mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 12:29:55 +00:00
Code Issues Projects Releases Wiki Activity

cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST

Browse Source 
CVE_CHECK_WHITELIST does not contain version anymore, as it was not
used. This variable should be set per recipe.

(From OE-Core rev: 7069302a4ccbb5b72e1902f284cf078516fd7294)

Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Pierre Le Magourou
2019-07-18 14:41:18 +02:00
committed by Richard Purdie
parent b4db437f11
commit 4b8a6f4929
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/classes/cve-check.bbclass
+10 -10
View File
@@ -39,15 +39,12 @@ CVE_CHECK_CREATE_MANIFEST ??= "1"
# Whitelist for packages (PN) # Whitelist for packages (PN)
CVE_CHECK_PN_WHITELIST ?= "" CVE_CHECK_PN_WHITELIST ?= ""
# Whitelist for CVE and version of package. If a CVE is found then the PV is # Whitelist for CVE. If a CVE is found, then it is considered patched.
# compared with the version list, and if found the CVE is considered # The value is a string containing space separated CVE values:
# patched.
# #
# The value should be valid Python in this format: # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
# { #
# 'CVE-2014-2524': ('6.3','5.2') CVE_CHECK_WHITELIST ?= ""
# }
CVE_CHECK_CVE_WHITELIST ?= "{}"
python do_cve_check () { python do_cve_check () {
""" """
@@ -185,7 +182,10 @@ def check_cves(d, patched_cves):
bb.note("Recipe has been whitelisted, skipping check") bb.note("Recipe has been whitelisted, skipping check")
return ([], []) return ([], [])
cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
if old_cve_whitelist:
bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
import sqlite3 import sqlite3
db_file = d.getVar("CVE_CHECK_DB_FILE") db_file = d.getVar("CVE_CHECK_DB_FILE")
@@ -206,7 +206,7 @@ def check_cves(d, patched_cves):
version_end = row[6] version_end = row[6]
operator_end = row[7] operator_end = row[7]
if pv in cve_whitelist.get(cve, []): if cve in cve_whitelist:
bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
elif cve in patched_cves: elif cve in patched_cves:
bb.note("%s has been patched" % (cve)) bb.note("%s has been patched" % (cve))