oeqa/selftest/cve_check: add tests for recipe and image reports

Add a test to verify that the JSON reports are generated correctly for both single recipe builds and image builds. More tests are needed, but this is better than nothing. (From OE-Core rev: add860e1a69f848097bbc511137a62d5746e5019) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit df0f35555b09c4bc75470eb45ec9c74e6587d460) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2022-05-18 16:40:13 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-05-28 10:38:21 +0100
commit: 0ca0aec7aa3ad9bcb3f8936a7e876f34866f2f68 (patch)
tree: 4ca36eb26b24c4bc1aaa5f801fa57ec32a863e22
parent: 0f83e5bd4267af2dd656b3d1ece4984525cbe091 (diff)
download: poky-0ca0aec7aa3ad9bcb3f8936a7e876f34866f2f68.tar.gz
1 files changed, 76 insertions, 1 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index d1947baffc..2f26f606d7 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -1,9 +1,13 @@
-from oe.cve_check import Version
+import json
+import os
 from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_vars
 class CVECheck(OESelftestTestCase):
    def test_version_compare(self):
+        from oe.cve_check import Version
        result = Version("100") > Version("99")
        self.assertTrue( result, msg="Failed to compare version '100' > '99'")
        result = Version("2.3.1") > Version("2.2.3")
@@ -42,3 +46,74 @@ class CVECheck(OESelftestTestCase):
        self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'")
        result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch")
        self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
+    def test_recipe_report_json(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+"""
+        self.write_config(config)
+        vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
+        try:
+            os.remove(summary_json)
+            os.remove(recipe_json)
+        except FileNotFoundError:
+            pass
+        bitbake("m4-native -c cve_check")
+        def check_m4_json(filename):
+            with open(filename) as f:
+                report = json.load(f)
+            self.assertEqual(report["version"], "1")
+            self.assertEqual(len(report["package"]), 1)
+            package = report["package"][0]
+            self.assertEqual(package["name"], "m4-native")
+            found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
+            self.assertIn("CVE-2008-1687", found_cves)
+            self.assertEqual(found_cves["CVE-2008-1687"], "Patched")
+        self.assertExists(summary_json)
+        check_m4_json(summary_json)
+        self.assertExists(recipe_json)
+        check_m4_json(recipe_json)
+    def test_image_json(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+"""
+        self.write_config(config)
+        vars = get_bb_vars(["CVE_CHECK_DIR", "CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        report_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        print(report_json)
+        try:
+            os.remove(report_json)
+        except FileNotFoundError:
+            pass
+        bitbake("core-image-minimal-initramfs")
+        self.assertExists(report_json)
+        # Check that the summary report lists at least one package
+        with open(report_json) as f:
+            report = json.load(f)
+        self.assertEqual(report["version"], "1")
+        self.assertGreater(len(report["package"]), 1)
+        # Check that a random recipe wrote a recipe report to deploy/cve/
+        recipename = report["package"][0]["name"]
+        recipe_report = os.path.join(vars["CVE_CHECK_DIR"], recipename + "_cve.json")
+        self.assertExists(recipe_report)
+        with open(recipe_report) as f:
+            report = json.load(f)
+        self.assertEqual(report["version"], "1")
+        self.assertEqual(len(report["package"]), 1)
+        self.assertEqual(report["package"][0]["name"], recipename)
author	Ross Burton <ross.burton@arm.com>	2022-05-18 16:40:13 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 10:38:21 +0100
commit	0ca0aec7aa3ad9bcb3f8936a7e876f34866f2f68 (patch)
tree	4ca36eb26b24c4bc1aaa5f801fa57ec32a863e22
parent	0f83e5bd4267af2dd656b3d1ece4984525cbe091 (diff)
download	poky-0ca0aec7aa3ad9bcb3f8936a7e876f34866f2f68.tar.gz

diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index d1947baffc..2f26f606d7 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -1,9 +1,13 @@
1	from oe.cve_check import Version	1	import json
		2	import os
2	from oeqa.selftest.case import OESelftestTestCase	3	from oeqa.selftest.case import OESelftestTestCase
		4	from oeqa.utils.commands import bitbake, get_bb_vars
3		5
4	class CVECheck(OESelftestTestCase):	6	class CVECheck(OESelftestTestCase):
5		7
6	def test_version_compare(self):	8	def test_version_compare(self):
		9	from oe.cve_check import Version
		10
7	result = Version("100") > Version("99")	11	result = Version("100") > Version("99")
8	self.assertTrue( result, msg="Failed to compare version '100' > '99'")	12	self.assertTrue( result, msg="Failed to compare version '100' > '99'")
9	result = Version("2.3.1") > Version("2.2.3")	13	result = Version("2.3.1") > Version("2.2.3")
@@ -42,3 +46,74 @@ class CVECheck(OESelftestTestCase):
42	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'")	46	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'")
43	result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch")	47	result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch")
44	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")	48	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
		49
		50
		51	def test_recipe_report_json(self):
		52	config = """
		53	INHERIT += "cve-check"
		54	CVE_CHECK_FORMAT_JSON = "1"
		55	"""
		56	self.write_config(config)
		57
		58	vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		59	summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		60	recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
		61
		62	try:
		63	os.remove(summary_json)
		64	os.remove(recipe_json)
		65	except FileNotFoundError:
		66	pass
		67
		68	bitbake("m4-native -c cve_check")
		69
		70	def check_m4_json(filename):
		71	with open(filename) as f:
		72	report = json.load(f)
		73	self.assertEqual(report["version"], "1")
		74	self.assertEqual(len(report["package"]), 1)
		75	package = report["package"][0]
		76	self.assertEqual(package["name"], "m4-native")
		77	found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
		78	self.assertIn("CVE-2008-1687", found_cves)
		79	self.assertEqual(found_cves["CVE-2008-1687"], "Patched")
		80
		81	self.assertExists(summary_json)
		82	check_m4_json(summary_json)
		83	self.assertExists(recipe_json)
		84	check_m4_json(recipe_json)
		85
		86
		87	def test_image_json(self):
		88	config = """
		89	INHERIT += "cve-check"
		90	CVE_CHECK_FORMAT_JSON = "1"
		91	"""
		92	self.write_config(config)
		93
		94	vars = get_bb_vars(["CVE_CHECK_DIR", "CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		95	report_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		96	print(report_json)
		97	try:
		98	os.remove(report_json)
		99	except FileNotFoundError:
		100	pass
		101
		102	bitbake("core-image-minimal-initramfs")
		103	self.assertExists(report_json)
		104
		105	# Check that the summary report lists at least one package
		106	with open(report_json) as f:
		107	report = json.load(f)
		108	self.assertEqual(report["version"], "1")
		109	self.assertGreater(len(report["package"]), 1)
		110
		111	# Check that a random recipe wrote a recipe report to deploy/cve/
		112	recipename = report["package"][0]["name"]
		113	recipe_report = os.path.join(vars["CVE_CHECK_DIR"], recipename + "_cve.json")
		114	self.assertExists(recipe_report)
		115	with open(recipe_report) as f:
		116	report = json.load(f)
		117	self.assertEqual(report["version"], "1")
		118	self.assertEqual(len(report["package"]), 1)
		119	self.assertEqual(report["package"][0]["name"], recipename)