oeqa/selftest/cve_check: add tests for Ignored and partial reports

Add testcases for partial reports with CVE_CHECK_REPORT_PATCHED and Ignored CVEs. (From OE-Core rev: 3f7639b90004973782a2e74925fd2e9a764c1090) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Marta Rybczynska <rybczynska@gmail.com> 2022-06-15 15:21:48 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-06-17 17:57:44 +0100
commit: 91982f65f343f383cc3b9f2742498e0a6f983a3e (patch)
tree: 48713263eb9ad52fc192e1a0bf11e7187b86c57a /meta/lib
parent: 112299ddae36e51acd802f908e8526cf48c59a49 (diff)
download: poky-91982f65f343f383cc3b9f2742498e0a6f983a3e.tar.gz
1 files changed, 82 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index 2f26f606d7..d0b2213703 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -117,3 +117,85 @@ CVE_CHECK_FORMAT_JSON = "1"
        self.assertEqual(report["version"], "1")
        self.assertEqual(len(report["package"]), 1)
        self.assertEqual(report["package"][0]["name"], recipename)
+    def test_recipe_report_json_unpatched(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+CVE_CHECK_REPORT_PATCHED = "0"
+"""
+        self.write_config(config)
+        vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
+        try:
+            os.remove(summary_json)
+            os.remove(recipe_json)
+        except FileNotFoundError:
+            pass
+        bitbake("m4-native -c cve_check")
+        def check_m4_json(filename):
+            with open(filename) as f:
+                report = json.load(f)
+            self.assertEqual(report["version"], "1")
+            self.assertEqual(len(report["package"]), 1)
+            package = report["package"][0]
+            self.assertEqual(package["name"], "m4-native")
+            #m4 had only Patched CVEs, so the issues array will be empty
+            self.assertEqual(package["issue"], [])
+        self.assertExists(summary_json)
+        check_m4_json(summary_json)
+        self.assertExists(recipe_json)
+        check_m4_json(recipe_json)
+    def test_recipe_report_json_ignored(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+CVE_CHECK_REPORT_PATCHED = "1"
+"""
+        self.write_config(config)
+        vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "logrotate_cve.json")
+        try:
+            os.remove(summary_json)
+            os.remove(recipe_json)
+        except FileNotFoundError:
+            pass
+        bitbake("logrotate -c cve_check")
+        def check_m4_json(filename):
+            with open(filename) as f:
+                report = json.load(f)
+            self.assertEqual(report["version"], "1")
+            self.assertEqual(len(report["package"]), 1)
+            package = report["package"][0]
+            self.assertEqual(package["name"], "logrotate")
+            found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
+            # m4 CVE should not be in logrotate
+            self.assertNotIn("CVE-2008-1687", found_cves)
+            # logrotate has both Patched and Ignored CVEs
+            self.assertIn("CVE-2011-1098", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1098"], "Patched")
+            self.assertIn("CVE-2011-1548", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1548"], "Ignored")
+            self.assertIn("CVE-2011-1549", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1549"], "Ignored")
+            self.assertIn("CVE-2011-1550", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1550"], "Ignored")
+        self.assertExists(summary_json)
+        check_m4_json(summary_json)
+        self.assertExists(recipe_json)
+        check_m4_json(recipe_json)
author	Marta Rybczynska <rybczynska@gmail.com>	2022-06-15 15:21:48 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-17 17:57:44 +0100
commit	91982f65f343f383cc3b9f2742498e0a6f983a3e (patch)
tree	48713263eb9ad52fc192e1a0bf11e7187b86c57a /meta/lib
parent	112299ddae36e51acd802f908e8526cf48c59a49 (diff)
download	poky-91982f65f343f383cc3b9f2742498e0a6f983a3e.tar.gz

diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index 2f26f606d7..d0b2213703 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -117,3 +117,85 @@ CVE_CHECK_FORMAT_JSON = "1"
117	self.assertEqual(report["version"], "1")	117	self.assertEqual(report["version"], "1")
118	self.assertEqual(len(report["package"]), 1)	118	self.assertEqual(len(report["package"]), 1)
119	self.assertEqual(report["package"][0]["name"], recipename)	119	self.assertEqual(report["package"][0]["name"], recipename)
		120
		121
		122	def test_recipe_report_json_unpatched(self):
		123	config = """
		124	INHERIT += "cve-check"
		125	CVE_CHECK_FORMAT_JSON = "1"
		126	CVE_CHECK_REPORT_PATCHED = "0"
		127	"""
		128	self.write_config(config)
		129
		130	vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		131	summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		132	recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
		133
		134	try:
		135	os.remove(summary_json)
		136	os.remove(recipe_json)
		137	except FileNotFoundError:
		138	pass
		139
		140	bitbake("m4-native -c cve_check")
		141
		142	def check_m4_json(filename):
		143	with open(filename) as f:
		144	report = json.load(f)
		145	self.assertEqual(report["version"], "1")
		146	self.assertEqual(len(report["package"]), 1)
		147	package = report["package"][0]
		148	self.assertEqual(package["name"], "m4-native")
		149	#m4 had only Patched CVEs, so the issues array will be empty
		150	self.assertEqual(package["issue"], [])
		151
		152	self.assertExists(summary_json)
		153	check_m4_json(summary_json)
		154	self.assertExists(recipe_json)
		155	check_m4_json(recipe_json)
		156
		157
		158	def test_recipe_report_json_ignored(self):
		159	config = """
		160	INHERIT += "cve-check"
		161	CVE_CHECK_FORMAT_JSON = "1"
		162	CVE_CHECK_REPORT_PATCHED = "1"
		163	"""
		164	self.write_config(config)
		165
		166	vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		167	summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
		168	recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "logrotate_cve.json")
		169
		170	try:
		171	os.remove(summary_json)
		172	os.remove(recipe_json)
		173	except FileNotFoundError:
		174	pass
		175
		176	bitbake("logrotate -c cve_check")
		177
		178	def check_m4_json(filename):
		179	with open(filename) as f:
		180	report = json.load(f)
		181	self.assertEqual(report["version"], "1")
		182	self.assertEqual(len(report["package"]), 1)
		183	package = report["package"][0]
		184	self.assertEqual(package["name"], "logrotate")
		185	found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
		186	# m4 CVE should not be in logrotate
		187	self.assertNotIn("CVE-2008-1687", found_cves)
		188	# logrotate has both Patched and Ignored CVEs
		189	self.assertIn("CVE-2011-1098", found_cves)
		190	self.assertEqual(found_cves["CVE-2011-1098"], "Patched")
		191	self.assertIn("CVE-2011-1548", found_cves)
		192	self.assertEqual(found_cves["CVE-2011-1548"], "Ignored")
		193	self.assertIn("CVE-2011-1549", found_cves)
		194	self.assertEqual(found_cves["CVE-2011-1549"], "Ignored")
		195	self.assertIn("CVE-2011-1550", found_cves)
		196	self.assertEqual(found_cves["CVE-2011-1550"], "Ignored")
		197
		198	self.assertExists(summary_json)
		199	check_m4_json(summary_json)
		200	self.assertExists(recipe_json)
		201	check_m4_json(recipe_json)