cve-check: Log if CVE_STATUS set but not reported for componentuninative-4.4

Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a component. This should hopefully help to clean up not needed CVE_STATUS settings. Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Simone Weiß <simone.p.weiss@posteo.com> 2024-02-24 08:18:38 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-02-24 16:10:19 +0000
commit: 013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270 (patch)
tree: a37b097cd13c405b4a132a5638f5736c2d744ad6 /meta/classes
parent: cea8c8bf73e84133f566d1c2ca0637494f2d7afe (diff)
download: openembedded-core-013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5191d04303..56ba8bceef 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -418,6 +418,9 @@ def check_cves(d, patched_cves):
             cves_status.append([product, False])
 
     conn.close()
+    diff_ignore = list(set(cve_ignore) - set(cves_ignored))
+    if diff_ignore:
+        oe.qa.handle_error("cve_status_not_in_db", "Found CVE (%s) with CVE_STATUS set that are not found in database for this component" % " ".join(diff_ignore), d)
 
     if not cves_in_recipe:
         bb.note("No CVE records for products in recipe %s" % (pn))
author	Simone Weiß <simone.p.weiss@posteo.com>	2024-02-24 08:18:38 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-02-24 16:10:19 +0000
commit	013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270 (patch)
tree	a37b097cd13c405b4a132a5638f5736c2d744ad6 /meta/classes
parent	cea8c8bf73e84133f566d1c2ca0637494f2d7afe (diff)
download	openembedded-core-013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270.tar.gz