1 files changed, 49 insertions, 0 deletions
diff --git a/meta/lib/patchtest/tests/test_mbox_cve.py b/meta/lib/patchtest/tests/test_mbox_cve.py
new file mode 100644
index 0000000000..f99194c094
--- /dev/null
+++ b/meta/lib/patchtest/tests/test_mbox_cve.py
@@ -0,0 +1,49 @@
+# Checks related to the patch's CVE lines
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# SPDX-License-Identifier: GPL-2.0-or-later
+import base
+import os
+import parse_cve_tags
+import re
+class CVE(base.Base):
+    revert_shortlog_regex = re.compile('Revert\s+".*"')
+    prog = parse_cve_tags.cve_tag
+    def setUp(self):
+        if self.unidiff_parse_error:
+            self.skip('Parse error %s' % self.unidiff_parse_error)
+        # we are just interested in series that introduce CVE patches, thus discard other
+        # possibilities: modification to current CVEs, patch directly introduced into the
+        # recipe, upgrades already including the CVE, etc.
+        new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
+        if not new_cves:
+            self.skip('No new CVE patches introduced')
+    def test_cve_presence_in_commit_message(self):
+        for commit in CVE.commits:
+            # skip those patches that revert older commits, these do not required the tag presence
+            if self.revert_shortlog_regex.match(commit.shortlog):
+                continue
+            if not self.prog.search_string(commit.payload):
+                self.fail('Missing or incorrectly formatted CVE tag in mbox',
+                          'Correct or include the CVE tag in the mbox with format: "CVE: CVE-YYYY-XXXX"',
+                          commit)

diff --git a/meta/lib/patchtest/tests/test_mbox_cve.py b/meta/lib/patchtest/tests/test_mbox_cve.py new file mode 100644 index 0000000000..f99194c094 --- /dev/null +++ b/meta/lib/patchtest/tests/test_mbox_cve.py
@@ -0,0 +1,49 @@
	1	# Checks related to the patch's CVE lines
	2	#
	3	# Copyright (C) 2016 Intel Corporation
	4	#
	5	# This program is free software; you can redistribute it and/or modify
	6	# it under the terms of the GNU General Public License version 2 as
	7	# published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU General Public License along
	15	# with this program; if not, write to the Free Software Foundation, Inc.,
	16	# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	17
	18	# SPDX-License-Identifier: GPL-2.0-or-later
	19
	20	import base
	21	import os
	22	import parse_cve_tags
	23	import re
	24
	25	class CVE(base.Base):
	26
	27	revert_shortlog_regex = re.compile('Revert\s+".*"')
	28	prog = parse_cve_tags.cve_tag
	29
	30	def setUp(self):
	31	if self.unidiff_parse_error:
	32	self.skip('Parse error %s' % self.unidiff_parse_error)
	33
	34	# we are just interested in series that introduce CVE patches, thus discard other
	35	# possibilities: modification to current CVEs, patch directly introduced into the
	36	# recipe, upgrades already including the CVE, etc.
	37	new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
	38	if not new_cves:
	39	self.skip('No new CVE patches introduced')
	40
	41	def test_cve_presence_in_commit_message(self):
	42	for commit in CVE.commits:
	43	# skip those patches that revert older commits, these do not required the tag presence
	44	if self.revert_shortlog_regex.match(commit.shortlog):
	45	continue
	46	if not self.prog.search_string(commit.payload):
	47	self.fail('Missing or incorrectly formatted CVE tag in mbox',
	48	'Correct or include the CVE tag in the mbox with format: "CVE: CVE-YYYY-XXXX"',
	49	commit)