From a2e5e4b76224a8e9775bb2341d5aa0939813680b Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Mon, 13 May 2024 18:12:35 +0300 Subject: [PATCH 1/1] Add more precise typing for checklist: List[ChecklistObjType] --- kernel_hardening_checker/__init__.py | 6 +++--- kernel_hardening_checker/checks.py | 8 ++++---- kernel_hardening_checker/engine.py | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py index 7db9e40..ca163b7 100644 --- a/kernel_hardening_checker/__init__.py +++ b/kernel_hardening_checker/__init__.py @@ -19,7 +19,7 @@ import re import json from .__about__ import __version__ from .checks import add_kconfig_checks, add_cmdline_checks, normalize_cmdline_options, add_sysctl_checks -from .engine import StrOrNone, TupleOrNone, print_unknown_options, populate_with_data, perform_checks, override_expected_value +from .engine import StrOrNone, TupleOrNone, ChecklistObjType, print_unknown_options, populate_with_data, perform_checks, override_expected_value def _open(file: str, *args, **kwargs) -> TextIO: @@ -80,7 +80,7 @@ def detect_compiler(fname: str) -> Tuple[StrOrNone, str]: sys.exit(f'[!] ERROR: invalid GCC_VERSION and CLANG_VERSION: {gcc_version} {clang_version}') -def print_checklist(mode: StrOrNone, checklist: List, with_results: bool) -> None: +def print_checklist(mode: StrOrNone, checklist: List[ChecklistObjType], with_results: bool) -> None: if mode == 'json': output = [] for opt in checklist: @@ -234,7 +234,7 @@ def main() -> None: if mode != 'json': print(f'[+] Special report mode: {mode}') - config_checklist = [] # type: List + config_checklist = [] # type: List[ChecklistObjType] if args.config: if args.print: diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index ab2432e..0e2bb74 100644 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -11,11 +11,11 @@ This module contains knowledge for checks. # pylint: disable=missing-function-docstring,line-too-long,invalid-name # pylint: disable=too-many-branches,too-many-statements,too-many-locals -from .engine import StrOrNone, KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND +from .engine import StrOrNone, ChecklistObjType, KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND from typing import List -def add_kconfig_checks(l: List, arch: str) -> None: +def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None: assert(arch), 'empty arch' # Calling the KconfigCheck class constructor: @@ -423,7 +423,7 @@ def add_kconfig_checks(l: List, arch: str) -> None: l += [KconfigCheck('harden_userspace', 'a13xp0p0v', 'X86_USER_SHADOW_STACK', 'y')] -def add_cmdline_checks(l: List, arch: str) -> None: +def add_cmdline_checks(l: List[ChecklistObjType], arch: str) -> None: assert(arch), 'empty arch' # Calling the CmdlineCheck class constructor: @@ -658,7 +658,7 @@ def normalize_cmdline_options(option: str, value: str) -> str: # kernel.warn_limit (think about a proper value) # net.ipv4.tcp_syncookies=1 (?) -def add_sysctl_checks(l: List, _arch: StrOrNone) -> None: +def add_sysctl_checks(l: List[ChecklistObjType], _arch: StrOrNone) -> None: # This function may be called with arch=None # Calling the SysctlCheck class constructor: diff --git a/kernel_hardening_checker/engine.py b/kernel_hardening_checker/engine.py index 2a371e4..b6beb6c 100644 --- a/kernel_hardening_checker/engine.py +++ b/kernel_hardening_checker/engine.py @@ -380,12 +380,12 @@ def populate_opt_with_data(opt: AnyOptCheckType, data: TupleOrOrderedDict, data_ populate_opt_with_data(o, data, data_type) -def populate_with_data(checklist: List, data: TupleOrOrderedDict, data_type: str) -> None: +def populate_with_data(checklist: List[ChecklistObjType], data: TupleOrOrderedDict, data_type: str) -> None: for opt in checklist: populate_opt_with_data(opt, data, data_type) -def override_expected_value(checklist: List, name: str, new_val: str) -> None: +def override_expected_value(checklist: List[ChecklistObjType], name: str, new_val: str) -> None: for opt in checklist: if opt.name == name: assert(opt.opt_type in ('kconfig', 'cmdline', 'sysctl')), \ @@ -393,12 +393,12 @@ def override_expected_value(checklist: List, name: str, new_val: str) -> None: opt.expected = new_val -def perform_checks(checklist: List) -> None: +def perform_checks(checklist: List[ChecklistObjType]) -> None: for opt in checklist: opt.check() -def print_unknown_options(checklist: List, parsed_options: OrderedDict[str, str], opt_type: str) -> None: +def print_unknown_options(checklist: List[ChecklistObjType], parsed_options: OrderedDict[str, str], opt_type: str) -> None: known_options = [] for o1 in checklist: -- 2.31.1