folkslinux
/
rpmlint
mirror of https://github.com/rpm-software-management/rpmlint.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Come up with PAMModules check.

This commit is contained in:
Martin Liska 2019-09-24 13:05:03 +02:00 committed by Neal Gompa (ニール・ゴンパ)
parent 8a0128cddd
commit 57d7f91fa8
5 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
rpmlint/checks/PAMModulesCheck.py Normal file
View File

@ -0,0 +1,27 @@
import re
from rpmlint.checks.AbstractCheck import AbstractCheck
class PAMModulesCheck(AbstractCheck):
pam_module_re = re.compile(r'^(?:/usr)?/lib(?:64)?/security/([^/]+\.so)$')
def __init__(self, config, output):
super().__init__(config, output)
self.pam_whitelist = config.configuration['PAMModulesWhiteList']
def check(self, pkg):
if pkg.isSource():
return
files = pkg.files()
for f in files:
if f in pkg.ghostFiles():
continue
m = self.pam_module_re.match(f)
if m:
bn = m.groups()[0]
if bn not in self.pam_whitelist:
self.output.add_info('E', pkg, 'pam-unauthorized-module', bn)

3
rpmlint/configdefaults.toml
View File

@ -283,6 +283,9 @@ ValidLicenses = []
# Default valid license exceptions
ValidLicenseExceptions = []
# Default white list for PAM modules
PAMModulesWhiteList = []
# Additional warnings on specific function calls
[WarnOnFunction]
#[WarnOnFunction.testname]

4
rpmlint/descriptions/PAMModulesCheck.toml Normal file
View File

@ -0,0 +1,4 @@
pam-unauthorized-module="""
The package installs a PAM module. If the package
is intended for inclusion the PAM module name must
be included in the white list.

BIN
test/binary/pam-module-1.0-0.x86_64.rpm Normal file
View File

Binary file not shown.

21
test/test_pam_modules.py Normal file
View File

@ -0,0 +1,21 @@
import pytest
from rpmlint.checks.PAMModulesCheck import PAMModulesCheck
from rpmlint.filter import Filter
from Testing import CONFIG, get_tested_package
@pytest.fixture(scope='function', autouse=True)
def pammodulecheck():
CONFIG.info = True
output = Filter(CONFIG)
test = PAMModulesCheck(CONFIG, output)
return output, test
@pytest.mark.parametrize('package', ['binary/pam-module'])
def test_pam_modules(tmpdir, package, pammodulecheck):
output, test = pammodulecheck
test.check(get_tested_package(package, tmpdir))
out = output.print_results(output.results)
assert 'E: pam-unauthorized-module pam-module.so' in out