diff options
3 files changed, 0 insertions, 170 deletions
diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail deleted file mode 100644 index d40b8a936b..0000000000 --- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail +++ /dev/null | |||
@@ -1,72 +0,0 @@ | |||
1 | From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001 | ||
2 | From: Trevor Gamblin <tgamblin@baylibre.com> | ||
3 | Date: Tue, 29 Aug 2023 14:12:27 -0400 | ||
4 | Subject: [PATCH] selftest-hello: fix CVE-1234-56789 | ||
5 | |||
6 | This patch should fail the test for CVE presence in the mbox commit message. | ||
7 | |||
8 | Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
9 | --- | ||
10 | .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++ | ||
11 | .../selftest-hello/selftest-hello_1.0.bb | 6 +++-- | ||
12 | 2 files changed, 31 insertions(+), 2 deletions(-) | ||
13 | create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch | ||
14 | |||
15 | diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch | ||
16 | new file mode 100644 | ||
17 | index 0000000000..869cfb6fe5 | ||
18 | --- /dev/null | ||
19 | +++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch | ||
20 | @@ -0,0 +1,27 @@ | ||
21 | +From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001 | ||
22 | +From: Trevor Gamblin <tgamblin@baylibre.com> | ||
23 | +Date: Tue, 29 Aug 2023 14:08:20 -0400 | ||
24 | +Subject: [PATCH] Fix CVE-NOT-REAL | ||
25 | + | ||
26 | +CVE: CVE-1234-56789 | ||
27 | +Upstream-Status: Backport(http://example.com/example) | ||
28 | + | ||
29 | +Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
30 | +--- | ||
31 | + strlen.c | 1 + | ||
32 | + 1 file changed, 1 insertion(+) | ||
33 | + | ||
34 | +diff --git a/strlen.c b/strlen.c | ||
35 | +index 1788f38..83d7918 100644 | ||
36 | +--- a/strlen.c | ||
37 | ++++ b/strlen.c | ||
38 | +@@ -8,6 +8,7 @@ int main() { | ||
39 | + | ||
40 | + printf("%d\n", str_len(string1)); | ||
41 | + printf("%d\n", str_len(string2)); | ||
42 | ++ printf("CVE FIXED!!!\n"); | ||
43 | + | ||
44 | + return 0; | ||
45 | + } | ||
46 | +-- | ||
47 | +2.41.0 | ||
48 | diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb | ||
49 | index 547587bef4..76975a6729 100644 | ||
50 | --- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb | ||
51 | +++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb | ||
52 | @@ -3,7 +3,9 @@ SECTION = "examples" | ||
53 | LICENSE = "MIT" | ||
54 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" | ||
55 | |||
56 | -SRC_URI = "file://helloworld.c" | ||
57 | +SRC_URI = "file://helloworld.c \ | ||
58 | + file://CVE-1234-56789.patch \ | ||
59 | + " | ||
60 | |||
61 | S = "${WORKDIR}" | ||
62 | |||
63 | @@ -16,4 +18,4 @@ do_install() { | ||
64 | install -m 0755 helloworld ${D}${bindir} | ||
65 | } | ||
66 | |||
67 | -BBCLASSEXTEND = "native nativesdk" | ||
68 | \ No newline at end of file | ||
69 | +BBCLASSEXTEND = "native nativesdk" | ||
70 | -- | ||
71 | 2.41.0 | ||
72 | |||
diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass deleted file mode 100644 index 433c7a450a..0000000000 --- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass +++ /dev/null | |||
@@ -1,74 +0,0 @@ | |||
1 | From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001 | ||
2 | From: Trevor Gamblin <tgamblin@baylibre.com> | ||
3 | Date: Tue, 29 Aug 2023 14:12:27 -0400 | ||
4 | Subject: [PATCH] selftest-hello: fix CVE-1234-56789 | ||
5 | |||
6 | This test should pass the mbox cve tag test. | ||
7 | |||
8 | CVE: CVE-1234-56789 | ||
9 | |||
10 | Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
11 | --- | ||
12 | .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++ | ||
13 | .../selftest-hello/selftest-hello_1.0.bb | 6 +++-- | ||
14 | 2 files changed, 31 insertions(+), 2 deletions(-) | ||
15 | create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch | ||
16 | |||
17 | diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch | ||
18 | new file mode 100644 | ||
19 | index 0000000000..869cfb6fe5 | ||
20 | --- /dev/null | ||
21 | +++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch | ||
22 | @@ -0,0 +1,27 @@ | ||
23 | +From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001 | ||
24 | +From: Trevor Gamblin <tgamblin@baylibre.com> | ||
25 | +Date: Tue, 29 Aug 2023 14:08:20 -0400 | ||
26 | +Subject: [PATCH] Fix CVE-NOT-REAL | ||
27 | + | ||
28 | +CVE: CVE-1234-56789 | ||
29 | +Upstream-Status: Backport(http://example.com/example) | ||
30 | + | ||
31 | +Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
32 | +--- | ||
33 | + strlen.c | 1 + | ||
