mirror of
https://git.yoctoproject.org/poky
synced 2026-07-16 15:57:04 +00:00
cve-check: extract extending CVE_STATUS to library function
The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and CVE_STATUS_GROUPS is used on multiple places. Create a library funtion to have the code on single place and ready for reuse by additional classes. (From OE-Core rev: 45e18f4270d084d81c21b1e5a4a601ce975d8a77) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
f68e3e49d4
commit
9fd08fcd94
@@ -354,3 +354,25 @@ def has_cve_product_match(detailed_status, products):
|
||||
|
||||
#if no match, return False
|
||||
return False
|
||||
|
||||
def extend_cve_status(d):
|
||||
# do this only once in case multiple classes use this
|
||||
if d.getVar("CVE_STATUS_EXTENDED"):
|
||||
return
|
||||
d.setVar("CVE_STATUS_EXTENDED", "1")
|
||||
|
||||
# Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS
|
||||
cve_check_ignore = d.getVar("CVE_CHECK_IGNORE")
|
||||
if cve_check_ignore:
|
||||
bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS")
|
||||
for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
|
||||
d.setVarFlag("CVE_STATUS", cve, "ignored")
|
||||
|
||||
# Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once
|
||||
for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split():
|
||||
cve_group = d.getVar(cve_status_group)
|
||||
if cve_group is not None:
|
||||
for cve in cve_group.split():
|
||||
d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
|
||||
else:
|
||||
bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
|
||||
|
||||
Reference in New Issue
Block a user