From 296fdb6643dca484cd1f32cef51e3beeef8842c5 Mon Sep 17 00:00:00 2001
From: Simone Weiß <simone.p.weiss@posteo.com>
Date: Sat, 24 Feb 2024 08:18:38 +0000
Subject: cve-check: Log if CVE_STATUS set but not reported for component
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a
component. This should hopefully help to clean up not needed CVE_STATUS
settings.

(From OE-Core rev: 013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270)

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/cve-check.bbclass | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'meta/classes/cve-check.bbclass')

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5191d04303..56ba8bceef 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -418,6 +418,9 @@ def check_cves(d, patched_cves):
             cves_status.append([product, False])
 
     conn.close()
+    diff_ignore = list(set(cve_ignore) - set(cves_ignored))
+    if diff_ignore:
+        oe.qa.handle_error("cve_status_not_in_db", "Found CVE (%s) with CVE_STATUS set that are not found in database for this component" % " ".join(diff_ignore), d)
 
     if not cves_in_recipe:
         bb.note("No CVE records for products in recipe %s" % (pn))
-- 
cgit v1.2.3-54-g00ecf