diff options
author | Chee Yang Lee <chee.yang.lee@intel.com> | 2020-03-06 10:27:26 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2020-03-10 19:19:55 -0700 |
commit | b7646fa3646d2a14f657da4056a0fa78334e3182 (patch) | |
tree | c8f71999d05251785618ee9449ca6a4b3e65914d /meta | |
parent | c8f5b560bfd67ae3880c380a2700e782e454958e (diff) | |
download | openembedded-core-contrib-b7646fa3646d2a14f657da4056a0fa78334e3182.tar.gz |
cve-check: show whitelisted status
change whitelisted CVE status from "Patched" to "Whitelisted".
[Yocto #13687]
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 181bdd670492525f9488d52c3ebb9a1b142e35ea)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/cve-check.bbclass | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 74124364b2..7f98da60f1 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -56,10 +56,10 @@ python do_cve_check () { patched_cves = get_patches_cves(d) except FileNotFoundError: bb.fatal("Failure in searching patches") - patched, unpatched = check_cves(d, patched_cves) + whitelisted, patched, unpatched = check_cves(d, patched_cves) if patched or unpatched: cve_data = get_cve_info(d, patched + unpatched) - cve_write_data(d, patched, unpatched, cve_data) + cve_write_data(d, patched, unpatched, whitelisted, cve_data) else: bb.note("No CVE database found, skipping CVE check") @@ -263,7 +263,7 @@ def check_cves(d, patched_cves): conn.close() - return (list(patched_cves), cves_unpatched) + return (list(cve_whitelist), list(patched_cves), cves_unpatched) def get_cve_info(d, cves): """ @@ -287,7 +287,7 @@ def get_cve_info(d, cves): conn.close() return cve_data -def cve_write_data(d, patched, unpatched, cve_data): +def cve_write_data(d, patched, unpatched, whitelisted, cve_data): """ Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and CVE manifest if enabled. @@ -303,7 +303,9 @@ def cve_write_data(d, patched, unpatched, cve_data): write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV") write_string += "CVE: %s\n" % cve - if cve in patched: + if cve in whitelisted: + write_string += "CVE STATUS: Whitelisted\n" + elif cve in patched: write_string += "CVE STATUS: Patched\n" else: unpatched_cves.append(cve) |