patchtest: remove test for CVE tag in mbox

After patchtest went live it was determined that testing for a CVE tag in the mbox commit message is unnecessary, since it will already be in the shortlog and in any carried patches. Remove the test and the associated selftest files so that its absence isn't flagged in future test results. (From OE-Core rev: 54690f18f04a2ab993a85d551ce4f8d0fa56618a) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Trevor Gamblin <tgamblin@baylibre.com> 2023-11-01 10:20:55 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-01 19:19:40 +0000
commit: 06a7e7a14d3b9629536cf824360544c6c17cad32 (patch)
tree: e180c0a6d64d745e5af7619dfb509143b980a28c /meta/lib/patchtest
parent: 3ad5aa3f16fbef700db2934edc83250650498b28 (diff)
download: poky-06a7e7a14d3b9629536cf824360544c6c17cad32.tar.gz
3 files changed, 0 insertions, 170 deletions
diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail
deleted file mode 100644
index d40b8a936b..0000000000
--- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail
+++ /dev/null
@@ -1,72 +0,0 @@
-From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Tue, 29 Aug 2023 14:12:27 -0400
-Subject: [PATCH] selftest-hello: fix CVE-1234-56789
-This patch should fail the test for CVE presence in the mbox commit message.
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
---
- .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
- .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
- 2 files changed, 31 insertions(+), 2 deletions(-)
- create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
-diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
-new file mode 100644
-index 0000000000..869cfb6fe5
--- /dev/null
-+++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
-@@ -0,0 +1,27 @@
-+From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
-+From: Trevor Gamblin <tgamblin@baylibre.com>
-+Date: Tue, 29 Aug 2023 14:08:20 -0400
-+Subject: [PATCH] Fix CVE-NOT-REAL
-+
-+CVE: CVE-1234-56789
-+Upstream-Status: Backport(http://example.com/example)
-+
-+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
-+---
-+ strlen.c | 1 +
-+ 1 file changed, 1 insertion(+)
-+
-+diff --git a/strlen.c b/strlen.c
-+index 1788f38..83d7918 100644
-+--- a/strlen.c
-++++ b/strlen.c
-+@@ -8,6 +8,7 @@ int main() {
-+ 
-+       printf("%d\n", str_len(string1));
-+       printf("%d\n", str_len(string2));
-++      printf("CVE FIXED!!!\n");
-+ 
-+       return 0;
-+ }
-+-- 
-+2.41.0
-diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
-index 547587bef4..76975a6729 100644
--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
-+++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
-@@ -3,7 +3,9 @@ SECTION = "examples"
- LICENSE = "MIT"
- LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
- 
-SRC_URI = "file://helloworld.c"
-+SRC_URI = "file://helloworld.c \
-+           file://CVE-1234-56789.patch \
-+           "
- 
- S = "${WORKDIR}"
- 
-@@ -16,4 +18,4 @@ do_install() {
-        install -m 0755 helloworld ${D}${bindir}
- }
- 
-BBCLASSEXTEND = "native nativesdk"
-\ No newline at end of file
-+BBCLASSEXTEND = "native nativesdk"
-- 
-2.41.0
diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass
deleted file mode 100644
index 433c7a450a..0000000000
--- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass
+++ /dev/null
@@ -1,74 +0,0 @@
-From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Tue, 29 Aug 2023 14:12:27 -0400
-Subject: [PATCH] selftest-hello: fix CVE-1234-56789
-This test should pass the mbox cve tag test.
