summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorakuster <akuster808@gmail.com>2021-02-08 05:51:30 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-02-09 08:56:10 +0000
commit73befa8f413090ec0d4eba45efe51303b25b0004 (patch)
tree051d0c8f900f94032fab13d1d24bcce5c159e047
parent29e280f7ee6d38910e6186948272d641e1511fdd (diff)
downloadpoky-73befa8f413090ec0d4eba45efe51303b25b0004.tar.gz
cve-check: add include/exclude layers
There are times when exluding or including a layer may be desired. This provide the framwork for that via two variables. The default is all layers in bblayers. CVE_CHECK_LAYER_INCLUDELIST CVE_CHECK_LAYER_EXCLUDELIST (From OE-Core rev: 5fdde65ef58b4c1048839e4f9462b34bab36fc22) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/cve-check.bbclass17
1 files changed, 17 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061af7a276..112ee3379d 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
53# 53#
54CVE_CHECK_WHITELIST ?= "" 54CVE_CHECK_WHITELIST ?= ""
55 55
56# Layers to be excluded
57CVE_CHECK_LAYER_EXCLUDELIST ??= ""
58
59# Layers to be included
60CVE_CHECK_LAYER_INCLUDELIST ??= ""
61
62
56# set to "alphabetical" for version using single alphabetical character as increament release 63# set to "alphabetical" for version using single alphabetical character as increament release
57CVE_VERSION_SUFFIX ??= "" 64CVE_VERSION_SUFFIX ??= ""
58 65
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
334 CVE manifest if enabled. 341 CVE manifest if enabled.
335 """ 342 """
336 343
344
337 cve_file = d.getVar("CVE_CHECK_LOG") 345 cve_file = d.getVar("CVE_CHECK_LOG")
338 fdir_name = d.getVar("FILE_DIRNAME") 346 fdir_name = d.getVar("FILE_DIRNAME")
339 layer = fdir_name.split("/")[-3] 347 layer = fdir_name.split("/")[-3]
340 348
349 include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
350 exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
351
352 if exclude_layers and layer in exclude_layers:
353 return
354
355 if include_layers and layer not in include_layers:
356 return
357
341 nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" 358 nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
342 write_string = "" 359 write_string = ""
343 unpatched_cves = [] 360 unpatched_cves = []