aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChee Yang Lee <chee.yang.lee@intel.com>2020-03-06 10:27:26 +0800
committerArmin Kuster <akuster808@gmail.com>2020-03-15 13:33:19 -0700
commit707b3a41b3cacfb7f1d1ed75f9a298ff4721735e (patch)
tree704a1ae7d2d10b16698ff69a71ee4f05f8aeea9e
parent229bc59863265433121656b57320d90808f6569e (diff)
downloadopenembedded-core-contrib-707b3a41b3cacfb7f1d1ed75f9a298ff4721735e.tar.gz
openembedded-core-contrib-707b3a41b3cacfb7f1d1ed75f9a298ff4721735e.tar.bz2
openembedded-core-contrib-707b3a41b3cacfb7f1d1ed75f9a298ff4721735e.zip
cve-check: show whitelisted status
change whitelisted CVE status from "Patched" to "Whitelisted". [Yocto #13687] Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 181bdd670492525f9488d52c3ebb9a1b142e35ea) Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/classes/cve-check.bbclass12
1 files changed, 7 insertions, 5 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 74124364b2a..7f98da60f16 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -56,10 +56,10 @@ python do_cve_check () {
patched_cves = get_patches_cves(d)
except FileNotFoundError:
bb.fatal("Failure in searching patches")
- patched, unpatched = check_cves(d, patched_cves)
+ whitelisted, patched, unpatched = check_cves(d, patched_cves)
if patched or unpatched:
cve_data = get_cve_info(d, patched + unpatched)
- cve_write_data(d, patched, unpatched, cve_data)
+ cve_write_data(d, patched, unpatched, whitelisted, cve_data)
else:
bb.note("No CVE database found, skipping CVE check")
@@ -263,7 +263,7 @@ def check_cves(d, patched_cves):
conn.close()
- return (list(patched_cves), cves_unpatched)
+ return (list(cve_whitelist), list(patched_cves), cves_unpatched)
def get_cve_info(d, cves):
"""
@@ -287,7 +287,7 @@ def get_cve_info(d, cves):
conn.close()
return cve_data
-def cve_write_data(d, patched, unpatched, cve_data):
+def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
"""
Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and
CVE manifest if enabled.
@@ -303,7 +303,9 @@ def cve_write_data(d, patched, unpatched, cve_data):
write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV")
write_string += "CVE: %s\n" % cve
- if cve in patched:
+ if cve in whitelisted:
+ write_string += "CVE STATUS: Whitelisted\n"
+ elif cve in patched:
write_string += "CVE STATUS: Patched\n"
else:
unpatched_cves.append(cve)