From 546a7e3bdc639bfeaa0a243792c78d14ec04b786 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 6 Oct 2024 21:36:55 +0300
Subject: [PATCH] Fix the sysctl.conf test at github

---
 .github/workflows/functional_test.sh | 5 ++++-
 kernel_hardening_checker/__init__.py | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/functional_test.sh b/.github/workflows/functional_test.sh
index 7c11957..fe23219 100644
--- a/.github/workflows/functional_test.sh
+++ b/.github/workflows/functional_test.sh
@@ -92,12 +92,15 @@ coverage run -a --branch bin/kernel-hardening-checker -s /tmp/sysctl_arch | grep
 
 echo ">>>>> check sysctl separately <<<<<"
 coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE
-coverage run -a --branch bin/kernel-hardening-checker -s /etc/sysctl.conf
 coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m verbose > /dev/null
 coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m json
 coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_ok
 coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_fail
 
+echo ">>>>> check sysctl.conf (it should not fail) <<<<<"
+cat /etc/sysctl.conf
+coverage run -a --branch bin/kernel-hardening-checker -s /etc/sysctl.conf
+
 echo ">>>>> test -v (kernel version detection) <<<<<"
 cp kernel_hardening_checker/config_files/distros/fedora_34.config ./test.config
 coverage run -a --branch bin/kernel-hardening-checker -c ./test.config -v /proc/version
diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py
index 694ffcb..dd26712 100755
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -225,7 +225,7 @@ def parse_sysctl_file(mode: StrOrNone, parsed_options: Dict[str, str], fname: st
         sysctl_pattern = re.compile(r"[a-zA-Z0-9/\._-]+ ?=.*$")
         for line in f.readlines():
             line = line.strip()
-            if line.startswith('#'):
+            if not line or line.startswith('#'):
                 continue
             if not sysctl_pattern.match(line):
                 sys.exit(f'[!] ERROR: unexpected line in sysctl file: "{line}"')
-- 
2.31.1