diff options
| author |   Ross Burton <ross.burton@arm.com> | 2022-04-27 12:43:39 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-28 11:44:50 +0100 |
| commit | cefc8741438c91f74264da6b59dece2e31f9e5a5 (patch) | |
| tree | 8504ec4585925c2337d167cf02080ba94b69feb4 /meta/lib | |
| parent | d98b06c9c6f480de1e5167bfe8392e39300fc02c (diff) | |
| download | openembedded-core-contrib-cefc8741438c91f74264da6b59dece2e31f9e5a5.tar.gz | |
cve_check: skip remote patches that haven't been fetched when searching for CVE tags
If a remote patch is compressed we need to have run the unpack task for
the file to exist locally. Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.
Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
| -rw-r--r-- | meta/lib/oe/cve_check.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index e445b7a6ae..dc7d2e2826 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -89,9 +89,10 @@ def get_patched_cves(d): for url in oe.patch.src_patches(d): patch_file = bb.fetch.decodeurl(url)[2] + # Remote compressed patches may not be unpacked, so silently ignore them if not os.path.isfile(patch_file): - bb.error("File Not found: %s" % patch_file) - raise FileNotFoundError + bb.warn("%s does not exist, cannot extract CVE list" % patch_file) + continue # Check patch file name for CVE ID fname_match = cve_file_name_match.search(patch_file) |