diff options
| author | Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> | 2025-11-21 10:54:11 +0100 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-12-01 07:34:55 -0800 |
| commit | d1f8b0c6ddb1adad4be4cb465463e13d12c81ecc (patch) | |
| tree | 5b583df5b20ea1819146970a63616c840b7c31a5 /meta/lib | |
| parent | cf3b1a7e6df0434b2b60870305150389937072e7 (diff) | |
| download | poky-d1f8b0c6ddb1adad4be4cb465463e13d12c81ecc.tar.gz | |
cve-check: extract extending CVE_STATUS to library function
The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and
CVE_STATUS_GROUPS is used on multiple places.
Create a library function to have the code on single place and ready for
reuse by additional classes.
Conflicts:
meta/classes/cve-check.bbclass
meta/lib/oe/cve_check.py
(From OE-Core rev: ddd295c7d4c313fbbb24f7a5e633d4adfea4054a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 45e18f4270d084d81c21b1e5a4a601ce975d8a77)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/lib')
| -rw-r--r-- | meta/lib/oe/cve_check.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index ed5c714cb8..7c09b78242 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py | |||
| @@ -243,3 +243,25 @@ def decode_cve_status(d, cve): | |||
| 243 | status_mapping = "Unpatched" | 243 | status_mapping = "Unpatched" |
| 244 | 244 | ||
| 245 | return (status_mapping, detail, description) | 245 | return (status_mapping, detail, description) |
| 246 | |||
| 247 | def extend_cve_status(d): | ||
| 248 | # do this only once in case multiple classes use this | ||
| 249 | if d.getVar("CVE_STATUS_EXTENDED"): | ||
| 250 | return | ||
| 251 | d.setVar("CVE_STATUS_EXTENDED", "1") | ||
| 252 | |||
| 253 | # Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS | ||
| 254 | cve_check_ignore = d.getVar("CVE_CHECK_IGNORE") | ||
| 255 | if cve_check_ignore: | ||
| 256 | bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS") | ||
| 257 | for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split(): | ||
| 258 | d.setVarFlag("CVE_STATUS", cve, "ignored") | ||
| 259 | |||
| 260 | # Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once | ||
| 261 | for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split(): | ||
| 262 | cve_group = d.getVar(cve_status_group) | ||
| 263 | if cve_group is not None: | ||
| 264 | for cve in cve_group.split(): | ||
| 265 | d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status")) | ||
| 266 | else: | ||
| 267 | bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group) | ||