-CVE: CVE-1234-56789
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
---
- .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
- .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
- 2 files changed, 31 insertions(+), 2 deletions(-)
- create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
-diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
-new file mode 100644
-index 0000000000..869cfb6fe5
--- /dev/null
-+++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
-@@ -0,0 +1,27 @@
-+From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
-+From: Trevor Gamblin <tgamblin@baylibre.com>
-+Date: Tue, 29 Aug 2023 14:08:20 -0400
-+Subject: [PATCH] Fix CVE-NOT-REAL
-+
-+CVE: CVE-1234-56789
-+Upstream-Status: Backport(http://example.com/example)
-+
-+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
-+---
-+ strlen.c | 1 +
-+ 1 file changed, 1 insertion(+)
-+
-+diff --git a/strlen.c b/strlen.c
-+index 1788f38..83d7918 100644
-+--- a/strlen.c
-++++ b/strlen.c
-+@@ -8,6 +8,7 @@ int main() {
-+ 
-+       printf("%d\n", str_len(string1));
-+       printf("%d\n", str_len(string2));
-++      printf("CVE FIXED!!!\n");
-+ 
-+       return 0;
-+ }
-+-- 
-+2.41.0
-diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
-index 547587bef4..76975a6729 100644
--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
-+++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
-@@ -3,7 +3,9 @@ SECTION = "examples"
- LICENSE = "MIT"
- LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
- 
-SRC_URI = "file://helloworld.c"
-+SRC_URI = "file://helloworld.c \
-+           file://CVE-1234-56789.patch \
-+           "
- 
- S = "${WORKDIR}"
- 
-@@ -16,4 +18,4 @@ do_install() {
-        install -m 0755 helloworld ${D}${bindir}
- }
- 
-BBCLASSEXTEND = "native nativesdk"
-\ No newline at end of file
-+BBCLASSEXTEND = "native nativesdk"
-- 
-2.41.0
diff --git a/meta/lib/patchtest/tests/test_mbox.py b/meta/lib/patchtest/tests/test_mbox.py
index 2449564d0f..0b623b7d17 100644
--- a/meta/lib/patchtest/tests/test_mbox.py
+++ b/meta/lib/patchtest/tests/test_mbox.py
@@ -6,7 +6,6 @@
 import base
 import collections
-import parse_cve_tags
 import parse_shortlog
 import parse_signed_off_by
 import pyparsing
@@ -33,8 +32,6 @@ class TestMbox(base.Base):
    rexp_detect = pyparsing.Regex('\[\s?YOCTO.*\]')
    rexp_validation = pyparsing.Regex('\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]')
    revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"')
-    prog = parse_cve_tags.cve_tag
-    patch_prog = parse_cve_tags.patch_cve_tag
    signoff_prog = parse_signed_off_by.signed_off_by
    revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"')
    maxlength = 90
@@ -143,27 +140,6 @@ class TestMbox(base.Base):
            if not commit.commit_message.strip():
                self.fail('Please include a commit message on your patch explaining the change', commit=commit)
-    def test_cve_presence_in_commit_message(self):
-        if self.unidiff_parse_error:
-            self.skip('Parse error %s' % self.unidiff_parse_error)
-        # we are just interested in series that introduce CVE patches, thus discard other
-        # possibilities: modification to current CVEs, patch directly introduced into the
-        # recipe, upgrades already including the CVE, etc.
-        new_patches = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
-        if not new_patches:
-            self.skip('No new patches introduced')
-        for commit in TestMbox.commits:
-            # skip those patches that revert older commits, these do not required the tag presence
-            if self.revert_shortlog_regex.search_string(commit.shortlog):
-                continue
-            if not self.patch_prog.search_string(commit.payload):
-                self.skip("No CVE tag in added patch, so not needed in mbox")
-            elif not self.prog.search_string(commit.payload):
-                self.fail('A CVE tag should be provided in the commit message with format: "CVE: CVE-YYYY-XXXX"',
-                          commit=commit)
    def test_bugzilla_entry_format(self):
        for commit in TestMbox.commits:
            if not self.rexp_detect.search_string(commit.commit_message):
author	Trevor Gamblin <tgamblin@baylibre.com>	2023-11-01 10:20:55 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-01 19:19:40 +0000
commit	06a7e7a14d3b9629536cf824360544c6c17cad32 (patch)
tree	e180c0a6d64d745e5af7619dfb509143b980a28c /meta/lib/patchtest
parent	3ad5aa3f16fbef700db2934edc83250650498b28 (diff)
download	poky-06a7e7a14d3b9629536cf824360544c6c17cad32.tar.gz

diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail deleted file mode 100644 index d40b8a936b..0000000000 --- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail +++ /dev/null
