mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 05:29:32 +00:00
Code Issues Projects Releases Wiki Activity

cve-check: allow feed choice

Browse Source 
Allow choice of one of three feeds and update task dependencies
accordingly. All feeds contain data from NVD and are stored in
different files.

Set the NVD_DB_VERSION variable to choose feed:
NVD2 (default) - the NVD feed with API version 2
NVD1 - the NVD JSON feed (deprecated)
FKIE - the FKIE-CAD feed reconstruction

In case of malformed database feed name, we default to NVD2 and show
an error.

(From OE-Core rev: f265812bfb6797aee10e7be42865736c9ff3478f)

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Marta Rybczynska
2025-02-13 06:57:53 +01:00
committed by Richard Purdie
parent 0486af6e3c
commit 52dc3286df
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/classes/cve-check.bbclass
+12 -2
View File
@@ -31,7 +31,12 @@
CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_FILENAME ?= "nvdcve_2-2.db"
# Possible database sources: NVD1, NVD2, FKIE
NVD_DB_VERSION ?= "NVD2"
# Use different file names for each database source, as they synchronize at different moments, so may be slightly different
CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdcve_1-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD1' else 'nvdfkie_1-1.db'}"
CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}"
CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
@@ -114,6 +119,11 @@ python () {
d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
else:
bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
nvd_database_type = d.getVar("NVD_DB_VERSION")
if nvd_database_type not in ("NVD1", "NVD2", "FKIE"):
bb.erroronce("Malformed NVD_DB_VERSION, must be one of: NVD1, NVD2, FKIE. Defaulting to NVD2")
d.setVar("NVD_DB_VERSION", "NVD2")
}
def generate_json_report(d, out_path, link_path):
@@ -182,7 +192,7 @@ python do_cve_check () {
}
addtask cve_check before do_build
do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
do_cve_check[depends] = "${CVE_CHECK_DB_FETCHER}:do_unpack"
do_cve_check[nostamp] = "1"
python cve_check_cleanup () {