From e2514c2fac75aa016bd29c2347bb04d36a99b632 Mon Sep 17 00:00:00 2001 From: Davide Madrisan Date: Fri, 13 Jan 2012 00:17:57 +0100 Subject: [PATCH] tests: display the number of issues detected Signed-off-by: Davide Madrisan --- ChangeLog | 7 ++++++- po/it/test01_pkgquality.po | 5 ++++- po/it/test02_pkgsecurity.po | 5 ++++- tests/test01_pkgquality.in | 32 ++++++++++++++++++++++++-------- tests/test02_pkgsecurity.in | 13 +++++++++++-- 5 files changed, 49 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 231ba6b..7ac9b1b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,12 @@ Changes in version 1.8.3 * tests/test01_pkgquality tests/test02_pkgsecurity - Davide Madrisan: - Be less verbose. + Be less verbose and write the grand total of the issues detected by each + plugin. + + * po/it/test01_pkgquality + po/it/test02_pkgsecurity.po - Davide Madrisan: + Updated. -------------------------------------------------------------------------------- diff --git a/po/it/test01_pkgquality.po b/po/it/test01_pkgquality.po index aad1f30..b89bde2 100644 --- a/po/it/test01_pkgquality.po +++ b/po/it/test01_pkgquality.po @@ -1,5 +1,5 @@ # translation of it.po to Italiana -# Copyright (C) 2008 Davide Madrisan +# Copyright (C) 2008,2012 Davide Madrisan # Davide Madrisan msgid "" @@ -102,3 +102,6 @@ msgstr "ricerca di pacchetti con errato tag BuildArch" msgid "this package should be tagged \\`noarch'" msgstr "questo pacchetto dovrebbe essere di tipo \\`noarch'" + +msgid "Quality checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)." +msgstr "Controlli di qualità: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues" diff --git a/po/it/test02_pkgsecurity.po b/po/it/test02_pkgsecurity.po index ee4fd65..1b82355 100644 --- a/po/it/test02_pkgsecurity.po +++ b/po/it/test02_pkgsecurity.po @@ -1,5 +1,5 @@ # translation of it.po to Italiana -# Copyright (C) 2008 Davide Madrisan +# Copyright (C) 2008,2012 Davide Madrisan # Davide Madrisan msgid "" @@ -60,3 +60,6 @@ msgstr "Suggerimento per script bash (richiede \\`mktemp')" msgid "Hint for perl scripts" msgstr "Suggerimento per script perl" + +msgid "Security checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)." +msgstr "Ccntrolli di sicurezza: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues" diff --git a/tests/test01_pkgquality.in b/tests/test01_pkgquality.in index a520620..8b10d31 100644 --- a/tests/test01_pkgquality.in +++ b/tests/test01_pkgquality.in @@ -56,6 +56,8 @@ function alltests() { [ -d "$tmpextractdir" ] || notify.error $"\ (bug)"" -- $FUNCNAME: "$"no such file or directory"" \`$tmpextractdir'" + local total_issues=0 + # check for broken symlinks # - symlinks to files in the buildroot directory for rpm # (usable for a symlink attacks) @@ -93,6 +95,7 @@ function alltests() { notify.warning "${NOTE}${pck##*/}${NORM}" notify.note $"\ wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'" + let "total_issues += 1" fi done popd >/dev/null @@ -123,6 +126,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}" notify.note "$(\ strings -a $filename | grep "^$SPEC_BUILDROOT" | sort -bu | \ sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")" + let "total_issues += 1" done let "i += 1" done @@ -148,6 +152,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}" notify.note "$(\ strings -a $filename | grep "$BUILDDIR" | sort -bu | \ sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")" + let "total_issues += 1" done let "i += 1" done @@ -169,6 +174,7 @@ find -mindepth 1 -type f -name \*.so -exec file {} \; | \ grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do notify.warning "${NOTE}${pck##*/}${NORM}" notify.note $"found suspect plugin \`${NOTE}$f${NORM}'" + let "total_issues += 1" done popd >/dev/null let "i += 1" @@ -193,6 +199,7 @@ checking for wrong file