diff options
| author | Marta Rybczynska <rybczynska@gmail.com> | 2022-06-15 15:21:48 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-24 23:57:42 +0100 |
| commit | 4c7c684507143f5e60b9c680dd1c3cc31ebdea39 (patch) | |
| tree | e1f28113ca0097f03b83746fee8e38d329169da4 | |
| parent | c086c4b35aa6abb8e257931e027ae99619b2d27f (diff) | |
| download | poky-4c7c684507143f5e60b9c680dd1c3cc31ebdea39.tar.gz | |
oeqa/selftest/cve_check: add tests for Ignored and partial reports
Add testcases for partial reports with CVE_CHECK_REPORT_PATCHED and
Ignored CVEs.
(From OE-Core rev: feabc35372e78575ff04ea207b34f2d278a75d00)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3f7639b90004973782a2e74925fd2e9a764c1090)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/lib/oeqa/selftest/cases/cve_check.py | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index 2f26f606d7..d0b2213703 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py | |||
| @@ -117,3 +117,85 @@ CVE_CHECK_FORMAT_JSON = "1" | |||
| 117 | self.assertEqual(report["version"], "1") | 117 | self.assertEqual(report["version"], "1") |
| 118 | self.assertEqual(len(report["package"]), 1) | 118 | self.assertEqual(len(report["package"]), 1) |
| 119 | self.assertEqual(report["package"][0]["name"], recipename) | 119 | self.assertEqual(report["package"][0]["name"], recipename) |
| 120 | |||
| 121 | |||
| 122 | def test_recipe_report_json_unpatched(self): | ||
| 123 | config = """ | ||
| 124 | INHERIT += "cve-check" | ||
| 125 | CVE_CHECK_FORMAT_JSON = "1" | ||
| 126 | CVE_CHECK_REPORT_PATCHED = "0" | ||
| 127 | """ | ||
| 128 | self.write_config(config) | ||
| 129 | |||
| 130 | vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
| 131 | summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
| 132 | recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json") | ||
| 133 | |||
| 134 | try: | ||
| 135 | os.remove(summary_json) | ||
| 136 | os.remove(recipe_json) | ||
| 137 | except FileNotFoundError: | ||
| 138 | pass | ||
| 139 | |||
| 140 | bitbake("m4-native -c cve_check") | ||
| 141 | |||
| 142 | def check_m4_json(filename): | ||
| 143 | with open(filename) as f: | ||
| 144 | report = json.load(f) | ||
| 145 | self.assertEqual(report["version"], "1") | ||
| 146 | self.assertEqual(len(report["package"]), 1) | ||
| 147 | package = report["package"][0] | ||
| 148 | self.assertEqual(package["name"], "m4-native") | ||
| 149 | #m4 had only Patched CVEs, so the issues array will be empty | ||
| 150 | self.assertEqual(package["issue"], []) | ||
| 151 | |||
| 152 | self.assertExists(summary_json) | ||
| 153 | check_m4_json(summary_json) | ||
| 154 | self.assertExists(recipe_json) | ||
| 155 | check_m4_json(recipe_json) | ||
| 156 | |||
| 157 | |||
| 158 | def test_recipe_report_json_ignored(self): | ||
| 159 | config = """ | ||
| 160 | INHERIT += "cve-check" | ||
| 161 | CVE_CHECK_FORMAT_JSON = "1" | ||
| 162 | CVE_CHECK_REPORT_PATCHED = "1" | ||
| 163 | """ | ||
| 164 | self.write_config(config) | ||
| 165 | |||
| 166 | vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
| 167 | summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
| 168 | recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "logrotate_cve.json") | ||
| 169 | |||
| 170 | try: | ||
| 171 | os.remove(summary_json) | ||
| 172 | os.remove(recipe_json) | ||
| 173 | except FileNotFoundError: | ||
| 174 | pass | ||
| 175 | |||
| 176 | bitbake("logrotate -c cve_check") | ||
| 177 | |||
| 178 | def check_m4_json(filename): | ||
| 179 | with open(filename) as f: | ||
| 180 | report = json.load(f) | ||
| 181 | self.assertEqual(report["version"], "1") | ||
| 182 | self.assertEqual(len(report["package"]), 1) | ||
| 183 | package = report["package"][0] | ||
| 184 | self.assertEqual(package["name"], "logrotate") | ||
| 185 | found_cves = { issue["id"]: issue["status"] for issue in package["issue"]} | ||
| 186 | # m4 CVE should not be in logrotate | ||
| 187 | self.assertNotIn("CVE-2008-1687", found_cves) | ||
| 188 | # logrotate has both Patched and Ignored CVEs | ||
| 189 | self.assertIn("CVE-2011-1098", found_cves) | ||
| 190 | self.assertEqual(found_cves["CVE-2011-1098"], "Patched") | ||
| 191 | self.assertIn("CVE-2011-1548", found_cves) | ||
| 192 | self.assertEqual(found_cves["CVE-2011-1548"], "Ignored") | ||
| 193 | self.assertIn("CVE-2011-1549", found_cves) | ||
| 194 | self.assertEqual(found_cves["CVE-2011-1549"], "Ignored") | ||
| 195 | self.assertIn("CVE-2011-1550", found_cves) | ||
| 196 | self.assertEqual(found_cves["CVE-2011-1550"], "Ignored") | ||
| 197 | |||
| 198 | self.assertExists(summary_json) | ||
| 199 | check_m4_json(summary_json) | ||
| 200 | self.assertExists(recipe_json) | ||
| 201 | check_m4_json(recipe_json) | ||