diff options
author | akuster <akuster808@gmail.com> | 2021-02-08 05:51:30 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-18 18:00:19 +0100 |
commit | 4625b656eca757a6944aff63c60d34b592dbb76c (patch) | |
tree | 863ef23de91fa0107e1d3127d808af8578c70e7c /meta/classes | |
parent | 48d80a80a984dff7635504675e3ec6f3ff758996 (diff) | |
download | poky-4625b656eca757a6944aff63c60d34b592dbb76c.tar.gz |
cve-check: add include/exclude layers
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST
(From OE-Core rev: 76d5c60734c614b8224bef97022738f3a59244d0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5fdde65ef58b4c1048839e4f9462b34bab36fc22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/cve-check.bbclass | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 8086cf05e9..8e7e3c60ff 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= "" | |||
53 | # | 53 | # |
54 | CVE_CHECK_WHITELIST ?= "" | 54 | CVE_CHECK_WHITELIST ?= "" |
55 | 55 | ||
56 | # Layers to be excluded | ||
57 | CVE_CHECK_LAYER_EXCLUDELIST ??= "" | ||
58 | |||
59 | # Layers to be included | ||
60 | CVE_CHECK_LAYER_INCLUDELIST ??= "" | ||
61 | |||
62 | |||
56 | # set to "alphabetical" for version using single alphabetical character as increament release | 63 | # set to "alphabetical" for version using single alphabetical character as increament release |
57 | CVE_VERSION_SUFFIX ??= "" | 64 | CVE_VERSION_SUFFIX ??= "" |
58 | 65 | ||
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | |||
334 | CVE manifest if enabled. | 341 | CVE manifest if enabled. |
335 | """ | 342 | """ |
336 | 343 | ||
344 | |||
337 | cve_file = d.getVar("CVE_CHECK_LOG") | 345 | cve_file = d.getVar("CVE_CHECK_LOG") |
338 | fdir_name = d.getVar("FILE_DIRNAME") | 346 | fdir_name = d.getVar("FILE_DIRNAME") |
339 | layer = fdir_name.split("/")[-3] | 347 | layer = fdir_name.split("/")[-3] |
340 | 348 | ||
349 | include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() | ||
350 | exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() | ||
351 | |||
352 | if exclude_layers and layer in exclude_layers: | ||
353 | return | ||
354 | |||
355 | if include_layers and layer not in include_layers: | ||
356 | return | ||
357 | |||
341 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" | 358 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" |
342 | write_string = "" | 359 | write_string = "" |
343 | unpatched_cves = [] | 360 | unpatched_cves = [] |