Come up with PAMModules check.
This commit is contained in:
parent
8a0128cddd
commit
57d7f91fa8
|
@ -0,0 +1,27 @@
|
|||
import re
|
||||
|
||||
from rpmlint.checks.AbstractCheck import AbstractCheck
|
||||
|
||||
|
||||
class PAMModulesCheck(AbstractCheck):
|
||||
pam_module_re = re.compile(r'^(?:/usr)?/lib(?:64)?/security/([^/]+\.so)$')
|
||||
|
||||
def __init__(self, config, output):
|
||||
super().__init__(config, output)
|
||||
self.pam_whitelist = config.configuration['PAMModulesWhiteList']
|
||||
|
||||
def check(self, pkg):
|
||||
if pkg.isSource():
|
||||
return
|
||||
|
||||
files = pkg.files()
|
||||
|
||||
for f in files:
|
||||
if f in pkg.ghostFiles():
|
||||
continue
|
||||
|
||||
m = self.pam_module_re.match(f)
|
||||
if m:
|
||||
bn = m.groups()[0]
|
||||
if bn not in self.pam_whitelist:
|
||||
self.output.add_info('E', pkg, 'pam-unauthorized-module', bn)
|
|
@ -283,6 +283,9 @@ ValidLicenses = []
|
|||
# Default valid license exceptions
|
||||
ValidLicenseExceptions = []
|
||||
|
||||
# Default white list for PAM modules
|
||||
PAMModulesWhiteList = []
|
||||
|
||||
# Additional warnings on specific function calls
|
||||
[WarnOnFunction]
|
||||
#[WarnOnFunction.testname]
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
pam-unauthorized-module="""
|
||||
The package installs a PAM module. If the package
|
||||
is intended for inclusion the PAM module name must
|
||||
be included in the white list.
|
Binary file not shown.
|
@ -0,0 +1,21 @@
|
|||
import pytest
|
||||
from rpmlint.checks.PAMModulesCheck import PAMModulesCheck
|
||||
from rpmlint.filter import Filter
|
||||
|
||||
from Testing import CONFIG, get_tested_package
|
||||
|
||||
|
||||
@pytest.fixture(scope='function', autouse=True)
|
||||
def pammodulecheck():
|
||||
CONFIG.info = True
|
||||
output = Filter(CONFIG)
|
||||
test = PAMModulesCheck(CONFIG, output)
|
||||
return output, test
|
||||
|
||||
|
||||
@pytest.mark.parametrize('package', ['binary/pam-module'])
|
||||
def test_pam_modules(tmpdir, package, pammodulecheck):
|
||||
output, test = pammodulecheck
|
||||
test.check(get_tested_package(package, tmpdir))
|
||||
out = output.print_results(output.results)
|
||||
assert 'E: pam-unauthorized-module pam-module.so' in out
|
Loading…
Reference in New Issue