Skip to content

K
kernel-hardening-checker
Commit 271e6bf0 by Alexander Popov
Options

Get rid of 'kernel_version' global variable 

(done while solving the issue #45)
parent eeb0b9ee
Showing with 10 additions and 9 deletions
kconfig_hardened_check/__init__.py
...@@ -73,8 +73,6 @@ report_modes = ['verbose', 'json'] ...@@ -73,8 +73,6 @@ report_modes = ['verbose', 'json']
supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM'] supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM']
kernel_version = None
class OptCheck: class OptCheck:
def __init__(self, reason, decision, name, expected): def __init__(self, reason, decision, name, expected):
...@@ -109,16 +107,17 @@ class OptCheck: ...@@ -109,16 +107,17 @@ class OptCheck:
class VerCheck: class VerCheck:
def __init__(self, ver_expected): def __init__(self, ver_expected):
self.ver_expected = ver_expected self.ver_expected = ver_expected
self.ver = None
self.result = None self.result = None
def check(self): def check(self):
if kernel_version[0] > self.ver_expected[0]: if self.ver[0] > self.ver_expected[0]:
self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1]) self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
return True return True
if kernel_version[0] < self.ver_expected[0]: if self.ver[0] < self.ver_expected[0]:
self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1]) self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
return False return False
if kernel_version[1] >= self.ver_expected[1]: if self.ver[1] >= self.ver_expected[1]:
self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1]) self.result = 'OK: version >= ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
return True return True
self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1]) self.result = 'FAIL: version < ' + str(self.ver_expected[0]) + '.' + str(self.ver_expected[1])
...@@ -563,13 +562,15 @@ def print_checklist(mode, checklist, with_results): ...@@ -563,13 +562,15 @@ def print_checklist(mode, checklist, with_results):
print('[+] Config check is finished: \'OK\' - {} / \'FAIL\' - {}'.format(ok_count, error_count)) print('[+] Config check is finished: \'OK\' - {} / \'FAIL\' - {}'.format(ok_count, error_count))
def perform_checks(checklist, parsed_options): def perform_checks(checklist, parsed_options, kernel_version):
for opt in checklist: for opt in checklist:
if hasattr(opt, 'opts'): if hasattr(opt, 'opts'):
# prepare ComplexOptCheck # prepare ComplexOptCheck
for o in opt.opts: for o in opt.opts:
if hasattr(o, 'state'): if hasattr(o, 'state'):
o.state = parsed_options.get(o.name, None) o.state = parsed_options.get(o.name, None)
if hasattr(o, 'ver'):
o.ver = kernel_version
else: else:
# prepare simple check # prepare simple check
if not hasattr(opt, 'state'): if not hasattr(opt, 'state'):
...@@ -605,9 +606,9 @@ def parse_config_file(parsed_options, fname): ...@@ -605,9 +606,9 @@ def parse_config_file(parsed_options, fname):
def main(): def main():
global kernel_version
mode = None mode = None
arch = None
kernel_version = None
config_checklist = [] config_checklist = []
parsed_options = OrderedDict() parsed_options = OrderedDict()
...@@ -645,7 +646,7 @@ def main(): ...@@ -645,7 +646,7 @@ def main():
construct_checklist(config_checklist, arch) construct_checklist(config_checklist, arch)
parse_config_file(parsed_options, args.config) parse_config_file(parsed_options, args.config)
perform_checks(config_checklist, parsed_options) perform_checks(config_checklist, parsed_options, kernel_version)
if mode == 'verbose': if mode == 'verbose':
print_unknown_options(config_checklist, parsed_options) print_unknown_options(config_checklist, parsed_options)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment