From 228f9e2b51f645266a70d86b215e9899f3bdeb9b Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 20 Apr 2022 19:25:16 +0300
Subject: [PATCH 1/1] Fix the bug in the verdict description for
 ComplexOptCheck

Before the fix:
CONFIG_EFI_DISABLE_PCI_DMA | kconfig | y | clipos | self_protection | OK: not found

After the fix:
CONFIG_EFI_DISABLE_PCI_DMA | kconfig | y | clipos | self_protection | OK: CONFIG_EFI not found

Also added the assertions preventing similar bugs in future.
---
 kconfig_hardened_check/__init__.py | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 04121d4..a999c97 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -235,11 +235,18 @@ class OR(ComplexOptCheck):
         for i, opt in enumerate(self.opts):
             opt.check()
             if opt.result.startswith('OK'):
-                if opt.result == 'OK' and i != 0:
-                    # Simple OK is not enough for additional checks, add more info:
-                    self.result = 'OK: {} "{}"'.format(opt.name, opt.expected)
-                else:
-                    self.result = opt.result
+                self.result = opt.result
+                # Add more info for additional checks:
+                if i != 0:
+                    if opt.result == 'OK':
+                        self.result = 'OK: {} "{}"'.format(opt.name, opt.expected)
+                    elif opt.result == 'OK: not found':
+                        self.result = 'OK: {} not found'.format(opt.name)
+                    elif opt.result == 'OK: is present':
+                        self.result = 'OK: {} is present'.format(opt.name)
+                    # VersionCheck provides enough info
+                    elif not opt.result.startswith('OK: version'):
+                        sys.exit('[!] ERROR: unexpected OK description "{}"'.format(opt.result))
                 return
         self.result = self.opts[0].result
 
@@ -265,8 +272,10 @@ class AND(ComplexOptCheck):
                 elif opt.result == 'FAIL: not present':
                     self.result = 'FAIL: {} not present'.format(opt.name)
                 else:
-                    # This FAIL message is self-explaining.
+                    # VersionCheck provides enough info
                     self.result = opt.result
+                    if not opt.result.startswith('FAIL: version'):
+                        sys.exit('[!] ERROR: unexpected FAIL description "{}"'.format(opt.result))
                 return
         sys.exit('[!] ERROR: invalid AND check')
 
-- 
2.31.1