The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and
CVE_STATUS_GROUPS is used on multiple places.
Create a library function to have the code on single place and ready for
reuse by additional classes.
Conflicts:
meta/classes/cve-check.bbclass
meta/lib/oe/cve_check.py
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit
45e18f4270d084d81c21b1e5a4a601ce975d8a77)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE_VERSION_SUFFIX ??= ""
python () {
- # Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS
- cve_check_ignore = d.getVar("CVE_CHECK_IGNORE")
- if cve_check_ignore:
- bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS")
- for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
- d.setVarFlag("CVE_STATUS", cve, "ignored")
-
- # Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once
- for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split():
- cve_group = d.getVar(cve_status_group)
- if cve_group is not None:
- for cve in cve_group.split():
- d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
- else:
- bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
+ from oe.cve_check import extend_cve_status
+ extend_cve_status(d)
}
def generate_json_report(d, out_path, link_path):
if bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skipping recipe: found incompatible combination of cve-check and vex enabled at the same time.")
- # Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS
- cve_check_ignore = d.getVar("CVE_CHECK_IGNORE")
- if cve_check_ignore:
- bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS")
- for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
- d.setVarFlag("CVE_STATUS", cve, "ignored")
-
- # Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once
- for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split():
- cve_group = d.getVar(cve_status_group)
- if cve_group is not None:
- for cve in cve_group.split():
- d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
- else:
- bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
+ from oe.cve_check import extend_cve_status
+ extend_cve_status(d)
}
def generate_json_report(d, out_path, link_path):
status_mapping = "Unpatched"
return (status_mapping, detail, description)
+
+def extend_cve_status(d):
+ # do this only once in case multiple classes use this
+ if d.getVar("CVE_STATUS_EXTENDED"):
+ return
+ d.setVar("CVE_STATUS_EXTENDED", "1")
+
+ # Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS
+ cve_check_ignore = d.getVar("CVE_CHECK_IGNORE")
+ if cve_check_ignore:
+ bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS")
+ for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
+ d.setVarFlag("CVE_STATUS", cve, "ignored")
+
+ # Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once
+ for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split():
+ cve_group = d.getVar(cve_status_group)
+ if cve_group is not None:
+ for cve in cve_group.split():
+ d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
+ else:
+ bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
