From 73befa8f413090ec0d4eba45efe51303b25b0004 Mon Sep 17 00:00:00 2001 From: akuster Date: Mon, 8 Feb 2021 05:51:30 +0000 Subject: cve-check: add include/exclude layers There are times when exluding or including a layer may be desired. This provide the framwork for that via two variables. The default is all layers in bblayers. CVE_CHECK_LAYER_INCLUDELIST CVE_CHECK_LAYER_EXCLUDELIST (From OE-Core rev: 5fdde65ef58b4c1048839e4f9462b34bab36fc22) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 061af7a276..112ee3379d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= "" # CVE_CHECK_WHITELIST ?= "" +# Layers to be excluded +CVE_CHECK_LAYER_EXCLUDELIST ??= "" + +# Layers to be included +CVE_CHECK_LAYER_INCLUDELIST ??= "" + + # set to "alphabetical" for version using single alphabetical character as increament release CVE_VERSION_SUFFIX ??= "" @@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): CVE manifest if enabled. """ + cve_file = d.getVar("CVE_CHECK_LOG") fdir_name = d.getVar("FILE_DIRNAME") layer = fdir_name.split("/")[-3] + include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() + exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() + + if exclude_layers and layer in exclude_layers: + return + + if include_layers and layer not in include_layers: + return + nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" write_string = "" unpatched_cves = [] -- cgit v1.2.3-54-g00ecf