34 | + 1 file changed, 1 insertion(+) | ||
35 | + | ||
36 | +diff --git a/strlen.c b/strlen.c | ||
37 | +index 1788f38..83d7918 100644 | ||
38 | +--- a/strlen.c | ||
39 | ++++ b/strlen.c | ||
40 | +@@ -8,6 +8,7 @@ int main() { | ||
41 | + | ||
42 | + printf("%d\n", str_len(string1)); | ||
43 | + printf("%d\n", str_len(string2)); | ||
44 | ++ printf("CVE FIXED!!!\n"); | ||
45 | + | ||
46 | + return 0; | ||
47 | + } | ||
48 | +-- | ||
49 | +2.41.0 | ||
50 | diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb | ||
51 | index 547587bef4..76975a6729 100644 | ||
52 | --- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb | ||
53 | +++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb | ||
54 | @@ -3,7 +3,9 @@ SECTION = "examples" | ||
55 | LICENSE = "MIT" | ||
56 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" | ||
57 | |||
58 | -SRC_URI = "file://helloworld.c" | ||
59 | +SRC_URI = "file://helloworld.c \ | ||
60 | + file://CVE-1234-56789.patch \ | ||
61 | + " | ||
62 | |||
63 | S = "${WORKDIR}" | ||
64 | |||
65 | @@ -16,4 +18,4 @@ do_install() { | ||
66 | install -m 0755 helloworld ${D}${bindir} | ||
67 | } | ||
68 | |||
69 | -BBCLASSEXTEND = "native nativesdk" | ||
70 | \ No newline at end of file | ||
71 | +BBCLASSEXTEND = "native nativesdk" | ||
72 | -- | ||
73 | 2.41.0 | ||
74 | |||
diff --git a/meta/lib/patchtest/tests/test_mbox.py b/meta/lib/patchtest/tests/test_mbox.py index 2449564d0f..0b623b7d17 100644 --- a/meta/lib/patchtest/tests/test_mbox.py +++ b/meta/lib/patchtest/tests/test_mbox.py | |||
@@ -6,7 +6,6 @@ | |||
6 | 6 | ||
7 | import base | 7 | import base |
8 | import collections | 8 | import collections |
9 | import parse_cve_tags | ||
10 | import parse_shortlog | 9 | import parse_shortlog |
11 | import parse_signed_off_by | 10 | import parse_signed_off_by |
12 | import pyparsing | 11 | import pyparsing |
@@ -33,8 +32,6 @@ class TestMbox(base.Base): | |||
33 | rexp_detect = pyparsing.Regex('\[\s?YOCTO.*\]') | 32 | rexp_detect = pyparsing.Regex('\[\s?YOCTO.*\]') |
34 | rexp_validation = pyparsing.Regex('\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]') | 33 | rexp_validation = pyparsing.Regex('\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]') |
35 | revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"') | 34 | revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"') |
36 | prog = parse_cve_tags.cve_tag | ||
37 | patch_prog = parse_cve_tags.patch_cve_tag | ||
38 | signoff_prog = parse_signed_off_by.signed_off_by | 35 | signoff_prog = parse_signed_off_by.signed_off_by |
39 | revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"') | 36 | revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"') |
40 | maxlength = 90 | 37 | maxlength = 90 |
@@ -143,27 +140,6 @@ class TestMbox(base.Base): | |||
143 | if not commit.commit_message.strip(): | 140 | if not commit.commit_message.strip(): |
144 | self.fail('Please include a commit message on your patch explaining the change', commit=commit) | 141 | self.fail('Please include a commit message on your patch explaining the change', commit=commit) |
145 | 142 | ||
146 | def test_cve_presence_in_commit_message(self): | ||
147 | if self.unidiff_parse_error: | ||
148 | self.skip('Parse error %s' % self.unidiff_parse_error) | ||
149 | |||
150 | # we are just interested in series that introduce CVE patches, thus discard other | ||
151 | # possibilities: modification to current CVEs, patch directly introduced into the | ||
152 | # recipe, upgrades already including the CVE, etc. | ||
153 | new_patches = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file] | ||
154 | if not new_patches: | ||
155 | self.skip('No new patches introduced') | ||
156 | |||
157 | for commit in TestMbox.commits: | ||
158 | # skip those patches that revert older commits, these do not required the tag presence | ||
159 | if self.revert_shortlog_regex.search_string(commit.shortlog): | ||
160 | continue | ||
161 | if not self.patch_prog.search_string(commit.payload): | ||
162 | self.skip("No CVE tag in added patch, so not needed in mbox") | ||
163 | elif not self.prog.search_string(commit.payload): | ||
164 | self.fail('A CVE tag should be provided in the commit message with format: "CVE: CVE-YYYY-XXXX"', | ||
165 | commit=commit) | ||
166 | |||
167 | def test_bugzilla_entry_format(self): | 143 | def test_bugzilla_entry_format(self): |
168 | for commit in TestMbox.commits: | 144 | for commit in TestMbox.commits: |
169 | if not self.rexp_detect.search_string(commit.commit_message): | 145 | if not self.rexp_detect.search_string(commit.commit_message): |