@@ -1,72 +0,0 @@
1	From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
2	From: Trevor Gamblin <tgamblin@baylibre.com>
3	Date: Tue, 29 Aug 2023 14:12:27 -0400
4	Subject: [PATCH] selftest-hello: fix CVE-1234-56789
5
6	This patch should fail the test for CVE presence in the mbox commit message.
7
8	Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
9	---
10	.../selftest-hello/files/CVE-1234-56789.patch \| 27 +++++++++++++++++++
11	.../selftest-hello/selftest-hello_1.0.bb \| 6 +++--
12	2 files changed, 31 insertions(+), 2 deletions(-)
13	create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
14
15	diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
16	new file mode 100644
17	index 0000000000..869cfb6fe5
18	--- /dev/null
19	+++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
20	@@ -0,0 +1,27 @@
21	+From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
22	+From: Trevor Gamblin <tgamblin@baylibre.com>
23	+Date: Tue, 29 Aug 2023 14:08:20 -0400
24	+Subject: [PATCH] Fix CVE-NOT-REAL
25	+
26	+CVE: CVE-1234-56789
27	+Upstream-Status: Backport(http://example.com/example)
28	+
29	+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
30	+---
31	+ strlen.c \| 1 +
32	+ 1 file changed, 1 insertion(+)
33	+
34	+diff --git a/strlen.c b/strlen.c
35	+index 1788f38..83d7918 100644
36	+--- a/strlen.c
37	++++ b/strlen.c
38	+@@ -8,6 +8,7 @@ int main() {
39	+
40	+ printf("%d\n", str_len(string1));
41	+ printf("%d\n", str_len(string2));
42	++ printf("CVE FIXED!!!\n");
43	+
44	+ return 0;
45	+ }
46	+--
47	+2.41.0
48	diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
49	index 547587bef4..76975a6729 100644
50	--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
51	+++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
52	@@ -3,7 +3,9 @@ SECTION = "examples"
53	LICENSE = "MIT"
54	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
55
56	-SRC_URI = "file://helloworld.c"
57	+SRC_URI = "file://helloworld.c \
58	+ file://CVE-1234-56789.patch \
59	+ "
60
61	S = "${WORKDIR}"
62
63	@@ -16,4 +18,4 @@ do_install() {
64	install -m 0755 helloworld ${D}${bindir}
65	}
66
67	-BBCLASSEXTEND = "native nativesdk"
68	\ No newline at end of file
69	+BBCLASSEXTEND = "native nativesdk"
70	--
71	2.41.0
72


diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass deleted file mode 100644 index 433c7a450a..0000000000 --- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass +++ /dev/null
