diff options
Diffstat (limited to 'meta/lib')
-rw-r--r-- | meta/lib/oeqa/selftest/cases/cve_check.py | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index 2f26f606d7..d0b2213703 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py | |||
@@ -117,3 +117,85 @@ CVE_CHECK_FORMAT_JSON = "1" | |||
117 | self.assertEqual(report["version"], "1") | 117 | self.assertEqual(report["version"], "1") |
118 | self.assertEqual(len(report["package"]), 1) | 118 | self.assertEqual(len(report["package"]), 1) |
119 | self.assertEqual(report["package"][0]["name"], recipename) | 119 | self.assertEqual(report["package"][0]["name"], recipename) |
120 | |||
121 | |||
122 | def test_recipe_report_json_unpatched(self): | ||
123 | config = """ | ||
124 | INHERIT += "cve-check" | ||
125 | CVE_CHECK_FORMAT_JSON = "1" | ||
126 | CVE_CHECK_REPORT_PATCHED = "0" | ||
127 | """ | ||
128 | self.write_config(config) | ||
129 | |||
130 | vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
131 | summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
132 | recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json") | ||
133 | |||
134 | try: | ||
135 | os.remove(summary_json) | ||
136 | os.remove(recipe_json) | ||
137 | except FileNotFoundError: | ||
138 | pass | ||
139 | |||
140 | bitbake("m4-native -c cve_check") | ||
141 | |||
142 | def check_m4_json(filename): | ||
143 | with open(filename) as f: | ||
144 | report = json.load(f) | ||
145 | self.assertEqual(report["version"], "1") | ||
146 | self.assertEqual(len(report["package"]), 1) | ||
147 | package = report["package"][0] | ||
148 | self.assertEqual(package["name"], "m4-native") | ||
149 | #m4 had only Patched CVEs, so the issues array will be empty | ||
150 | self.assertEqual(package["issue"], []) | ||
151 | |||
152 | self.assertExists(summary_json) | ||
153 | check_m4_json(summary_json) | ||
154 | self.assertExists(recipe_json) | ||
155 | check_m4_json(recipe_json) | ||
156 | |||
157 | |||
158 | def test_recipe_report_json_ignored(self): | ||
159 | config = """ | ||
160 | INHERIT += "cve-check" | ||
161 | CVE_CHECK_FORMAT_JSON = "1" | ||
162 | CVE_CHECK_REPORT_PATCHED = "1" | ||
163 | """ | ||
164 | self.write_config(config) | ||
165 | |||
166 | vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
167 | summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"]) | ||
168 | recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "logrotate_cve.json") | ||
169 | |||
170 | try: | ||
171 | os.remove(summary_json) | ||
172 | os.remove(recipe_json) | ||
173 | except FileNotFoundError: | ||
174 | pass | ||
175 | |||
176 | bitbake("logrotate -c cve_check") | ||
177 | |||
178 | def check_m4_json(filename): | ||
179 | with open(filename) as f: | ||
180 | report = json.load(f) | ||
181 | self.assertEqual(report["version"], "1") | ||
182 | self.assertEqual(len(report["package"]), 1) | ||
183 | package = report["package"][0] | ||
184 | self.assertEqual(package["name"], "logrotate") | ||
185 | found_cves = { issue["id"]: issue["status"] for issue in package["issue"]} | ||
186 | # m4 CVE should not be in logrotate | ||
187 | self.assertNotIn("CVE-2008-1687", found_cves) | ||
188 | # logrotate has both Patched and Ignored CVEs | ||
189 | self.assertIn("CVE-2011-1098", found_cves) | ||
190 | self.assertEqual(found_cves["CVE-2011-1098"], "Patched") | ||
191 | self.assertIn("CVE-2011-1548", found_cves) | ||
192 | self.assertEqual(found_cves["CVE-2011-1548"], "Ignored") | ||
193 | self.assertIn("CVE-2011-1549", found_cves) | ||
194 | self.assertEqual(found_cves["CVE-2011-1549"], "Ignored") | ||
195 | self.assertIn("CVE-2011-1550", found_cves) | ||
196 | self.assertEqual(found_cves["CVE-2011-1550"], "Ignored") | ||
197 | |||
198 | self.assertExists(summary_json) | ||
199 | check_m4_json(summary_json) | ||
200 | self.assertExists(recipe_json) | ||
201 | check_m4_json(recipe_json) | ||