summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross@burtonini.com>2020-11-19 10:38:09 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-11-24 10:27:45 +0000
commit0be2aedfd3fba09d187f5de31925747291ea5cd2 (patch)
treed7268c9f645bad7c07251c2551d91891137c3b88
parent913ed9a6b137e77a023a78273f633b15c7e9fd4f (diff)
downloadpoky-0be2aedfd3fba09d187f5de31925747291ea5cd2.tar.gz
cve-check: show real PN/PV
The output currently shows the remapped product and version fields, which may not be the actual recipe name/version. As this report is about recipes, use the real values. (From OE-Core rev: 18827d7f40db4a4f92680bd59ca655cca373ad65) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/cve-check.bbclass9
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 25cefda92e..d843e7c4ac 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -208,6 +208,9 @@ def check_cves(d, patched_cves):
208 """ 208 """
209 from distutils.version import LooseVersion 209 from distutils.version import LooseVersion
210 210
211 pn = d.getVar("PN")
212 real_pv = d.getVar("PV")
213
211 cves_unpatched = [] 214 cves_unpatched = []
212 # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) 215 # CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
213 products = d.getVar("CVE_PRODUCT").split() 216 products = d.getVar("CVE_PRODUCT").split()
@@ -217,7 +220,7 @@ def check_cves(d, patched_cves):
217 pv = d.getVar("CVE_VERSION").split("+git")[0] 220 pv = d.getVar("CVE_VERSION").split("+git")[0]
218 221
219 # If the recipe has been whitlisted we return empty lists 222 # If the recipe has been whitlisted we return empty lists
220 if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): 223 if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
221 bb.note("Recipe has been whitelisted, skipping check") 224 bb.note("Recipe has been whitelisted, skipping check")
222 return ([], [], []) 225 return ([], [], [])
223 226
@@ -286,12 +289,12 @@ def check_cves(d, patched_cves):
286 vulnerable = vulnerable_start or vulnerable_end 289 vulnerable = vulnerable_start or vulnerable_end
287 290
288 if vulnerable: 291 if vulnerable:
289 bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) 292 bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
290 cves_unpatched.append(cve) 293 cves_unpatched.append(cve)
291 break 294 break
292 295
293 if not vulnerable: 296 if not vulnerable:
294 bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) 297 bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
295 # TODO: not patched but not vulnerable 298 # TODO: not patched but not vulnerable
296 patched_cves.add(cve) 299 patched_cves.add(cve)
297 300