summaryrefslogtreecommitdiffstats
path: root/meta/lib/oe
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2021-01-22 18:07:19 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-01-23 17:08:54 +0000
commit3807c6d9a78ac8ade24c9c69cfe2b9624c49a20d (patch)
tree28f45b7c903d0477dd2bda97a361548903cb62dd /meta/lib/oe
parent2485beac6806bca183054e1497f0f79456e4d9c2 (diff)
downloadpoky-3807c6d9a78ac8ade24c9c69cfe2b9624c49a20d.tar.gz
cve-check: replace Looseversion with custom version class
The way distutils.version.LooseVersion compare version are tricky, it treat all these ( "1.0-beta2", "1.0-rc1", "1.0A", "1.0p2" and "1.0pre1") as greater version than "1.0". This might be right for "1.0A" and "1.0p1" but not for the rest, also these version could be confusing, the "p" in "1.0p1" can be "pre" or "patched" version or even other meaning. Replace Looseversion with custom class, it uses regex to capture common version format like "1.1.1" or tag format using date like "2020-12-12" as release section, check for following known string/tags ( beta, rc, pre, dev, alpha, preview) as pre-release section, any other trailing characters are difficult to understand/define so ignore them. Compare release section and pre-release section saperately. included selftest for the version class. [YOCTO#14127] (From OE-Core rev: 6ced85e9ddd3569240f1e8b82130d1ac0fffbc40) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib/oe')
-rw-r--r--meta/lib/oe/cve_check.py58
1 files changed, 58 insertions, 0 deletions
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
new file mode 100644
index 0000000000..ec48a3f829
--- /dev/null
+++ b/meta/lib/oe/cve_check.py
@@ -0,0 +1,58 @@
1import collections
2import re
3import itertools
4
5_Version = collections.namedtuple(
6 "_Version", ["release", "pre_l", "pre_v"]
7)
8
9class Version():
10 _version_pattern = r"""v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
11 _regex = re.compile(r"^\s*" + _version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE)
12 def __init__(self, version):
13 match = self._regex.search(version)
14 if not match:
15 raise Exception("Invalid version: '{0}'".format(version))
16
17 self._version = _Version(
18 release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")),
19 pre_l=match.group("pre_l"),
20 pre_v=match.group("pre_v")
21 )
22
23 self._key = _cmpkey(
24 self._version.release,
25 self._version.pre_l,
26 self._version.pre_v
27 )
28
29 def __le__(self, other):
30 if not isinstance(other, Version):
31 return NotImplemented
32 return self._key <= other._key
33
34 def __lt__(self, other):
35 if not isinstance(other, Version):
36 return NotImplemented
37 return self._key < other._key
38
39 def __ge__(self, other):
40 if not isinstance(other, Version):
41 return NotImplemented
42 return self._key >= other._key
43
44 def __gt__(self, other):
45 if not isinstance(other, Version):
46 return NotImplemented
47 return self._key > other._key
48
49def _cmpkey(release, pre_l, pre_v):
50 # remove leading 0
51 _release = tuple(
52 reversed(list(itertools.dropwhile(lambda x: x == 0, reversed(release))))
53 )
54 if pre_l is None and pre_v is None:
55 _pre = float('inf')
56 else:
57 _pre = float(pre_v) if pre_v else float('-inf')
58 return _release, _pre