check_sys/core/plugins/grub.py

#!/usr/bin/env python3

from os import stat
from os.path import isfile
from audit.system.plugins.grub import grub


class Grub:
    def __init__(self, arguments):
        self._object = grub()
        self._reports = dict()

        # Create the report
        self._constructReports()

    def runAudit(self):
        print("Running test for Grub")
        self._analyzingGrub()

    def getReports(self) -> dict:
        return self._reports

    def _analyzingGrub(self):
        # Check if the file exist
        path = self._object['filename']
        try:
            if isfile(path):
                permission = self._check_permission(path)

                if permission != oct(self._object['value']):
                    self._reports['result'] = 'failed'
                    self._reports['resolve'] = self._object['resolve']
                else:
                    self._reports['result'] = 'success'
                self._reports['description'] = self._object['description']
                self._reports['current_value'] = permission[2:]
        except FileNotFoundError:
            self._reports['grub']['error'] = \
                f'File {path} not found' 
   
    def _check_permission(self, path) -> oct:
        """
            In this function, we get the permission of the file
        """
        permission = stat(path).st_mode

        octal = 0o000
        # Check user permission
        if permission & 0o400: # Read
            octal += 0o400
        if permission & 0o200: # Write
            octal += 0o200
        if permission & 0o100: # Execute
            octal += 0o100

        # Check group permission
        if permission & 0o040:
            octal += 0o040
        if permission & 0o020:
            octal += 0o020
        if permission & 0o010:
            octal += 0o010

        # Check other permission
        if permission & 0o004:
            octal += 0o004
        if permission & 0o002:
            octal += 0o002
        if permission & 0o001:
            octal += 0o001

        return oct(octal)

    def _constructReports(self):
        """
            Construct dictionary for result of the tests
            Each entry contains:
            Key:
              - filename: filename of the test
              - line: line of the test
              - parse: Display the line where the vulnerabilites has been found
              - description: description of the vulnerability
              - level: high, medium or low
        """
        self._reports = dict()
        self._reports['filename'] = self._object['filename']