1 files changed, 21 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index ed86403b6b..112ee3379d 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
 #
 CVE_CHECK_WHITELIST ?= ""
+# Layers to be excluded
+CVE_CHECK_LAYER_EXCLUDELIST ??= ""
+# Layers to be included 
+CVE_CHECK_LAYER_INCLUDELIST ??= ""
 # set to "alphabetical" for version using single alphabetical character as increament release
 CVE_VERSION_SUFFIX ??= ""
@@ -334,7 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
    CVE manifest if enabled.
    """
    cve_file = d.getVar("CVE_CHECK_LOG")
+    fdir_name  = d.getVar("FILE_DIRNAME")
+    layer = fdir_name.split("/")[-3]
+    include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
+    exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
+    if exclude_layers and layer in exclude_layers:
+        return
+    if include_layers and layer not in include_layers:
+        return
    nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
    write_string = ""
    unpatched_cves = []
@@ -344,6 +364,7 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
        is_patched = cve in patched
        if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
            continue
+        write_string += "LAYER: %s\n" % layer
        write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
        write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
        write_string += "CVE: %s\n" % cve

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index ed86403b6b..112ee3379d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
53	#	53	#
54	CVE_CHECK_WHITELIST ?= ""	54	CVE_CHECK_WHITELIST ?= ""
55		55
		56	# Layers to be excluded
		57	CVE_CHECK_LAYER_EXCLUDELIST ??= ""
		58
		59	# Layers to be included
		60	CVE_CHECK_LAYER_INCLUDELIST ??= ""
		61
		62
56	# set to "alphabetical" for version using single alphabetical character as increament release	63	# set to "alphabetical" for version using single alphabetical character as increament release
57	CVE_VERSION_SUFFIX ??= ""	64	CVE_VERSION_SUFFIX ??= ""
58		65
@@ -334,7 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
334	CVE manifest if enabled.	341	CVE manifest if enabled.
335	"""	342	"""
336		343
		344
337	cve_file = d.getVar("CVE_CHECK_LOG")	345	cve_file = d.getVar("CVE_CHECK_LOG")
		346	fdir_name = d.getVar("FILE_DIRNAME")
		347	layer = fdir_name.split("/")[-3]
		348
		349	include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
		350	exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
		351
		352	if exclude_layers and layer in exclude_layers:
		353	return
		354
		355	if include_layers and layer not in include_layers:
		356	return
		357
338	nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="	358	nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
339	write_string = ""	359	write_string = ""
340	unpatched_cves = []	360	unpatched_cves = []
@@ -344,6 +364,7 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
344	is_patched = cve in patched	364	is_patched = cve in patched
345	if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):	365	if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
346	continue	366	continue
		367	write_string += "LAYER: %s\n" % layer
347	write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")	368	write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
348	write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))	369	write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
349	write_string += "CVE: %s\n" % cve	370	write_string += "CVE: %s\n" % cve