the 'is not off' option check + if self.expected == 'is not off': + if self.state == 'off': + self.result = 'FAIL: is off' + elif self.state is None: + self.result = 'FAIL: is off, not found' + else: + self.result = 'OK: is not off, "' + self.state + '"' + return + # handle the option value check if self.expected == self.state: self.result = 'OK' @@ -253,6 +263,8 @@ class OR(ComplexOptCheck): self.result = 'OK: {} is not found'.format(opt.name) elif opt.result == 'OK: is present': self.result = 'OK: {} is present'.format(opt.name) + elif opt.result.startswith('OK: is not off'): + self.result = 'OK: {} is not off'.format(opt.name) else: # VersionCheck provides enough info assert(opt.result.startswith('OK: version')), \ @@ -281,6 +293,10 @@ class AND(ComplexOptCheck): self.result = 'FAIL: {} is not "{}"'.format(opt.name, opt.expected) elif opt.result == 'FAIL: is not present': self.result = 'FAIL: {} is not present'.format(opt.name) + elif opt.result == 'FAIL: is off': + self.result = 'FAIL: {} is off'.format(opt.name) + elif opt.result == 'FAIL: is off, not found': + self.result = 'FAIL: {} is off, not found'.format(opt.name) else: # VersionCheck provides enough info self.result = opt.result