cve-check: Fix false negative version issue

NVD DB store version and update in the same value, separated by '_'. The proposed patch check if the version from NVD DB contains a "_", ie 9.2.0_p1 is convert to 9.2.0p1 before version comparison. [YOCTO #14127] Reviewed-by: Yoann CONGAL <yoann.congal@smile.fr> (From OE-Core rev: eb439b1283b60e6665694ff28c89fbd633eda6b0) Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7d00f6ec578084a0a0e5caf36241d53036d996c4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Geoffrey GIRY <geoffrey.giry@smile.fr> 2023-03-28 12:23:49 +0200
committer: Steve Sakoman <steve@sakoman.com> 2023-04-14 05:44:12 -1000
commit: d8057ae9aa73616d2383e5d10d2125d1912b0a13 (patch)
tree: 6ef95d877a3a68197b2c5bf71d621c7e68b864cb /meta/lib/oeqa/selftest/cases/cve_check.py
parent: 5150ad7fcb320964dc215866a1943d4732b49e98 (diff)
download: poky-d8057ae9aa73616d2383e5d10d2125d1912b0a13.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index d0b2213703..22ffeffd29 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -48,6 +48,25 @@ class CVECheck(OESelftestTestCase):
        self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
+    def test_convert_cve_version(self):
+        from oe.cve_check import convert_cve_version
+        # Default format
+        self.assertEqual(convert_cve_version("8.3"), "8.3")
+        self.assertEqual(convert_cve_version(""), "")
+        # OpenSSL format version
+        self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t")
+        # OpenSSH format
+        self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1")
+        self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22")
+        # Linux kernel format
+        self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8")
+        self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31")
    def test_recipe_report_json(self):
        config = """
 INHERIT += "cve-check"
author	Geoffrey GIRY <geoffrey.giry@smile.fr>	2023-03-28 12:23:49 +0200
committer	Steve Sakoman <steve@sakoman.com>	2023-04-14 05:44:12 -1000
commit	d8057ae9aa73616d2383e5d10d2125d1912b0a13 (patch)
tree	6ef95d877a3a68197b2c5bf71d621c7e68b864cb /meta/lib/oeqa/selftest/cases/cve_check.py
parent	5150ad7fcb320964dc215866a1943d4732b49e98 (diff)
download	poky-d8057ae9aa73616d2383e5d10d2125d1912b0a13.tar.gz

diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index d0b2213703..22ffeffd29 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -48,6 +48,25 @@ class CVECheck(OESelftestTestCase):
48	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")	48	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
49		49
50		50
		51	def test_convert_cve_version(self):
		52	from oe.cve_check import convert_cve_version
		53
		54	# Default format
		55	self.assertEqual(convert_cve_version("8.3"), "8.3")
		56	self.assertEqual(convert_cve_version(""), "")
		57
		58	# OpenSSL format version
		59	self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t")
		60
		61	# OpenSSH format
		62	self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1")
		63	self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22")
		64
		65	# Linux kernel format
		66	self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8")
		67	self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31")
		68
		69
51	def test_recipe_report_json(self):	70	def test_recipe_report_json(self):
52	config = """	71	config = """
53	INHERIT += "cve-check"	72	INHERIT += "cve-check"