diff options
| author | Ross Burton <ross@burtonini.com> | 2020-11-19 10:38:09 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-12-09 23:49:01 +0000 |
| commit | 7bc8438db6ebdead38540e16f084929eeee7760d (patch) | |
| tree | f89a09864da184e9470f1b07e928ac78d61b221d /meta/classes/cve-check.bbclass | |
| parent | f7971e8af6810ac4b80a764feb48b353208d3822 (diff) | |
| download | poky-7bc8438db6ebdead38540e16f084929eeee7760d.tar.gz | |
cve-check: show real PN/PV
The output currently shows the remapped product and version fields,
which may not be the actual recipe name/version. As this report is about
recipes, use the real values.
(From OE-Core rev: 2618eedbafc408c41479e63dac88a9b5bab461fc)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 18827d7f40db4a4f92680bd59ca655cca373ad65)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 17f64a8a9c..669da6c8e9 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -205,6 +205,9 @@ def check_cves(d, patched_cves): | |||
| 205 | """ | 205 | """ |
| 206 | from distutils.version import LooseVersion | 206 | from distutils.version import LooseVersion |
| 207 | 207 | ||
| 208 | pn = d.getVar("PN") | ||
| 209 | real_pv = d.getVar("PV") | ||
| 210 | |||
| 208 | cves_unpatched = [] | 211 | cves_unpatched = [] |
| 209 | # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) | 212 | # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) |
| 210 | products = d.getVar("CVE_PRODUCT").split() | 213 | products = d.getVar("CVE_PRODUCT").split() |
| @@ -214,7 +217,7 @@ def check_cves(d, patched_cves): | |||
| 214 | pv = d.getVar("CVE_VERSION").split("+git")[0] | 217 | pv = d.getVar("CVE_VERSION").split("+git")[0] |
| 215 | 218 | ||
| 216 | # If the recipe has been whitlisted we return empty lists | 219 | # If the recipe has been whitlisted we return empty lists |
| 217 | if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): | 220 | if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split(): |
| 218 | bb.note("Recipe has been whitelisted, skipping check") | 221 | bb.note("Recipe has been whitelisted, skipping check") |
| 219 | return ([], [], []) | 222 | return ([], [], []) |
| 220 | 223 | ||
| @@ -283,12 +286,12 @@ def check_cves(d, patched_cves): | |||
| 283 | vulnerable = vulnerable_start or vulnerable_end | 286 | vulnerable = vulnerable_start or vulnerable_end |
| 284 | 287 | ||
| 285 | if vulnerable: | 288 | if vulnerable: |
| 286 | bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) | 289 | bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) |
| 287 | cves_unpatched.append(cve) | 290 | cves_unpatched.append(cve) |
| 288 | break | 291 | break |
| 289 | 292 | ||
| 290 | if not vulnerable: | 293 | if not vulnerable: |
| 291 | bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) | 294 | bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) |
| 292 | # TODO: not patched but not vulnerable | 295 | # TODO: not patched but not vulnerable |
| 293 | patched_cves.add(cve) | 296 | patched_cves.add(cve) |
| 294 | 297 | ||