From 80ea5b694b5a004bb5aebaa6e7c8c666f5468d46 Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Nov 07 2017 13:57:49 +0000
Subject: Improve formatting a bit


---

diff --git a/analyze-protections.py b/analyze-protections.py
index 86a148a..620af43 100755
--- a/analyze-protections.py
+++ b/analyze-protections.py
@@ -45,7 +45,7 @@ from lxml.html import builder
 INTRO = '''\
 <P>This is the rough status of all .service unit files in Fedora.
    Type=oneshot and Type=idle are excluded from the analysis.
-<P>The source code to generat this page is at
+<P>The source code to generate this page is at
    <a href="https://pagure.io/analyze-protections">https://pagure.io/analyze-protections</a>.
    Pull requests welcome.
 <P>Note: this is a work in progress.
@@ -68,6 +68,9 @@ CSS = '''\
     color: green;
     font-weight: bold;
 }
+DIV {
+    margin-left: 3em;
+}
 '''
 
 arg_html = False
@@ -176,11 +179,14 @@ def count_protections(Protections, name, config, html=None):
     "Check if the unit has any protections at all"
     some = False
 
+    p = builder.P()
+    html.append(p)
+
     user = get_single_config(config, 'Service', 'User', None)
     if user and user != 'root':
         some = True
         Protections['user'] += 1
-        html_print(html, f'    User={user}', klass='protection')
+        html_print(p, f'    User={user}', klass='protection')
 
     v = get_single_config(config, 'Service', 'DynamicUser', '0')
     dynamic_user = systemd_bool(v)
@@ -188,26 +194,26 @@ def count_protections(Protections, name, config, html=None):
         some = True
         Protections['user'] += 1
         Protections['dynamic-user'] += 1
-        html_print(html, f'    DynamicUser={v}', klass='protection')
+        html_print(p, f'    DynamicUser={v}', klass='protection')
 
     v = get_single_config(config, 'Service', 'PrivateUsers', '0')
     if systemd_bool(v):
         some = True
         Protections['private-users'] += 1
-        html_print(html, f'    PrivateUsers={v}', klass='protection')
+        html_print(p, f'    PrivateUsers={v}', klass='protection')
 
     v = get_single_config(config, 'Service', 'PrivateTmp', '0')
     if systemd_bool(v):
         some = True
         Protections['private-tmp'] += 1
-        html_print(html, f'    PrivateTmp={v}', klass='protection')
+        html_print(p, f'    PrivateTmp={v}', klass='protection')
 
     access_restrictions = False
     for protection, check in ACCESS_RESTRICTIONS:
         v = get_single_config(config, 'Service', protection, None)
         if check(v):
             some = access_restrictions = True
-            html_print(html, f'    {protection}={v}', klass='protection')
+            html_print(p, f'    {protection}={v}', klass='protection')
     if access_restrictions:
         Protections['access-restrictions'] += 1
 
@@ -216,7 +222,7 @@ def count_protections(Protections, name, config, html=None):
         v = get_single_config(config, 'Service', protection, None)
         if check(v):
             some = network_restrictions = True
-            html_print(html, f'    {protection}={v}', klass='protection')
+            html_print(p, f'    {protection}={v}', klass='protection')
     if network_restrictions:
         Protections['access-restrictions'] += 1
 
@@ -226,13 +232,14 @@ def count_protections(Protections, name, config, html=None):
                               '1' if dynamic_user else '0')
         if v in {'read-only', 'strict', 'full'} or systemd_bool(v):
             some = protect_settings = True
-            html_print(html, f'    {protection}={v}', klass='protection')
+            html_print(p, f'    {protection}={v}', klass='protection')
     if protect_settings:
         Protections['protect'] += 1
 
     if not some:
         Protections['none'] += 1
-        html_print(html, '(no protections found)', klass='none')
+        html_print(p, '(no protections found)')
+        html.classes.add('none')
 
 def analyze(Types, Protections, name, html=None):
     # We use systemctl cat to include any drop-ins. It is likely that
@@ -249,8 +256,9 @@ def analyze(Types, Protections, name, html=None):
 
     if type in {'simple', 'forking', 'dbus', 'notify'}:
         if html is not None:
-            html.append(builder.H3(name))
-        count_protections(Protections, name, config, html=html)
+            div = builder.DIV(builder.H3(name))
+            html.append(div)
+        count_protections(Protections, name, config, html=div)
         return True
 
     return False
@@ -308,24 +316,21 @@ if __name__ == '__main__':
 
     n1 = 0
     for srpm, files in by_srpm.items():
-        have_p = False
+        have_header = False
 
         for file in files:
             if file.is_symlink():
                 # an alias, ignore
                 continue
 
-            if not have_p:
-                body.append(builder.H2(f'{srpm}.src.rpm', id=f'{srpm}.src.rpm'))
-                p = builder.P()
-                body.append(p)
-                have_p = True
+            if not have_header:
+                body.append(builder.H2(f'{srpm}.rpm', id=f'{srpm}.rpm'))
 
             print(f'==================== {file.name:<20} {"(" + srpm + ")":<15} =======================')
             try:
-                n1 += analyze(Types, Protections, file.name, html=p)
+                n1 += analyze(Types, Protections, file.name, html=body)
             except SyntaxError as e:
-                html_print(html, str(e), klass='error')
+                html_print(body, str(e), klass='error')
 
     n = sum(Types.values())
     if html is not None: