diff options
| author |   akuster <akuster808@gmail.com> | 2021-02-08 05:51:30 +0000 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-03-10 00:24:17 +0000 |
| commit | 1cd6f900b679956f51c49cfef9ba6bd22a81c805 (patch) | |
| tree | d3bd0bb57d4c6bf9354b7e4c6f25ca550b14e801 /meta/classes | |
| parent | ede1c9faae48c8d9107cbdc2fcf61d7af60d32e5 (diff) | |
| download | openembedded-core-contrib-1cd6f900b679956f51c49cfef9ba6bd22a81c805.tar.gz | |
cve-check: add include/exclude layers
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5fdde65ef58b4c1048839e4f9462b34bab36fc22)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 061af7a276..112ee3379d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= "" # CVE_CHECK_WHITELIST ?= "" +# Layers to be excluded +CVE_CHECK_LAYER_EXCLUDELIST ??= "" + +# Layers to be included +CVE_CHECK_LAYER_INCLUDELIST ??= "" + + # set to "alphabetical" for version using single alphabetical character as increament release CVE_VERSION_SUFFIX ??= "" @@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): CVE manifest if enabled. """ + cve_file = d.getVar("CVE_CHECK_LOG") fdir_name = d.getVar("FILE_DIRNAME") layer = fdir_name.split("/")[-3] + include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() + exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() + + if exclude_layers and layer in exclude_layers: + return + + if include_layers and layer not in include_layers: + return + nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" write_string = "" unpatched_cves = [] |