diff options
author | akuster <akuster808@gmail.com> | 2021-02-08 05:51:30 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-02-09 08:56:10 +0000 |
commit | 73befa8f413090ec0d4eba45efe51303b25b0004 (patch) | |
tree | 051d0c8f900f94032fab13d1d24bcce5c159e047 /meta/classes/cve-check.bbclass | |
parent | 29e280f7ee6d38910e6186948272d641e1511fdd (diff) | |
download | poky-73befa8f413090ec0d4eba45efe51303b25b0004.tar.gz |
cve-check: add include/exclude layers
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST
(From OE-Core rev: 5fdde65ef58b4c1048839e4f9462b34bab36fc22)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 061af7a276..112ee3379d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= "" | |||
53 | # | 53 | # |
54 | CVE_CHECK_WHITELIST ?= "" | 54 | CVE_CHECK_WHITELIST ?= "" |
55 | 55 | ||
56 | # Layers to be excluded | ||
57 | CVE_CHECK_LAYER_EXCLUDELIST ??= "" | ||
58 | |||
59 | # Layers to be included | ||
60 | CVE_CHECK_LAYER_INCLUDELIST ??= "" | ||
61 | |||
62 | |||
56 | # set to "alphabetical" for version using single alphabetical character as increament release | 63 | # set to "alphabetical" for version using single alphabetical character as increament release |
57 | CVE_VERSION_SUFFIX ??= "" | 64 | CVE_VERSION_SUFFIX ??= "" |
58 | 65 | ||
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | |||
334 | CVE manifest if enabled. | 341 | CVE manifest if enabled. |
335 | """ | 342 | """ |
336 | 343 | ||
344 | |||
337 | cve_file = d.getVar("CVE_CHECK_LOG") | 345 | cve_file = d.getVar("CVE_CHECK_LOG") |
338 | fdir_name = d.getVar("FILE_DIRNAME") | 346 | fdir_name = d.getVar("FILE_DIRNAME") |
339 | layer = fdir_name.split("/")[-3] | 347 | layer = fdir_name.split("/")[-3] |
340 | 348 | ||
349 | include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() | ||
350 | exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() | ||
351 | |||
352 | if exclude_layers and layer in exclude_layers: | ||
353 | return | ||
354 | |||
355 | if include_layers and layer not in include_layers: | ||
356 | return | ||
357 | |||
341 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" | 358 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" |
342 | write_string = "" | 359 | write_string = "" |
343 | unpatched_cves = [] | 360 | unpatched_cves = [] |