[OE-core] [PATCH] cve-check: show whitelisted status
chee.yang.lee at intel.com
chee.yang.lee at intel.com
Fri Mar 6 02:27:26 UTC 2020
From: Chee Yang Lee <chee.yang.lee at intel.com>
change whitelisted CVE status from "Patched" to "Whitelisted".
[Yocto #13687]
Signed-off-by: Chee Yang Lee <chee.yang.lee at intel.com>
---
meta/classes/cve-check.bbclass | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 7412436..7f98da6 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -56,10 +56,10 @@ python do_cve_check () {
patched_cves = get_patches_cves(d)
except FileNotFoundError:
bb.fatal("Failure in searching patches")
- patched, unpatched = check_cves(d, patched_cves)
+ whitelisted, patched, unpatched = check_cves(d, patched_cves)
if patched or unpatched:
cve_data = get_cve_info(d, patched + unpatched)
- cve_write_data(d, patched, unpatched, cve_data)
+ cve_write_data(d, patched, unpatched, whitelisted, cve_data)
else:
bb.note("No CVE database found, skipping CVE check")
@@ -263,7 +263,7 @@ def check_cves(d, patched_cves):
conn.close()
- return (list(patched_cves), cves_unpatched)
+ return (list(cve_whitelist), list(patched_cves), cves_unpatched)
def get_cve_info(d, cves):
"""
@@ -287,7 +287,7 @@ def get_cve_info(d, cves):
conn.close()
return cve_data
-def cve_write_data(d, patched, unpatched, cve_data):
+def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
"""
Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and
CVE manifest if enabled.
@@ -303,7 +303,9 @@ def cve_write_data(d, patched, unpatched, cve_data):
write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV")
write_string += "CVE: %s\n" % cve
- if cve in patched:
+ if cve in whitelisted:
+ write_string += "CVE STATUS: Whitelisted\n"
+ elif cve in patched:
write_string += "CVE STATUS: Patched\n"
else:
unpatched_cves.append(cve)
--
2.7.4
More information about the Openembedded-core
mailing list