@@ -1,74 +0,0 @@
1	From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
2	From: Trevor Gamblin <tgamblin@baylibre.com>
3	Date: Tue, 29 Aug 2023 14:12:27 -0400
4	Subject: [PATCH] selftest-hello: fix CVE-1234-56789
5
6	This test should pass the mbox cve tag test.
7
8	CVE: CVE-1234-56789
9
10	Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
11	---
12	.../selftest-hello/files/CVE-1234-56789.patch \| 27 +++++++++++++++++++
13	.../selftest-hello/selftest-hello_1.0.bb \| 6 +++--
14	2 files changed, 31 insertions(+), 2 deletions(-)
15	create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
16
17	diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
18	new file mode 100644
19	index 0000000000..869cfb6fe5
20	--- /dev/null
21	+++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
22	@@ -0,0 +1,27 @@
23	+From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
24	+From: Trevor Gamblin <tgamblin@baylibre.com>
25	+Date: Tue, 29 Aug 2023 14:08:20 -0400
26	+Subject: [PATCH] Fix CVE-NOT-REAL
27	+
28	+CVE: CVE-1234-56789
29	+Upstream-Status: Backport(http://example.com/example)
30	+
31	+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
32	+---
33	+ strlen.c \| 1 +
34	+ 1 file changed, 1 insertion(+)
35	+
36	+diff --git a/strlen.c b/strlen.c
37	+index 1788f38..83d7918 100644
38	+--- a/strlen.c
39	++++ b/strlen.c
40	+@@ -8,6 +8,7 @@ int main() {
41	+
42	+ printf("%d\n", str_len(string1));
43	+ printf("%d\n", str_len(string2));
44	++ printf("CVE FIXED!!!\n");
45	+
46	+ return 0;
47	+ }
48	+--
49	+2.41.0
50	diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
51	index 547587bef4..76975a6729 100644
52	--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
53	+++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
54	@@ -3,7 +3,9 @@ SECTION = "examples"
55	LICENSE = "MIT"
56	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
57
58	-SRC_URI = "file://helloworld.c"
59	+SRC_URI = "file://helloworld.c \
60	+ file://CVE-1234-56789.patch \
61	+ "
62
63	S = "${WORKDIR}"
64
65	@@ -16,4 +18,4 @@ do_install() {
66	install -m 0755 helloworld ${D}${bindir}
67	}
68
69	-BBCLASSEXTEND = "native nativesdk"
70	\ No newline at end of file
71	+BBCLASSEXTEND = "native nativesdk"
72	--
73	2.41.0
74


diff --git a/meta/lib/patchtest/tests/test_mbox.py b/meta/lib/patchtest/tests/test_mbox.py index 2449564d0f..0b623b7d17 100644 --- a/meta/lib/patchtest/tests/test_mbox.py +++ b/meta/lib/patchtest/tests/test_mbox.py
@@ -6,7 +6,6 @@
6		6
7	import base	7	import base
8	import collections	8	import collections
9	import parse_cve_tags
10	import parse_shortlog	9	import parse_shortlog
11	import parse_signed_off_by	10	import parse_signed_off_by
12	import pyparsing	11	import pyparsing
@@ -33,8 +32,6 @@ class TestMbox(base.Base):
33	rexp_detect = pyparsing.Regex('\[\s?YOCTO.*\]')	32	rexp_detect = pyparsing.Regex('\[\s?YOCTO.*\]')
34	rexp_validation = pyparsing.Regex('\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]')	33	rexp_validation = pyparsing.Regex('\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]')
35	revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"')	34	revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"')
36	prog = parse_cve_tags.cve_tag
37	patch_prog = parse_cve_tags.patch_cve_tag
38	signoff_prog = parse_signed_off_by.signed_off_by	35	signoff_prog = parse_signed_off_by.signed_off_by
39	revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"')	36	revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"')
40	maxlength = 90	37	maxlength = 90
@@ -143,27 +140,6 @@ class TestMbox(base.Base):
143	if not commit.commit_message.strip():	140	if not commit.commit_message.strip():
144	self.fail('Please include a commit message on your patch explaining the change', commit=commit)	141	self.fail('Please include a commit message on your patch explaining the change', commit=commit)
145		142
146	def test_cve_presence_in_commit_message(self):
147	if self.unidiff_parse_error:
148	self.skip('Parse error %s' % self.unidiff_parse_error)
149
150	# we are just interested in series that introduce CVE patches, thus discard other
151	# possibilities: modification to current CVEs, patch directly introduced into the
152	# recipe, upgrades already including the CVE, etc.
153	new_patches = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
154	if not new_patches:
155	self.skip('No new patches introduced')
156
157	for commit in TestMbox.commits:
158	# skip those patches that revert older commits, these do not required the tag presence
159	if self.revert_shortlog_regex.search_string(commit.shortlog):
160	continue
161	if not self.patch_prog.search_string(commit.payload):
162	self.skip("No CVE tag in added patch, so not needed in mbox")
163	elif not self.prog.search_string(commit.payload):
164	self.fail('A CVE tag should be provided in the commit message with format: "CVE: CVE-YYYY-XXXX"',
165	commit=commit)
166
167	def test_bugzilla_entry_format(self):	143	def test_bugzilla_entry_format(self):
168	for commit in TestMbox.commits:	144	for commit in TestMbox.commits:
169	if not self.rexp_detect.search_string(commit.commit_message):	145	if not self.rexp_detect.search_string(commit.commit_message):