[oe-commits] [openembedded-core] 02/10: cve-check.bbclass: make warning contain CVE IDs
git at git.openembedded.org
git at git.openembedded.org
Mon Jun 5 22:30:43 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch pyro
in repository openembedded-core.
commit e0e1414a4574d4165a8dc5d0d9d0d5b5a660355f
Author: Chen Qi <Qi.Chen at windriver.com>
AuthorDate: Tue May 9 17:31:36 2017 +0800
cve-check.bbclass: make warning contain CVE IDs
When warning users about unpatched CVE, we'd better put CVE IDs into
the warning message, so that it would be more straight forward for the
user to know which CVEs are not patched.
So instead of:
WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check /path/to/workdir/cve/cve.log.
We should have:
WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check /path/to/workdir/cve/cve.log.
(From OE-Core rev: ad46069e7b58f2fba373131716f28407816fa1a6)
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/classes/cve-check.bbclass | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0e4294f..3a9e227 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -234,7 +234,7 @@ def cve_write_data(d, patched, unpatched, cve_data):
cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
write_string = ""
- first_alert = True
+ unpatched_cves = []
bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
for cve in sorted(cve_data):
@@ -244,15 +244,16 @@ def cve_write_data(d, patched, unpatched, cve_data):
if cve in patched:
write_string += "CVE STATUS: Patched\n"
else:
+ unpatched_cves.append(cve)
write_string += "CVE STATUS: Unpatched\n"
- if first_alert:
- bb.warn("Found unpatched CVE, for more information check %s" % cve_file)
- first_alert = False
write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
+ if unpatched_cves:
+ bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
+
with open(cve_file, "w") as f:
bb.note("Writing file %s with CVE information" % cve_file)
f.write(write_string)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list