diff options
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index ed86403b6b..112ee3379d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= "" | |||
53 | # | 53 | # |
54 | CVE_CHECK_WHITELIST ?= "" | 54 | CVE_CHECK_WHITELIST ?= "" |
55 | 55 | ||
56 | # Layers to be excluded | ||
57 | CVE_CHECK_LAYER_EXCLUDELIST ??= "" | ||
58 | |||
59 | # Layers to be included | ||
60 | CVE_CHECK_LAYER_INCLUDELIST ??= "" | ||
61 | |||
62 | |||
56 | # set to "alphabetical" for version using single alphabetical character as increament release | 63 | # set to "alphabetical" for version using single alphabetical character as increament release |
57 | CVE_VERSION_SUFFIX ??= "" | 64 | CVE_VERSION_SUFFIX ??= "" |
58 | 65 | ||
@@ -334,7 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | |||
334 | CVE manifest if enabled. | 341 | CVE manifest if enabled. |
335 | """ | 342 | """ |
336 | 343 | ||
344 | |||
337 | cve_file = d.getVar("CVE_CHECK_LOG") | 345 | cve_file = d.getVar("CVE_CHECK_LOG") |
346 | fdir_name = d.getVar("FILE_DIRNAME") | ||
347 | layer = fdir_name.split("/")[-3] | ||
348 | |||
349 | include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() | ||
350 | exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() | ||
351 | |||
352 | if exclude_layers and layer in exclude_layers: | ||
353 | return | ||
354 | |||
355 | if include_layers and layer not in include_layers: | ||
356 | return | ||
357 | |||
338 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" | 358 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" |
339 | write_string = "" | 359 | write_string = "" |
340 | unpatched_cves = [] | 360 | unpatched_cves = [] |
@@ -344,6 +364,7 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | |||
344 | is_patched = cve in patched | 364 | is_patched = cve in patched |
345 | if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"): | 365 | if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"): |
346 | continue | 366 | continue |
367 | write_string += "LAYER: %s\n" % layer | ||
347 | write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") | 368 | write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") |
348 | write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) | 369 | write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) |
349 | write_string += "CVE: %s\n" % cve | 370 | write_string += "CVE: %s\n" % cve |