cve-check: Fix false negative version issue

NVD DB store version and update in the same value, separated by '_'. The proposed patch check if the version from NVD DB contains a "_", ie 9.2.0_p1 is convert to 9.2.0p1 before version comparison. [YOCTO #14127] Reviewed-by: Yoann CONGAL <yoann.congal@smile.fr> (From OE-Core rev: 7d00f6ec578084a0a0e5caf36241d53036d996c4) Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Geoffrey GIRY <geoffrey.giry@smile.fr> 2023-03-28 12:23:49 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-30 12:30:38 +0100
commit: 81740facf458a5a3326c0cfca20ebf75d8fe91d0 (patch)
tree: 7fd393837325a5d81c8fc38eeb5911c45c751ab2 /meta/lib/oeqa/selftest/cases
parent: e8693364c59e627bf667c5ecc790beb2a59b6dd8 (diff)
download: poky-81740facf458a5a3326c0cfca20ebf75d8fe91d0.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index ac47af1990..9534c9775c 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -54,6 +54,25 @@ class CVECheck(OESelftestTestCase):
        self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
+    def test_convert_cve_version(self):
+        from oe.cve_check import convert_cve_version
+        # Default format
+        self.assertEqual(convert_cve_version("8.3"), "8.3")
+        self.assertEqual(convert_cve_version(""), "")
+        # OpenSSL format version
+        self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t")
+        # OpenSSH format
+        self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1")
+        self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22")
+        # Linux kernel format
+        self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8")
+        self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31")
    def test_recipe_report_json(self):
        config = """
 INHERIT += "cve-check"
author	Geoffrey GIRY <geoffrey.giry@smile.fr>	2023-03-28 12:23:49 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-30 12:30:38 +0100
commit	81740facf458a5a3326c0cfca20ebf75d8fe91d0 (patch)
tree	7fd393837325a5d81c8fc38eeb5911c45c751ab2 /meta/lib/oeqa/selftest/cases
parent	e8693364c59e627bf667c5ecc790beb2a59b6dd8 (diff)
download	poky-81740facf458a5a3326c0cfca20ebf75d8fe91d0.tar.gz

diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index ac47af1990..9534c9775c 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -54,6 +54,25 @@ class CVECheck(OESelftestTestCase):
54	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")	54	self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
55		55
56		56
		57	def test_convert_cve_version(self):
		58	from oe.cve_check import convert_cve_version
		59
		60	# Default format
		61	self.assertEqual(convert_cve_version("8.3"), "8.3")
		62	self.assertEqual(convert_cve_version(""), "")
		63
		64	# OpenSSL format version
		65	self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t")
		66
		67	# OpenSSH format
		68	self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1")
		69	self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22")
		70
		71	# Linux kernel format
		72	self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8")
		73	self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31")
		74
		75
57	def test_recipe_report_json(self):	76	def test_recipe_report_json(self):
58	config = """	77	config = """
59	INHERIT += "cve-check"	78	INHERIT += "cve-check"