From: Matt Weber <matthew.weber@rockwellcollins.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v5 0/7] CPE ID Support
Date: Thu, 17 May 2018 22:13:13 -0500 [thread overview]
Message-ID: <1526613200-48452-1-git-send-email-matthew.weber@rockwellcollins.com> (raw)
This series begins adding CPE identifier support to Buildroot. The
intent is to establish and maintain a baseline of CPE IDs, one for each
package. Each of these IDs ties back to a NIST database entry for the
respective piece of software, which is linked to specific vunderabilities.
Within Buildroot, a CPE report can be generated (like legal-info) that
captures a target build's list of CPE IDs. This report can then be
checked for validity using the new support/scripts/cpe-report or another
third party tool. The script uses a new cpedb.py helper to search and
identify the validity of the CPE strings.
The pkgstats script has been extended to provide CPE ID checking of
matching/requires update/new as part of its html output. It also uses
the new cpedb.py helper.
As part of testing this series, the following branch contains a series
of fixups required to make these specific packages match the database.
(I can submit these to the mailing list but there are ~70 of them)
https://github.com/rc-matthew-l-weber/buildroot/tree/cpe-info-github
Commit 14c3ee6 to 567732d
A follow-on patchset will be submitted adding support for pkgstat generation
of CPE updates in XML and Buildroot manual updates for guidance on submission
of those XML database updates to the NIST organization. (We'd like to get
feedback on this series first to save us effort on the update XML stuff)
Matt Weber (7):
cpe-info: new make target
cpe-info: id prefix/suffix
cpe-info: only report target pkgs
cpe-info: update manual for new pkg vars
support/scripts/cpedb.py: new CPE XML helper
support/scripts/pkg-stats: add CPE reporting
support/scripts/cpe-report: new script
Makefile | 17 ++++-
docs/manual/adding-packages-generic.txt | 117 ++++++++++++++++++++------------
package/Makefile.in | 4 ++
package/pkg-generic.mk | 21 ++++++
package/pkg-utils.mk | 8 +++
support/scripts/cpe-report | 53 +++++++++++++++
support/scripts/cpedb.py | 52 ++++++++++++++
support/scripts/pkg-stats | 80 ++++++++++++++++++++--
8 files changed, 302 insertions(+), 50 deletions(-)
create mode 100755 support/scripts/cpe-report
create mode 100644 support/scripts/cpedb.py
--
1.9.1
next reply other threads:[~2018-05-18 3:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-18 3:13 Matt Weber [this message]
2018-05-18 3:13 ` [Buildroot] [PATCH v5 1/7] cpe-info: new make target Matt Weber
2018-05-18 3:13 ` [Buildroot] [PATCH v5 2/7] cpe-info: id prefix/suffix Matt Weber
2018-05-18 3:13 ` [Buildroot] [PATCH v5 3/7] cpe-info: only report target pkgs Matt Weber
2018-05-18 3:13 ` [Buildroot] [PATCH v5 4/7] cpe-info: update manual for new pkg vars Matt Weber
2018-05-18 3:13 ` [Buildroot] [PATCH v5 5/7] support/scripts/cpedb.py: new CPE XML helper Matt Weber
2018-05-18 3:13 ` [Buildroot] [PATCH v5 6/7] support/scripts/pkg-stats: add CPE reporting Matt Weber
2018-05-18 7:13 ` Thomas Petazzoni
2018-05-18 13:05 ` Matthew Weber
2018-05-18 3:13 ` [Buildroot] [PATCH v5 7/7] support/scripts/cpe-report: new script Matt Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1526613200-48452-1-git-send-email-matthew.weber@rockwellcollins.com \
--to=matthew.weber@rockwellcollins.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.