diff options
| author | Davide Gardenal <davidegarde2000@gmail.com> | 2022-05-03 09:51:43 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-14 20:26:34 +0100 |
| commit | 46e00399e5ceded87d1369c22ee8d4c1cdcbbd58 (patch) | |
| tree | cfce50cd983f748a45580919dbfb3aa39d6f9ea3 | |
| parent | 2120a39b09e33755e62d23cb565d37c8cc2ffec7 (diff) | |
| download | poky-46e00399e5ceded87d1369c22ee8d4c1cdcbbd58.tar.gz | |
cve-check: add JSON format to summary output
Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON format.
(From OE-Core rev: d8ef964ffeb92684d01d71c983af9dbb1e1b0c4f)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 51 |
1 files changed, 33 insertions, 18 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 41b4eb2dbf..350ed8ec39 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -75,6 +75,30 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" | |||
| 75 | # set to "alphabetical" for version using single alphabetical character as increment release | 75 | # set to "alphabetical" for version using single alphabetical character as increment release |
| 76 | CVE_VERSION_SUFFIX ??= "" | 76 | CVE_VERSION_SUFFIX ??= "" |
| 77 | 77 | ||
| 78 | def generate_json_report(out_path, link_path): | ||
| 79 | if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): | ||
| 80 | import json | ||
| 81 | from oe.cve_check import cve_check_merge_jsons | ||
| 82 | |||
| 83 | bb.note("Generating JSON CVE summary") | ||
| 84 | index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") | ||
| 85 | summary = {"version":"1", "package": []} | ||
| 86 | with open(index_file) as f: | ||
| 87 | filename = f.readline() | ||
| 88 | while filename: | ||
| 89 | with open(filename.rstrip()) as j: | ||
| 90 | data = json.load(j) | ||
| 91 | cve_check_merge_jsons(summary, data) | ||
| 92 | filename = f.readline() | ||
| 93 | |||
| 94 | with open(out_path, "w") as f: | ||
| 95 | json.dump(summary, f, indent=2) | ||
| 96 | |||
| 97 | if link_path != out_path: | ||
| 98 | if os.path.exists(os.path.realpath(link_path)): | ||
| 99 | os.remove(link_path) | ||
| 100 | os.symlink(os.path.basename(out_path), link_path) | ||
| 101 | |||
| 78 | python cve_save_summary_handler () { | 102 | python cve_save_summary_handler () { |
| 79 | import shutil | 103 | import shutil |
| 80 | import datetime | 104 | import datetime |
| @@ -97,6 +121,11 @@ python cve_save_summary_handler () { | |||
| 97 | if os.path.exists(os.path.realpath(cvefile_link)): | 121 | if os.path.exists(os.path.realpath(cvefile_link)): |
| 98 | os.remove(cvefile_link) | 122 | os.remove(cvefile_link) |
| 99 | os.symlink(os.path.basename(cve_summary_file), cvefile_link) | 123 | os.symlink(os.path.basename(cve_summary_file), cvefile_link) |
| 124 | |||
| 125 | json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) | ||
| 126 | json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp)) | ||
| 127 | generate_json_report(json_summary_name, json_summary_link_name) | ||
| 128 | bb.plain("CVE report summary created at: %s" % json_summary_link_name) | ||
| 100 | } | 129 | } |
| 101 | 130 | ||
| 102 | addhandler cve_save_summary_handler | 131 | addhandler cve_save_summary_handler |
| @@ -170,25 +199,11 @@ python cve_check_write_rootfs_manifest () { | |||
| 170 | os.symlink(os.path.basename(manifest_name), manifest_link) | 199 | os.symlink(os.path.basename(manifest_name), manifest_link) |
| 171 | bb.plain("Image CVE report stored in: %s" % manifest_name) | 200 | bb.plain("Image CVE report stored in: %s" % manifest_name) |
| 172 | 201 | ||
| 173 | if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): | 202 | link_path = os.path.join(deploy_dir, "%s.json" % link_name) |
| 174 | import json | 203 | manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") |
| 175 | bb.note("Generating JSON CVE manifest") | 204 | bb.note("Generating JSON CVE manifest") |
| 176 | deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") | 205 | generate_json_report(json_summary_name, json_summary_link_name) |
| 177 | link_name = d.getVar("IMAGE_LINK_NAME") | 206 | bb.plain("Image CVE JSON report stored in: %s" % link_path) |
| 178 | manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") | ||
| 179 | index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") | ||
| 180 | manifest = {"version":"1", "package": []} | ||
| 181 | with open(index_file) as f: | ||
| 182 | filename = f.readline() | ||
| 183 | while filename: | ||
| 184 | with open(filename.rstrip()) as j: | ||
| 185 | data = json.load(j) | ||
| 186 | cve_check_merge_jsons(manifest, data) | ||
| 187 | filename = f.readline() | ||
| 188 | |||
| 189 | with open(manifest_name, "w") as f: | ||
| 190 | json.dump(manifest, f, indent=2) | ||
| 191 | bb.plain("Image CVE report stored in: %s" % manifest_name) | ||
| 192 | } | 207 | } |
| 193 | 208 | ||
| 194 | ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" | 209 | ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" |