diff options
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 25cefda92e..d843e7c4ac 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -208,6 +208,9 @@ def check_cves(d, patched_cves): | |||
208 | """ | 208 | """ |
209 | from distutils.version import LooseVersion | 209 | from distutils.version import LooseVersion |
210 | 210 | ||
211 | pn = d.getVar("PN") | ||
212 | real_pv = d.getVar("PV") | ||
213 | |||
211 | cves_unpatched = [] | 214 | cves_unpatched = [] |
212 | # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) | 215 | # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) |
213 | products = d.getVar("CVE_PRODUCT").split() | 216 | products = d.getVar("CVE_PRODUCT").split() |
@@ -217,7 +220,7 @@ def check_cves(d, patched_cves): | |||
217 | pv = d.getVar("CVE_VERSION").split("+git")[0] | 220 | pv = d.getVar("CVE_VERSION").split("+git")[0] |
218 | 221 | ||
219 | # If the recipe has been whitlisted we return empty lists | 222 | # If the recipe has been whitlisted we return empty lists |
220 | if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): | 223 | if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split(): |
221 | bb.note("Recipe has been whitelisted, skipping check") | 224 | bb.note("Recipe has been whitelisted, skipping check") |
222 | return ([], [], []) | 225 | return ([], [], []) |
223 | 226 | ||
@@ -286,12 +289,12 @@ def check_cves(d, patched_cves): | |||
286 | vulnerable = vulnerable_start or vulnerable_end | 289 | vulnerable = vulnerable_start or vulnerable_end |
287 | 290 | ||
288 | if vulnerable: | 291 | if vulnerable: |
289 | bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) | 292 | bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) |
290 | cves_unpatched.append(cve) | 293 | cves_unpatched.append(cve) |
291 | break | 294 | break |
292 | 295 | ||
293 | if not vulnerable: | 296 | if not vulnerable: |
294 | bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) | 297 | bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) |
295 | # TODO: not patched but not vulnerable | 298 | # TODO: not patched but not vulnerable |
296 | patched_cves.add(cve) | 299 | patched_cves.add(cve) |
297 | 300 | ||