attributes in bin and lib directories""${NORM}..." notify.warning "${NOTE}${pck##*/}${NORM}" notify.note $"found suspect file"": \ \`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" + let "total_issues += 1" done let "i += 1" popd >/dev/null @@ -221,9 +228,10 @@ checking for binary files installed in /etc (see FHS)""${NORM}..." case $f in ./etc/rc.d/init.d/*) ;; *) let "warning = 1" && - notify.warning "${NOTE}${pck##*/}${NORM}" - notify.note $"found suspect file"": \ -\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;; + { notify.warning "${NOTE}${pck##*/}${NORM}" + notify.note $"found suspect file"": \ +\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" + let "total_issues += 1"; } ;; esac done popd >/dev/null @@ -280,7 +288,8 @@ $([[ "$rpm_macro_uninstallinfo" ]] && echo "$rpm_macro_uninstallinfo %{name}.info" || echo "${path_installinfo:-/sbin/install-info} --delete %{name}.info") exit 0 ----------------------------------------"; } +---------------------------------------" + let "total_issues += $error"; } done # check packages for wrong user and/or group ownerships @@ -302,6 +311,7 @@ package not found"": \`${pck##*/}'" notify.warning "${NOTE}${pck##*/}${NORM}" notify.note $"found suspect file"": \ \`${NOTE}$9${NORM}' [uid:\`${NOTE}$3${NORM}', gid:\`${NOTE}$4${NORM}']" + let "total_issues += 1" fi done ) done @@ -319,9 +329,10 @@ checking packages for desktop files installed in the applnk dir""${NORM}..." case $f in .${rpmdatadir}/applnk/*.desktop) let "warning = 1" && - notify.warning "${NOTE}${pck##*/}${NORM}" - notify.note $"found suspect file"": \ -\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;; + { notify.warning "${NOTE}${pck##*/}${NORM}" + notify.note $"found suspect file"": \ +\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" + let "total_issues += 1"; } ;; *) ;; esac done @@ -357,6 +368,11 @@ ${NOTE}"$"Hint"":${NORM} ----------------------------- ${NOTE}"$"Hint"":${NORM} BuildArch: noarch ------------------------------"; } +-----------------------------" + let "total_issues += 1"; } fi + + notify.note "\ + --> ${NOTE}"$"Quality checks: \ +${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}" } diff --git a/tests/test02_pkgsecurity.in b/tests/test02_pkgsecurity.in index a0350fa..6456f45 100644 --- a/tests/test02_pkgsecurity.in +++ b/tests/test02_pkgsecurity.in @@ -1,6 +1,6 @@ #!/bin/bash # test02_pkgsecurity -- @package@ test (rpm security checks) -# Copyright (C) 2008 Davide Madrisan +# Copyright (C) 2008,2012 Davide Madrisan [ -z "$BASH" ] || [ ${BASH_VERSION:0:1} -lt 2 ] && echo $"this script requires bash version 2 or better" >&2 && exit 1 @@ -68,6 +68,8 @@ function alltests() { done } + local total_issues=0 + notify.note \ " * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..." @@ -83,6 +85,7 @@ function alltests() { if [ "$rpath" ]; then notify.warning "${NOTE}${pck##*/}${NORM}" notify.note "${f/./}\nRPATH: $rpath" + let "total_issues += 1" fi fi done @@ -102,6 +105,7 @@ function alltests() { if [[ "$(file $f | grep " setuid ")" ]]; then notify.warning "${NOTE}${pck##*/}${NORM}" notify.note "${NOTE}${f/./}${NORM}" + let "total_issues += 1" fi done popd >/dev/null @@ -129,7 +133,8 @@ checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..." let "vulnerable = 1" && { notify.warning "${NOTE}${pck##*/}${NORM}" notify.note $"\ -seems to be affected"": \`${NOTE}${f/./}${NORM}'"; } +seems to be affected"": \`${NOTE}${f/./}${NORM}'" + let "total_issues += 1"; } done popd >/dev/null let "i += 1" @@ -147,4 +152,8 @@ ${NOTE}"$"Hint for perl scripts"":${NORM} use File::Temp qw/ tempfile /; (\$fh,\$file) = tempfile ('.XXXXXX'); -----------------------------" + + notify.note "\ + --> ${NOTE}"$"Security checks: \ +${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}" }