diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2021-01-29 11:51:15 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-02-10 23:55:53 +0000 |
commit | 2b526d90791da501c9870dd6d3993fcfa7d15249 (patch) | |
tree | b6c0848703b8b94d8ab95d68ca09808a4f58e218 /meta/classes | |
parent | f829419105c8a85dd403ab61d70ce730f5bf9103 (diff) | |
download | poky-2b526d90791da501c9870dd6d3993fcfa7d15249.tar.gz |
cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning
add CVE_VERSION_SUFFIX to indicate the version suffix type, currently
works in two value, "alphabetical" if the version string uses single
alphabetical character suffix as incremental release, blank to not
consider the unidentified suffixes. This can be expand when more suffix
pattern identified.
refactor cve_check.Version class to use functools and add parameter to
handle suffix condition.
Also update testcases to cover new changes.
(From OE-Core rev: 37a40c30709bf80c74948f47361b2be2c646c9d8)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5dfd5ad5144708b474ef31eaa89a846c57be8ac0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/cve-check.bbclass | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 93af667544..dbff852e18 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -50,6 +50,9 @@ CVE_CHECK_PN_WHITELIST ?= "" | |||
50 | # | 50 | # |
51 | CVE_CHECK_WHITELIST ?= "" | 51 | CVE_CHECK_WHITELIST ?= "" |
52 | 52 | ||
53 | # set to "alphabetical" for version using single alphabetical character as increament release | ||
54 | CVE_VERSION_SUFFIX ??= "" | ||
55 | |||
53 | python cve_save_summary_handler () { | 56 | python cve_save_summary_handler () { |
54 | import shutil | 57 | import shutil |
55 | import datetime | 58 | import datetime |
@@ -207,6 +210,7 @@ def check_cves(d, patched_cves): | |||
207 | 210 | ||
208 | pn = d.getVar("PN") | 211 | pn = d.getVar("PN") |
209 | real_pv = d.getVar("PV") | 212 | real_pv = d.getVar("PV") |
213 | suffix = d.getVar("CVE_VERSION_SUFFIX") | ||
210 | 214 | ||
211 | cves_unpatched = [] | 215 | cves_unpatched = [] |
212 | # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) | 216 | # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) |
@@ -260,8 +264,8 @@ def check_cves(d, patched_cves): | |||
260 | else: | 264 | else: |
261 | if operator_start: | 265 | if operator_start: |
262 | try: | 266 | try: |
263 | vulnerable_start = (operator_start == '>=' and Version(pv) >= Version(version_start)) | 267 | vulnerable_start = (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix)) |
264 | vulnerable_start |= (operator_start == '>' and Version(pv) > Version(version_start)) | 268 | vulnerable_start |= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix)) |
265 | except: | 269 | except: |
266 | bb.warn("%s: Failed to compare %s %s %s for %s" % | 270 | bb.warn("%s: Failed to compare %s %s %s for %s" % |
267 | (product, pv, operator_start, version_start, cve)) | 271 | (product, pv, operator_start, version_start, cve)) |
@@ -271,8 +275,8 @@ def check_cves(d, patched_cves): | |||
271 | 275 | ||
272 | if operator_end: | 276 | if operator_end: |
273 | try: | 277 | try: |
274 | vulnerable_end = (operator_end == '<=' and Version(pv) <= Version(version_end) ) | 278 | vulnerable_end = (operator_end == '<=' and Version(pv,suffix) <= Version(version_end,suffix) ) |
275 | vulnerable_end |= (operator_end == '<' and Version(pv) < Version(version_end) ) | 279 | vulnerable_end |= (operator_end == '<' and Version(pv,suffix) < Version(version_end,suffix) ) |
276 | except: | 280 | except: |
277 | bb.warn("%s: Failed to compare %s %s %s for %s" % | 281 | bb.warn("%s: Failed to compare %s %s %s for %s" % |
278 | (product, pv, operator_end, version_end, cve)) | 282 | (product, pv, operator_end, version_end, cve)) |