diff options
| author | Andrej Valek <andrej.valek@siemens.com> | 2023-06-23 13:14:57 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-07-19 23:25:01 +0100 |
| commit | 679b7b6700ec1355a5b15a51c90a7ee339bee97c (patch) | |
| tree | 9cd098cd6fa467ba9923193f250525a34062d67c | |
| parent | be9883a92bad0fe4c1e9c7302c93dea4ac680f8c (diff) | |
| download | poky-679b7b6700ec1355a5b15a51c90a7ee339bee97c.tar.gz | |
oeqa/selftest/cve_check: rework test to new cve status handling
- After introducing the CVE_STATUS and CVE_CHECK_STATUSMAP flag
variables, CVEs could contain a more information for assigned statuses.
- Add an example conversion in logrotate recipe.
(From OE-Core rev: da1f34b58fd106a40c296b68daf8a7e5db354c9a)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/lib/oeqa/selftest/cases/cve_check.py | 26 | ||||
| -rw-r--r-- | meta/recipes-extended/logrotate/logrotate_3.21.0.bb | 5 |
2 files changed, 24 insertions, 7 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index 9534c9775c..60cecd1328 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py | |||
| @@ -207,18 +207,34 @@ CVE_CHECK_REPORT_PATCHED = "1" | |||
| 207 | self.assertEqual(len(report["package"]), 1) | 207 | self.assertEqual(len(report["package"]), 1) |
| 208 | package = report["package"][0] | 208 | package = report["package"][0] |
| 209 | self.assertEqual(package["name"], "logrotate") | 209 | self.assertEqual(package["name"], "logrotate") |
| 210 | found_cves = { issue["id"]: issue["status"] for issue in package["issue"]} | 210 | found_cves = {} |
| 211 | for issue in package["issue"]: | ||
| 212 | found_cves[issue["id"]] = { | ||
| 213 | "status" : issue["status"], | ||
| 214 | "detail" : issue["detail"] if "detail" in issue else "", | ||
| 215 | "description" : issue["description"] if "description" in issue else "" | ||
| 216 | } | ||
| 211 | # m4 CVE should not be in logrotate | 217 | # m4 CVE should not be in logrotate |
| 212 | self.assertNotIn("CVE-2008-1687", found_cves) | 218 | self.assertNotIn("CVE-2008-1687", found_cves) |
| 213 | # logrotate has both Patched and Ignored CVEs | 219 | # logrotate has both Patched and Ignored CVEs |
| 214 | self.assertIn("CVE-2011-1098", found_cves) | 220 | self.assertIn("CVE-2011-1098", found_cves) |
| 215 | self.assertEqual(found_cves["CVE-2011-1098"], "Patched") | 221 | self.assertEqual(found_cves["CVE-2011-1098"]["status"], "Patched") |
| 222 | self.assertEqual(len(found_cves["CVE-2011-1098"]["detail"]), 0) | ||
| 223 | self.assertEqual(len(found_cves["CVE-2011-1098"]["description"]), 0) | ||
| 224 | detail = "not-applicable-platform" | ||
| 225 | description = "CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used" | ||
| 216 | self.assertIn("CVE-2011-1548", found_cves) | 226 | self.assertIn("CVE-2011-1548", found_cves) |
| 217 | self.assertEqual(found_cves["CVE-2011-1548"], "Ignored") | 227 | self.assertEqual(found_cves["CVE-2011-1548"]["status"], "Ignored") |
| 228 | self.assertEqual(found_cves["CVE-2011-1548"]["detail"], detail) | ||
| 229 | self.assertEqual(found_cves["CVE-2011-1548"]["description"], description) | ||
| 218 | self.assertIn("CVE-2011-1549", found_cves) | 230 | self.assertIn("CVE-2011-1549", found_cves) |
| 219 | self.assertEqual(found_cves["CVE-2011-1549"], "Ignored") | 231 | self.assertEqual(found_cves["CVE-2011-1549"]["status"], "Ignored") |
| 232 | self.assertEqual(found_cves["CVE-2011-1549"]["detail"], detail) | ||
| 233 | self.assertEqual(found_cves["CVE-2011-1549"]["description"], description) | ||
| 220 | self.assertIn("CVE-2011-1550", found_cves) | 234 | self.assertIn("CVE-2011-1550", found_cves) |
| 221 | self.assertEqual(found_cves["CVE-2011-1550"], "Ignored") | 235 | self.assertEqual(found_cves["CVE-2011-1550"]["status"], "Ignored") |
| 236 | self.assertEqual(found_cves["CVE-2011-1550"]["detail"], detail) | ||
| 237 | self.assertEqual(found_cves["CVE-2011-1550"]["description"], description) | ||
| 222 | 238 | ||
| 223 | self.assertExists(summary_json) | 239 | self.assertExists(summary_json) |
| 224 | check_m4_json(summary_json) | 240 | check_m4_json(summary_json) |
diff --git a/meta/recipes-extended/logrotate/logrotate_3.21.0.bb b/meta/recipes-extended/logrotate/logrotate_3.21.0.bb index f0755e3ae5..10a6149abc 100644 --- a/meta/recipes-extended/logrotate/logrotate_3.21.0.bb +++ b/meta/recipes-extended/logrotate/logrotate_3.21.0.bb | |||
| @@ -16,8 +16,9 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \ | |||
| 16 | 16 | ||
| 17 | SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516" | 17 | SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516" |
| 18 | 18 | ||
| 19 | # These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used | 19 | CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE" |
| 20 | CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550" | 20 | CVE_STATUS_RECIPE = "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550" |
| 21 | CVE_STATUS_RECIPE[status] = "not-applicable-platform: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used" | ||
| 21 | 22 | ||
| 22 | PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}" | 23 | PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}" |
| 23 | 24 | ||