Add 'show_ok' and 'show_fail' print modes

Refers the issue #45

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 203da3f42a6dbde839fcb442d0f0f59d7fd964cf..7113393c2bf458896019e526128e8c742b8b915d 100644 (file)
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -76,6 +76,8 @@ jobs:
                 coverage run -a --branch bin/kconfig-hardened-check -c $C
                 coverage run -a --branch bin/kconfig-hardened-check -c $C -m verbose
                 coverage run -a --branch bin/kconfig-hardened-check -c $C -m json
+                coverage run -a --branch bin/kconfig-hardened-check -c $C -m show_ok
+                coverage run -a --branch bin/kconfig-hardened-check -c $C -m show_fail
         done
         coverage xml -i -o coverage.xml
 

diff --git a/README.md b/README.md
index 5cb2d1ab33cc352406eb4cd5691bbfe292028f22..08f57838a92852c9f05bb62d14b815f8526a0771 100644 (file)
--- a/README.md
+++ b/README.md
@@ -44,7 +44,8 @@ or simply run `./bin/kconfig-hardened-check` from the cloned repository.
 ## Usage
 ```
 usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}]
-                              [-c CONFIG] [-m {verbose,json}]
+                              [-c CONFIG]
+                              [-m {verbose,json,show_ok,show_fail}]
 
 Checks the hardening options in the Linux kernel config
 
@@ -54,8 +55,8 @@ optional arguments:
   -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
                         print hardening preferences for selected architecture
   -c CONFIG, --config CONFIG
-                        check the config_file against these preferences
-  -m {verbose,json}, --mode {verbose,json}
+                        check the kernel config file against these preferences
+  -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
                         choose the report mode
 ```
 

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index cb794505bd7a597411d3356472925c0125215967..060b1de3148ad8da88dcdc0b08d223a1b8a60313 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -539,6 +539,13 @@ def print_checklist(mode, checklist, with_results):
 
     # table contents
     for opt in checklist:
+        if with_results:
+            if mode == 'show_ok':
+                if not opt.result.startswith('OK'):
+                    continue
+            if mode == 'show_fail':
+                if not opt.result.startswith('FAIL'):
+                    continue
         opt.table_print(mode, with_results)
         print()
         if mode == 'verbose':
@@ -547,10 +554,16 @@ def print_checklist(mode, checklist, with_results):
 
     # final score
     if with_results:
-        error_count = len(list(filter(lambda opt: opt.result.startswith('FAIL'), checklist)))
+        fail_count = len(list(filter(lambda opt: opt.result.startswith('FAIL'), checklist)))
+        fail_suppressed = ''
         ok_count = len(list(filter(lambda opt: opt.result.startswith('OK'), checklist)))
+        ok_suppressed = ''
+        if mode == 'show_ok':
+            fail_suppressed = ' (suppressed in output)'
+        if mode == 'show_fail':
+            ok_suppressed = ' (suppressed in output)'
         if mode != 'json':
-            print('[+] Config check is finished: \'OK\' - {} / \'FAIL\' - {}'.format(ok_count, error_count))
+            print('[+] Config check is finished: \'OK\' - {}{} / \'FAIL\' - {}{}'.format(ok_count, ok_suppressed, fail_count, fail_suppressed))
 
 
 def perform_checks(checklist, parsed_options, kernel_version):
@@ -602,7 +615,7 @@ def main():
     #     - reporting about unknown kernel options in the config
     #     - verbose printing of ComplexOptCheck items
     #   * json mode for printing the results in JSON format
-    report_modes = ['verbose', 'json']
+    report_modes = ['verbose', 'json', 'show_ok', 'show_fail']
     supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM']
     parser = ArgumentParser(prog='kconfig-hardened-check',
                             description='Checks the hardening options in the Linux kernel config')
@@ -610,7 +623,7 @@ def main():
     parser.add_argument('-p', '--print', choices=supported_archs,
                         help='print hardening preferences for selected architecture')
     parser.add_argument('-c', '--config',
-                        help='check the config_file against these preferences')
+                        help='check the kernel config file against these preferences')
     parser.add_argument('-m', '--mode', choices=report_modes,
                         help='choose the report mode')
     args = parser.parse_args()
@@ -651,6 +664,8 @@ def main():
         sys.exit(0)
 
     if args.print:
+        if mode in ('show_ok', 'show_fail'):
+            sys.exit('[!] ERROR: please use "{}" mode for checking the kernel config'.format(mode))
         arch = args.print
         construct_checklist(config_checklist, arch)
         if mode != 'json':