1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

cve-check: extract extending CVE_STATUS to library function

The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and
CVE_STATUS_GROUPS is used on multiple places.
Create a library funtion to have the code on single place and ready for
reuse by additional classes.

(From OE-Core rev: 45e18f4270d084d81c21b1e5a4a601ce975d8a77)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2025-04-17 11:34:56 +02:00
committed by Richard Purdie
parent f68e3e49d4
commit 9fd08fcd94
3 changed files with 26 additions and 30 deletions
+22
View File
@@ -354,3 +354,25 @@ def has_cve_product_match(detailed_status, products):
#if no match, return False
return False
def extend_cve_status(d):
# do this only once in case multiple classes use this
if d.getVar("CVE_STATUS_EXTENDED"):
return
d.setVar("CVE_STATUS_EXTENDED", "1")
# Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS
cve_check_ignore = d.getVar("CVE_CHECK_IGNORE")
if cve_check_ignore:
bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS")
for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
d.setVarFlag("CVE_STATUS", cve, "ignored")
# Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once
for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split():
cve_group = d.getVar(cve_status_group)
if cve_group is not None:
for cve in cve_group.split():
d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
else:
bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)