aboutsummaryrefslogtreecommitdiffstats
path: root/meta/lib/oeqa/selftest/cases/cve_check.py
Commit message (Collapse)AuthorAgeFilesLines
* cve-check: CVE_VERSION_SUFFIX to work with patched releaseLee Chee Yang2021-04-091-0/+8
| | | | | | | | | | | | | CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX" or "patchX" as patched release. also update testcases to cover this changes and set CVE_VERSION_SUFFIX for sudo. Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8076815fc2ffc8f632e73527ce2b7d158a29e9ea) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioningLee Chee Yang2021-02-011-1/+10
| | | | | | | | | | | | | | | | | | | | add CVE_VERSION_SUFFIX to indicate the version suffix type, currently works in two value, "alphabetical" if the version string uses single alphabetical character suffix as incremental release, blank to not consider the unidentified suffixes. This can be expand when more suffix pattern identified. refactor cve_check.Version class to use functools and add parameter to handle suffix condition. Also update testcases to cover new changes. (From OE-Core rev: 5dfd5ad5144708b474ef31eaa89a846c57be8ac0) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 86b42289bda5bc2a4eff221ab476f170dd3d3794) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* cve-check: replace Looseversion with custom version classLee Chee Yang2021-02-011-0/+27
The way distutils.version.LooseVersion compare version are tricky, it treat all these ( "1.0-beta2", "1.0-rc1", "1.0A", "1.0p2" and "1.0pre1") as greater version than "1.0". This might be right for "1.0A" and "1.0p1" but not for the rest, also these version could be confusing, the "p" in "1.0p1" can be "pre" or "patched" version or even other meaning. Replace Looseversion with custom class, it uses regex to capture common version format like "1.1.1" or tag format using date like "2020-12-12" as release section, check for following known string/tags ( beta, rc, pre, dev, alpha, preview) as pre-release section, any other trailing characters are difficult to understand/define so ignore them. Compare release section and pre-release section saperately. included selftest for the version class. [YOCTO#14127] (From OE-Core rev: 6ced85e9ddd3569240f1e8b82130d1ac0fffbc40) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3807c6d9a78ac8ade24c9c69cfe2b9624c49a20d) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>