diff options
3 files changed, 0 insertions, 170 deletions
diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail deleted file mode 100644 index d40b8a936b..0000000000 --- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.fail +++ /dev/null @@ -1,72 +0,0 @@ -From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001 -From: Trevor Gamblin <tgamblin@baylibre.com> -Date: Tue, 29 Aug 2023 14:12:27 -0400 -Subject: [PATCH] selftest-hello: fix CVE-1234-56789 - -This patch should fail the test for CVE presence in the mbox commit message. - -Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> ---- - .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++ - .../selftest-hello/selftest-hello_1.0.bb | 6 +++-- - 2 files changed, 31 insertions(+), 2 deletions(-) - create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch - -diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch -new file mode 100644 -index 0000000000..869cfb6fe5 ---- /dev/null -+++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch -@@ -0,0 +1,27 @@ -+From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001 -+From: Trevor Gamblin <tgamblin@baylibre.com> -+Date: Tue, 29 Aug 2023 14:08:20 -0400 -+Subject: [PATCH] Fix CVE-NOT-REAL -+ -+CVE: CVE-1234-56789 -+Upstream-Status: Backport(http://example.com/example) -+ -+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> -+--- -+ strlen.c | 1 + -+ 1 file changed, 1 insertion(+) -+ -+diff --git a/strlen.c b/strlen.c -+index 1788f38..83d7918 100644 -+--- a/strlen.c -++++ b/strlen.c -+@@ -8,6 +8,7 @@ int main() { -+ -+ printf("%d\n", str_len(string1)); -+ printf("%d\n", str_len(string2)); -++ printf("CVE FIXED!!!\n"); -+ -+ return 0; -+ } -+-- -+2.41.0 -diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb -index 547587bef4..76975a6729 100644 ---- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb -+++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb -@@ -3,7 +3,9 @@ SECTION = "examples" - LICENSE = "MIT" - LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" - --SRC_URI = "file://helloworld.c" -+SRC_URI = "file://helloworld.c \ -+ file://CVE-1234-56789.patch \ -+ " - - S = "${WORKDIR}" - -@@ -16,4 +18,4 @@ do_install() { - install -m 0755 helloworld ${D}${bindir} - } - --BBCLASSEXTEND = "native nativesdk" -\ No newline at end of file -+BBCLASSEXTEND = "native nativesdk" --- -2.41.0 - diff --git a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass b/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass deleted file mode 100644 index 433c7a450a..0000000000 --- a/meta/lib/patchtest/selftest/files/TestMbox.test_cve_presence_in_commit_message.pass +++ /dev/null @@ -1,74 +0,0 @@ -From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001 -From: Trevor Gamblin <tgamblin@baylibre.com> -Date: Tue, 29 Aug 2023 14:12:27 -0400 -Subject: [PATCH] selftest-hello: fix CVE-1234-56789 - -This test should pass the mbox cve tag test. - -CVE: CVE-1234-56789 - -Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> ---- - .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++ - .../selftest-hello/selftest-hello_1.0.bb | 6 +++-- - 2 files changed, 31 insertions(+), 2 deletions(-) - create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch - -diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch -new file mode 100644 -index 0000000000..869cfb6fe5 ---- /dev/null -+++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch -@@ -0,0 +1,27 @@ -+From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001 -+From: Trevor Gamblin <tgamblin@baylibre.com> -+Date: Tue, 29 Aug 2023 14:08:20 -0400 -+Subject: [PATCH] Fix CVE-NOT-REAL -+ -+CVE: CVE-1234-56789 -+Upstream-Status: Backport(http://example.com/example) -+ -+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> -+--- -+ strlen.c | 1 + -+ 1 file changed, 1 insertion(+) -+ -+diff --git a/strlen.c b/strlen.c -+index 1788f38..83d7918 100644 -+--- a/strlen.c -++++ b/strlen.c -+@@ -8,6 +8,7 @@ int main() { -+ -+ printf("%d\n", str_len(string1)); -+ printf("%d\n", str_len(string2)); -++ printf("CVE FIXED!!!\n"); -+ -+ return 0; -+ } -+-- -+2.41.0 -diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb -index 547587bef4..76975a6729 100644 ---- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb -+++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb -@@ -3,7 +3,9 @@ SECTION = "examples" - LICENSE = "MIT" - LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" - --SRC_URI = "file://helloworld.c" -+SRC_URI = "file://helloworld.c \ -+ file://CVE-1234-56789.patch \ -+ " - - S = "${WORKDIR}" - -@@ -16,4 +18,4 @@ do_install() { - install -m 0755 helloworld ${D}${bindir} - } - --BBCLASSEXTEND = "native nativesdk" -\ No newline at end of file -+BBCLASSEXTEND = "native nativesdk" --- -2.41.0 - diff --git a/meta/lib/patchtest/tests/test_mbox.py b/meta/lib/patchtest/tests/test_mbox.py index 2449564d0f..0b623b7d17 100644 --- a/meta/lib/patchtest/tests/test_mbox.py +++ b/meta/lib/patchtest/tests/test_mbox.py @@ -6,7 +6,6 @@ import base import collections -import parse_cve_tags import parse_shortlog import parse_signed_off_by import pyparsing @@ -33,8 +32,6 @@ class TestMbox(base.Base): rexp_detect = pyparsing.Regex('\[\s?YOCTO.*\]') rexp_validation = pyparsing.Regex('\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]') revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"') - prog = parse_cve_tags.cve_tag - patch_prog = parse_cve_tags.patch_cve_tag signoff_prog = parse_signed_off_by.signed_off_by revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"') maxlength = 90 @@ -143,27 +140,6 @@ class TestMbox(base.Base): if not commit.commit_message.strip(): self.fail('Please include a commit message on your patch explaining the change', commit=commit) - def test_cve_presence_in_commit_message(self): - if self.unidiff_parse_error: - self.skip('Parse error %s' % self.unidiff_parse_error) - - # we are just interested in series that introduce CVE patches, thus discard other - # possibilities: modification to current CVEs, patch directly introduced into the - # recipe, upgrades already including the CVE, etc. - new_patches = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file] - if not new_patches: - self.skip('No new patches introduced') - - for commit in TestMbox.commits: - # skip those patches that revert older commits, these do not required the tag presence - if self.revert_shortlog_regex.search_string(commit.shortlog): - continue - if not self.patch_prog.search_string(commit.payload): - self.skip("No CVE tag in added patch, so not needed in mbox") - elif not self.prog.search_string(commit.payload): - self.fail('A CVE tag should be provided in the commit message with format: "CVE: CVE-YYYY-XXXX"', - commit=commit) - def test_bugzilla_entry_format(self): for commit in TestMbox.commits: if not self.rexp_detect.search_string(commit.commit_message): |