diff options
| author | Chee Yang Lee <chee.yang.lee@intel.com> | 2020-03-06 10:27:26 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-03-07 10:06:17 +0000 |
| commit | 932ac04cb843a42fa174cd412ae24b2f9eda8eaf (patch) | |
| tree | d9ceacfa763776de18ddbc0b06e15ca99aa3c0ef /meta/classes | |
| parent | 75bebb354642d0f87e90770091f18dfeb4c30471 (diff) | |
| download | poky-932ac04cb843a42fa174cd412ae24b2f9eda8eaf.tar.gz | |
cve-check: show whitelisted status
change whitelisted CVE status from "Patched" to "Whitelisted".
[Yocto #13687]
(From OE-Core rev: 181bdd670492525f9488d52c3ebb9a1b142e35ea)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 74124364b2..7f98da60f1 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -56,10 +56,10 @@ python do_cve_check () { | |||
| 56 | patched_cves = get_patches_cves(d) | 56 | patched_cves = get_patches_cves(d) |
| 57 | except FileNotFoundError: | 57 | except FileNotFoundError: |
| 58 | bb.fatal("Failure in searching patches") | 58 | bb.fatal("Failure in searching patches") |
| 59 | patched, unpatched = check_cves(d, patched_cves) | 59 | whitelisted, patched, unpatched = check_cves(d, patched_cves) |
| 60 | if patched or unpatched: | 60 | if patched or unpatched: |
| 61 | cve_data = get_cve_info(d, patched + unpatched) | 61 | cve_data = get_cve_info(d, patched + unpatched) |
| 62 | cve_write_data(d, patched, unpatched, cve_data) | 62 | cve_write_data(d, patched, unpatched, whitelisted, cve_data) |
| 63 | else: | 63 | else: |
| 64 | bb.note("No CVE database found, skipping CVE check") | 64 | bb.note("No CVE database found, skipping CVE check") |
| 65 | 65 | ||
| @@ -263,7 +263,7 @@ def check_cves(d, patched_cves): | |||
| 263 | 263 | ||
| 264 | conn.close() | 264 | conn.close() |
| 265 | 265 | ||
| 266 | return (list(patched_cves), cves_unpatched) | 266 | return (list(cve_whitelist), list(patched_cves), cves_unpatched) |
| 267 | 267 | ||
| 268 | def get_cve_info(d, cves): | 268 | def get_cve_info(d, cves): |
| 269 | """ | 269 | """ |
| @@ -287,7 +287,7 @@ def get_cve_info(d, cves): | |||
| 287 | conn.close() | 287 | conn.close() |
| 288 | return cve_data | 288 | return cve_data |
| 289 | 289 | ||
| 290 | def cve_write_data(d, patched, unpatched, cve_data): | 290 | def cve_write_data(d, patched, unpatched, whitelisted, cve_data): |
| 291 | """ | 291 | """ |
| 292 | Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and | 292 | Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and |
| 293 | CVE manifest if enabled. | 293 | CVE manifest if enabled. |
| @@ -303,7 +303,9 @@ def cve_write_data(d, patched, unpatched, cve_data): | |||
| 303 | write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") | 303 | write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") |
| 304 | write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV") | 304 | write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV") |
| 305 | write_string += "CVE: %s\n" % cve | 305 | write_string += "CVE: %s\n" % cve |
| 306 | if cve in patched: | 306 | if cve in whitelisted: |
| 307 | write_string += "CVE STATUS: Whitelisted\n" | ||
| 308 | elif cve in patched: | ||
| 307 | write_string += "CVE STATUS: Patched\n" | 309 | write_string += "CVE STATUS: Patched\n" |
| 308 | else: | 310 | else: |
| 309 | unpatched_cves.append(cve) | 311 | unpatched_cves.append(cve) |