diff options
| author | Marta Rybczynska <rybczynska@gmail.com> | 2024-08-14 07:30:37 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-08-20 14:12:40 +0100 |
| commit | fb3f440b7d808d4e29b6ab90e75313d5cf516c36 (patch) | |
| tree | d11a4884bc55f516c2e2dc2c139998b5cdd039a7 /documentation/dev-manual/python-development-shell.rst | |
| parent | ebc872441686e09708a23b0ee1d6d865481fbc09 (diff) | |
| download | poky-fb3f440b7d808d4e29b6ab90e75313d5cf516c36.tar.gz | |
cve-check: annotate CVEs during analysis
Add status information for each CVE under analysis.
Previously the information passed between different function of the
cve-check class included only tables of patched, unpatched, ignored
vulnerabilities and the general status of the recipe.
The VEX work requires more information, and we need to pass them
between different functions, so that it can be enriched as the
analysis progresses. Instead of multiple tables, use a single one
with annotations for each CVE encountered. For example, a patched
CVE will have:
{"abbrev-status": "Patched", "status": "version-not-in-range"}
abbrev-status contains the general status (Patched, Unpatched,
Ignored and Unknown that will be added in the VEX code)
status contains more detailed information that can come from
CVE_STATUS and the analysis.
Additional fields of the annotation include for example the name
of the patch file fixing a given CVE.
We also use the annotation in CVE_STATUS to filter out entries
that do not apply to the given recipe
(From OE-Core rev: 452e605b55ad61c08f4af7089a5a9c576ca28f7d)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/dev-manual/python-development-shell.rst')
0 files changed, 0 insertions, 0 deletions