Merge remote-tracking branch 'origin/pylint'

Refers to #136

.github/workflows/static_typing_test.yml → .github/workflows/static_analysis.yml

@@ -1,4 +1,4 @@
-name: static typing test
+name: static analysis
 
 on:
   push:
@@ -7,7 +7,7 @@ on:
     branches: [ master ]
 
 jobs:
-  static_typing_test:
+  static_analysis:
 
     runs-on: ubuntu-latest
 
@@ -31,3 +31,9 @@ jobs:
       run: |
         pip install mypy
         mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
+
+    - name: Check code with pylint
+      run: |
+        pip install pylint
+        pip install setuptools
+        pylint --recursive=y kernel_hardening_checker setup.py

.woodpecker/functional_test.yml

@@ -29,6 +29,15 @@ steps:
       - python --version
       - pip install --no-cache-dir mypy
       - mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
+  pylint-checking:
+    image: python:3
+    pull: true
+    commands:
+      - echo "Install the pylint tool..."
+      - python --version
+      - pip install --no-cache-dir pylint
+      - pip install --no-cache-dir setuptools
+      - pylint --recursive=y kernel_hardening_checker setup.py
   functional-test-with-coverage:
     image: python:3
     pull: true

kernel_hardening_checker/__init__.py

@@ -8,20 +8,23 @@
 This module performs input/output.
 """
 
-# pylint: disable=missing-function-docstring,line-too-long,invalid-name,too-many-branches,too-many-statements
+# pylint: disable=missing-function-docstring,line-too-long,too-many-branches,too-many-statements
 
 import gzip
 import sys
 from argparse import ArgumentParser
 from typing import List, Tuple, Dict, TextIO
 import re
 import json
-from .__about__ import __version__
 from .checks import add_kconfig_checks, add_cmdline_checks, normalize_cmdline_options, add_sysctl_checks
 from .engine import StrOrNone, TupleOrNone, ChecklistObjType
 from .engine import print_unknown_options, populate_with_data, perform_checks, override_expected_value
 
 
+# kernel-hardening-checker version
+__version__ = '0.6.6'
+
+
 def _open(file: str) -> TextIO:
     if file.endswith('.gz'):
         return gzip.open(file, 'rt', encoding='utf-8')

kernel_hardening_checker/checks.py

@@ -8,7 +8,7 @@
 This module contains knowledge for checks.
 """
 
-# pylint: disable=missing-function-docstring,line-too-long,invalid-name
+# pylint: disable=missing-function-docstring,line-too-long
 # pylint: disable=too-many-branches,too-many-statements,too-many-locals
 
 from typing import List
@@ -647,7 +647,7 @@ def normalize_cmdline_options(option: str, value: str) -> str:
     return value
 
 
-# TODO: draft of security hardening sysctls:
+# Ideas of security hardening sysctls:
 #    what about bpf_jit_enable?
 #    vm.mmap_min_addr has a good value
 #    nosmt sysfs control file

kernel_hardening_checker/engine.py

@@ -9,7 +9,7 @@
 """
 
 # pylint: disable=missing-class-docstring,missing-function-docstring
-# pylint: disable=line-too-long,invalid-name,too-many-branches
+# pylint: disable=line-too-long,too-many-branches
 
 from __future__ import annotations
 import sys

setup.cfg

@@ -1,5 +1,6 @@
 [metadata]
 name = kernel-hardening-checker
+version = attr: kernel_hardening_checker.__version__
 author = Alexander Popov
 author_email = alex.popov@linux.com
 home_page = https://github.com/a13xp0p0v/kernel-hardening-checker

setup.py

@@ -1,12 +1,14 @@
 #!/usr/bin/env python3
 
-from setuptools import setup
+"""
+This tool is for checking the security hardening options of the Linux kernel.
+
+Author: Alexander Popov <alex.popov@linux.com>
 
-about = {}
-with open('kernel_hardening_checker/__about__.py') as f:
-    exec(f.read(), about)
+This module performs installing of the kernel-hardening-checker package.
+"""
 
-print('v: "{}"'.format(about['__version__']))
+from setuptools import setup
 
 # See the options in setup.cfg
-setup(version = about['__version__'])
+setup()