Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / chromite / c8ea85b1ccef68afa55ac55361ca58e5f478ec76 / . / scripts / security_test_image.py
blob: e321ee9124e9dbd90483417c98cfd1062e298ead [file] [log] [blame]
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]1# Copyright 2018 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5"""This script provides CLI access to run security tests on a Chrome OS images.
6
7The entry point is available as image_lib.SecurityTest. Call that directly when
8possible.
9
10Note: You probably will need an internal checkout by default for these
11 tests to be useful. You can provide your own baselines, but you
12 can certainly provide your own set of configs.
13
14Note: These tests will fail on dev images. They are designed to
15 check release recovery images only.
16
17Note: The --image argument can be a path or a basename. When a basename is
18 provided, the --board argument is always used to build the path.
19 Consequently, `./image_name.bin` and `image_name.bin` are treated
20 very differently.
21"""
22
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]23import re
24
25from chromite.lib import commandline
26from chromite.lib import cros_build_lib
27from chromite.lib import image_lib
28
29
30def GetParser():
Alex Klein1699fab2022-09-08 08:46:06 -0600[diff] [blame]31 """Build the Argument Parser."""
32 parser = commandline.ArgumentParser(description=__doc__)
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]33
Alex Klein1699fab2022-09-08 08:46:06 -0600[diff] [blame]34 parser.add_argument("--board", help="The board to test an image for.")
35 # Avoiding type='path' to allow the use of `./` to distinguish between a
36 # local image (e.g. `./image_name.bin`) and a basename (`image_name.bin`) in
37 # the board's build directory. The `./` would be normalized out of a
38 # type='path' argument, making it look like it's a basename.
39 parser.add_argument(
40 "--image",
41 help="Source release image to use (recovery_image.bin by "
42 "default). May be a path to an image or just the "
43 "basename of the image if a board is also provided.",
44 )
45 parser.add_argument(
46 "--baselines",
47 type="path",
48 help="Directory to load security baselines from (default "
49 "from cros-signing).",
50 )
51 parser.add_argument(
52 "--vboot-hash",
53 help="The git rev of the vboot tree to checkout (default "
54 "to the signer hash).",
55 )
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]56
Alex Klein1699fab2022-09-08 08:46:06 -0600[diff] [blame]57 return parser
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]58
59
60def _ParseArgs(argv):
Alex Klein1699fab2022-09-08 08:46:06 -0600[diff] [blame]61 """Parse and validate arguments."""
62 parser = GetParser()
63 opts = parser.parse_args(argv)
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]64
Alex Klein1699fab2022-09-08 08:46:06 -0600[diff] [blame]65 # Need the board if no image provided or only the basename is provided so
66 # we can build out the full path to an image file.
67 opts.board = opts.board or cros_build_lib.GetDefaultBoard()
68 try:
69 opts.image = image_lib.BuildImagePath(opts.board, opts.image)
70 except image_lib.ImageDoesNotExistError as e:
71 # Replace |arg| with --arg, otherwise messages still relevant.
72 message = re.sub(r"\|(\w+)\|", r"--\1", str(e))
73 parser.error(message)
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]74
Alex Klein1699fab2022-09-08 08:46:06 -0600[diff] [blame]75 opts.Freeze()
76 return opts
Alex Kleinfa719c92018-10-15 14:04:22 -0600[diff] [blame]77
78
79def main(argv):
Alex Klein1699fab2022-09-08 08:46:06 -0600[diff] [blame]80 cros_build_lib.AssertInsideChroot()
81 opts = _ParseArgs(argv)
82 try:
83 success = image_lib.SecurityTest(
84 board=opts.board,
85 image=opts.image,
86 baselines=opts.baselines,
87 vboot_hash=opts.vboot_hash,
88 )
89 except image_lib.Error as e:
90 cros_build_lib.Die(e)
91 else:
92 return 0 if success else 1