diff options
author | Geoffrey GIRY <geoffrey.giry@smile.fr> | 2023-03-28 12:23:49 +0200 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-04-14 05:44:12 -1000 |
commit | d8057ae9aa73616d2383e5d10d2125d1912b0a13 (patch) | |
tree | 6ef95d877a3a68197b2c5bf71d621c7e68b864cb /meta/lib/oeqa/selftest/cases/cve_check.py | |
parent | 5150ad7fcb320964dc215866a1943d4732b49e98 (diff) | |
download | poky-d8057ae9aa73616d2383e5d10d2125d1912b0a13.tar.gz |
cve-check: Fix false negative version issue
NVD DB store version and update in the same value, separated by '_'.
The proposed patch check if the version from NVD DB contains a "_",
ie 9.2.0_p1 is convert to 9.2.0p1 before version comparison.
[YOCTO #14127]
Reviewed-by: Yoann CONGAL <yoann.congal@smile.fr>
(From OE-Core rev: eb439b1283b60e6665694ff28c89fbd633eda6b0)
Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7d00f6ec578084a0a0e5caf36241d53036d996c4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/lib/oeqa/selftest/cases/cve_check.py')
-rw-r--r-- | meta/lib/oeqa/selftest/cases/cve_check.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index d0b2213703..22ffeffd29 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py | |||
@@ -48,6 +48,25 @@ class CVECheck(OESelftestTestCase): | |||
48 | self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'") | 48 | self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'") |
49 | 49 | ||
50 | 50 | ||
51 | def test_convert_cve_version(self): | ||
52 | from oe.cve_check import convert_cve_version | ||
53 | |||
54 | # Default format | ||
55 | self.assertEqual(convert_cve_version("8.3"), "8.3") | ||
56 | self.assertEqual(convert_cve_version(""), "") | ||
57 | |||
58 | # OpenSSL format version | ||
59 | self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t") | ||
60 | |||
61 | # OpenSSH format | ||
62 | self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1") | ||
63 | self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22") | ||
64 | |||
65 | # Linux kernel format | ||
66 | self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8") | ||
67 | self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31") | ||
68 | |||
69 | |||
51 | def test_recipe_report_json(self): | 70 | def test_recipe_report_json(self): |
52 | config = """ | 71 | config = """ |
53 | INHERIT += "cve-check" | 72 | INHERIT += "cve-check" |