summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/classes/cve-check.bbclass9
1 files changed, 5 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0e4294fdc4..3a9e227288 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -234,7 +234,7 @@ def cve_write_data(d, patched, unpatched, cve_data):
234 cve_file = d.getVar("CVE_CHECK_LOCAL_FILE") 234 cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
235 nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" 235 nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
236 write_string = "" 236 write_string = ""
237 first_alert = True 237 unpatched_cves = []
238 bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR")) 238 bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
239 239
240 for cve in sorted(cve_data): 240 for cve in sorted(cve_data):
@@ -244,15 +244,16 @@ def cve_write_data(d, patched, unpatched, cve_data):
244 if cve in patched: 244 if cve in patched:
245 write_string += "CVE STATUS: Patched\n" 245 write_string += "CVE STATUS: Patched\n"
246 else: 246 else:
247 unpatched_cves.append(cve)
247 write_string += "CVE STATUS: Unpatched\n" 248 write_string += "CVE STATUS: Unpatched\n"
248 if first_alert:
249 bb.warn("Found unpatched CVE, for more information check %s" % cve_file)
250 first_alert = False
251 write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"] 249 write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
252 write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"] 250 write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
253 write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] 251 write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
254 write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) 252 write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
255 253
254 if unpatched_cves:
255 bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
256
256 with open(cve_file, "w") as f: 257 with open(cve_file, "w") as f:
257 bb.note("Writing file %s with CVE information" % cve_file) 258 bb.note("Writing file %s with CVE information" % cve_file)
258 f.write(write_string) 259 f.write(write_string)