summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/classes/cve-check.bbclass38
1 files changed, 22 insertions, 16 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index df28a93687..25cefda92e 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -41,14 +41,16 @@ CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve
41CVE_CHECK_COPY_FILES ??= "1" 41CVE_CHECK_COPY_FILES ??= "1"
42CVE_CHECK_CREATE_MANIFEST ??= "1" 42CVE_CHECK_CREATE_MANIFEST ??= "1"
43 43
44CVE_CHECK_REPORT_PATCHED ??= "1"
45
44# Whitelist for packages (PN) 46# Whitelist for packages (PN)
45CVE_CHECK_PN_WHITELIST ?= "" 47CVE_CHECK_PN_WHITELIST ?= ""
46 48
47# Whitelist for CVE. If a CVE is found, then it is considered patched. 49# Whitelist for CVE. If a CVE is found, then it is considered patched.
48# The value is a string containing space separated CVE values: 50# The value is a string containing space separated CVE values:
49# 51#
50# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234' 52# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
51# 53#
52CVE_CHECK_WHITELIST ?= "" 54CVE_CHECK_WHITELIST ?= ""
53 55
54python cve_save_summary_handler () { 56python cve_save_summary_handler () {
@@ -332,12 +334,15 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
332 bb.utils.mkdirhier(os.path.dirname(cve_file)) 334 bb.utils.mkdirhier(os.path.dirname(cve_file))
333 335
334 for cve in sorted(cve_data): 336 for cve in sorted(cve_data):
337 is_patched = cve in patched
338 if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
339 continue
335 write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") 340 write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
336 write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) 341 write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
337 write_string += "CVE: %s\n" % cve 342 write_string += "CVE: %s\n" % cve
338 if cve in whitelisted: 343 if cve in whitelisted:
339 write_string += "CVE STATUS: Whitelisted\n" 344 write_string += "CVE STATUS: Whitelisted\n"
340 elif cve in patched: 345 elif is_patched:
341 write_string += "CVE STATUS: Patched\n" 346 write_string += "CVE STATUS: Patched\n"
342 else: 347 else:
343 unpatched_cves.append(cve) 348 unpatched_cves.append(cve)
@@ -351,19 +356,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
351 if unpatched_cves: 356 if unpatched_cves:
352 bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) 357 bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
353 358
354 with open(cve_file, "w") as f: 359 if write_string:
355 bb.note("Writing file %s with CVE information" % cve_file) 360 with open(cve_file, "w") as f:
356 f.write(write_string) 361 bb.note("Writing file %s with CVE information" % cve_file)
357
358 if d.getVar("CVE_CHECK_COPY_FILES") == "1":
359 deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
360 bb.utils.mkdirhier(os.path.dirname(deploy_file))
361 with open(deploy_file, "w") as f:
362 f.write(write_string) 362 f.write(write_string)
363 363
364 if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": 364 if d.getVar("CVE_CHECK_COPY_FILES") == "1":
365 cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") 365 deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
366 bb.utils.mkdirhier(cvelogpath) 366 bb.utils.mkdirhier(os.path.dirname(deploy_file))
367 with open(deploy_file, "w") as f:
368 f.write(write_string)
369
370 if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
371 cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
372 bb.utils.mkdirhier(cvelogpath)
367 373
368 with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: 374 with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
369 f.write("%s" % write_string) 375 f.write("%s" % write_string)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-31 00:56:30 +0000