summaryrefslogtreecommitdiffstats
path: root/meta/classes
diff options
context:
space:
mode:
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/cve-check.bbclass22
1 files changed, 11 insertions, 11 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index e8668b2566..512d4c7302 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -39,15 +39,12 @@ CVE_CHECK_CREATE_MANIFEST ??= "1"
39# Whitelist for packages (PN) 39# Whitelist for packages (PN)
40CVE_CHECK_PN_WHITELIST ?= "" 40CVE_CHECK_PN_WHITELIST ?= ""
41 41
42# Whitelist for CVE and version of package. If a CVE is found then the PV is 42# Whitelist for CVE. If a CVE is found, then it is considered patched.
43# compared with the version list, and if found the CVE is considered 43# The value is a string containing space separated CVE values:
44# patched. 44#
45# 45# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
46# The value should be valid Python in this format: 46#
47# { 47CVE_CHECK_WHITELIST ?= ""
48# 'CVE-2014-2524': ('6.3','5.2')
49# }
50CVE_CHECK_CVE_WHITELIST ?= "{}"
51 48
52python do_cve_check () { 49python do_cve_check () {
53 """ 50 """
@@ -185,7 +182,10 @@ def check_cves(d, patched_cves):
185 bb.note("Recipe has been whitelisted, skipping check") 182 bb.note("Recipe has been whitelisted, skipping check")
186 return ([], []) 183 return ([], [])
187 184
188 cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) 185 old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
186 if old_cve_whitelist:
187 bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
188 cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
189 189
190 import sqlite3 190 import sqlite3
191 db_file = d.getVar("CVE_CHECK_DB_FILE") 191 db_file = d.getVar("CVE_CHECK_DB_FILE")
@@ -206,7 +206,7 @@ def check_cves(d, patched_cves):
206 version_end = row[6] 206 version_end = row[6]
207 operator_end = row[7] 207 operator_end = row[7]
208 208
209 if pv in cve_whitelist.get(cve, []): 209 if cve in cve_whitelist:
210 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) 210 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
211 elif cve in patched_cves: 211 elif cve in patched_cves:
212 bb.note("%s has been patched" % (cve)) 212 bb.note("%s has been patched" % (cve))