diff options
| author | Davide Gardenal <davidegarde2000@gmail.com> | 2022-05-03 09:51:43 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-12 16:44:06 +0100 |
| commit | 645c157befa8eb91dfb81cecff4d70ddcd2c9f25 (patch) | |
| tree | 2a11760574a802818e9874c582b11f120629bc7e | |
| parent | b7601c92ffff680afa4af7e29e4f42c61856be72 (diff) | |
| download | poky-645c157befa8eb91dfb81cecff4d70ddcd2c9f25.tar.gz | |
cve-check: add JSON format to summary output
Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON format.
(From OE-Core rev: 8a79c476706b25e5c707c65b4e46b6e940874bd6)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 51 |
1 files changed, 33 insertions, 18 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 7cf206299b..c74c717235 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -79,6 +79,30 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" | |||
| 79 | # set to "alphabetical" for version using single alphabetical character as increment release | 79 | # set to "alphabetical" for version using single alphabetical character as increment release |
| 80 | CVE_VERSION_SUFFIX ??= "" | 80 | CVE_VERSION_SUFFIX ??= "" |
| 81 | 81 | ||
| 82 | def generate_json_report(out_path, link_path): | ||
| 83 | if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): | ||
| 84 | import json | ||
| 85 | from oe.cve_check import cve_check_merge_jsons | ||
| 86 | |||
| 87 | bb.note("Generating JSON CVE summary") | ||
| 88 | index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") | ||
| 89 | summary = {"version":"1", "package": []} | ||
| 90 | with open(index_file) as f: | ||
| 91 | filename = f.readline() | ||
| 92 | while filename: | ||
| 93 | with open(filename.rstrip()) as j: | ||
| 94 | data = json.load(j) | ||
| 95 | cve_check_merge_jsons(summary, data) | ||
| 96 | filename = f.readline() | ||
| 97 | |||
| 98 | with open(out_path, "w") as f: | ||
| 99 | json.dump(summary, f, indent=2) | ||
| 100 | |||
| 101 | if link_path != out_path: | ||
| 102 | if os.path.exists(os.path.realpath(link_path)): | ||
| 103 | os.remove(link_path) | ||
| 104 | os.symlink(os.path.basename(out_path), link_path) | ||
| 105 | |||
| 82 | python cve_save_summary_handler () { | 106 | python cve_save_summary_handler () { |
| 83 | import shutil | 107 | import shutil |
| 84 | import datetime | 108 | import datetime |
| @@ -101,6 +125,11 @@ python cve_save_summary_handler () { | |||
| 101 | if os.path.exists(os.path.realpath(cvefile_link)): | 125 | if os.path.exists(os.path.realpath(cvefile_link)): |
| 102 | os.remove(cvefile_link) | 126 | os.remove(cvefile_link) |
| 103 | os.symlink(os.path.basename(cve_summary_file), cvefile_link) | 127 | os.symlink(os.path.basename(cve_summary_file), cvefile_link) |
| 128 | |||
| 129 | json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) | ||
| 130 | json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp)) | ||
| 131 | generate_json_report(json_summary_name, json_summary_link_name) | ||
| 132 | bb.plain("CVE report summary created at: %s" % json_summary_link_name) | ||
| 104 | } | 133 | } |
| 105 | 134 | ||
| 106 | addhandler cve_save_summary_handler | 135 | addhandler cve_save_summary_handler |
| @@ -175,25 +204,11 @@ python cve_check_write_rootfs_manifest () { | |||
| 175 | os.symlink(os.path.basename(manifest_name), manifest_link) | 204 | os.symlink(os.path.basename(manifest_name), manifest_link) |
| 176 | bb.plain("Image CVE report stored in: %s" % manifest_name) | 205 | bb.plain("Image CVE report stored in: %s" % manifest_name) |
| 177 | 206 | ||
| 178 | if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): | 207 | link_path = os.path.join(deploy_dir, "%s.json" % link_name) |
| 179 | import json | 208 | manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") |
| 180 | bb.note("Generating JSON CVE manifest") | 209 | bb.note("Generating JSON CVE manifest") |
| 181 | deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") | 210 | generate_json_report(json_summary_name, json_summary_link_name) |
| 182 | link_name = d.getVar("IMAGE_LINK_NAME") | 211 | bb.plain("Image CVE JSON report stored in: %s" % link_path) |
| 183 | manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") | ||
| 184 | index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") | ||
| 185 | manifest = {"version":"1", "package": []} | ||
| 186 | with open(index_file) as f: | ||
| 187 | filename = f.readline() | ||
| 188 | while filename: | ||
| 189 | with open(filename.rstrip()) as j: | ||
| 190 | data = json.load(j) | ||
| 191 | cve_check_merge_jsons(manifest, data) | ||
| 192 | filename = f.readline() | ||
| 193 | |||
| 194 | with open(manifest_name, "w") as f: | ||
| 195 | json.dump(manifest, f, indent=2) | ||
| 196 | bb.plain("Image CVE report stored in: %s" % manifest_name) | ||
| 197 | } | 212 | } |
| 198 | 213 | ||
| 199 | ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" | 214 | ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" |