cve-check: add include/exclude layers

There are times when exluding or including a layer may be desired. This provide the framwork for that via two variables. The default is all layers in bblayers. CVE_CHECK_LAYER_INCLUDELIST CVE_CHECK_LAYER_EXCLUDELIST (From OE-Core rev: 5fdde65ef58b4c1048839e4f9462b34bab36fc22) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: akuster <akuster808@gmail.com> 2021-02-08 05:51:30 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-02-09 08:56:10 +0000
commit: 73befa8f413090ec0d4eba45efe51303b25b0004 (patch)
tree: 051d0c8f900f94032fab13d1d24bcce5c159e047
parent: 29e280f7ee6d38910e6186948272d641e1511fdd (diff)
download: poky-73befa8f413090ec0d4eba45efe51303b25b0004.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061af7a276..112ee3379d 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
 #
 CVE_CHECK_WHITELIST ?= ""
+# Layers to be excluded
+CVE_CHECK_LAYER_EXCLUDELIST ??= ""
+# Layers to be included 
+CVE_CHECK_LAYER_INCLUDELIST ??= ""
 # set to "alphabetical" for version using single alphabetical character as increament release
 CVE_VERSION_SUFFIX ??= ""
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
    CVE manifest if enabled.
    """
    cve_file = d.getVar("CVE_CHECK_LOG")
    fdir_name  = d.getVar("FILE_DIRNAME")
    layer = fdir_name.split("/")[-3]
+    include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
+    exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
+    if exclude_layers and layer in exclude_layers:
+        return
+    if include_layers and layer not in include_layers:
+        return
    nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
    write_string = ""
    unpatched_cves = []
author	akuster <akuster808@gmail.com>	2021-02-08 05:51:30 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-09 08:56:10 +0000
commit	73befa8f413090ec0d4eba45efe51303b25b0004 (patch)
tree	051d0c8f900f94032fab13d1d24bcce5c159e047
parent	29e280f7ee6d38910e6186948272d641e1511fdd (diff)
download	poky-73befa8f413090ec0d4eba45efe51303b25b0004.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 061af7a276..112ee3379d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
53	#	53	#
54	CVE_CHECK_WHITELIST ?= ""	54	CVE_CHECK_WHITELIST ?= ""
55		55
		56	# Layers to be excluded
		57	CVE_CHECK_LAYER_EXCLUDELIST ??= ""
		58
		59	# Layers to be included
		60	CVE_CHECK_LAYER_INCLUDELIST ??= ""
		61
		62
56	# set to "alphabetical" for version using single alphabetical character as increament release	63	# set to "alphabetical" for version using single alphabetical character as increament release
57	CVE_VERSION_SUFFIX ??= ""	64	CVE_VERSION_SUFFIX ??= ""
58		65
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
334	CVE manifest if enabled.	341	CVE manifest if enabled.
335	"""	342	"""
336		343
		344
337	cve_file = d.getVar("CVE_CHECK_LOG")	345	cve_file = d.getVar("CVE_CHECK_LOG")
338	fdir_name = d.getVar("FILE_DIRNAME")	346	fdir_name = d.getVar("FILE_DIRNAME")
339	layer = fdir_name.split("/")[-3]	347	layer = fdir_name.split("/")[-3]
340		348
		349	include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
		350	exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
		351
		352	if exclude_layers and layer in exclude_layers:
		353	return
		354
		355	if include_layers and layer not in include_layers:
		356	return
		357
341	nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="	358	nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
342	write_string = ""	359	write_string = ""
343	unpatched_cves = []	360	unpatched_cves = []