From: Akash Hadke <akash.hadke@kpit.com>
To: openembedded-core@lists.openembedded.org
Cc: ranjitsinh.rathod@kpit.com, Akash Hadke <hadkeakash4@gmail.com>
Subject: [poky][master][PATCH 2/3] cve-export.bbclass: Add a new class to get patched and ignored CVEs from the build
Date: Wed, 11 May 2022 16:36:12 +0200 [thread overview]
Message-ID: <20220511143613.25002-2-akash.hadke@kpit.com> (raw)
In-Reply-To: <20220511143613.25002-1-akash.hadke@kpit.com>
This class executes an anonymous function which sets the
below variables
CVE_IGNORED = CVEs that are ignored in recipes
CVE_PATCHED = CVEs that are fixed by applying patches
It does not consider CVEs that are ignored in
poky/meta/conf/distro/include/cve-extra-exclusions.inc
and only provide CVEs that are ignored in the recipe.
Default values are set for CVE_PRODUCT and CVE_VERSION
to BPN and PV respectively.
Considered setting these values so that anyone can get
below information about the CVE from the build.
CVE_PRODUCT
CVE_VERSION
CVE_IGNORED
CVE_PATCHED
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
---
meta/classes/cve-export.bbclass | 37 +++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 meta/classes/cve-export.bbclass
diff --git a/meta/classes/cve-export.bbclass b/meta/classes/cve-export.bbclass
new file mode 100644
index 0000000000..5ed5760970
--- /dev/null
+++ b/meta/classes/cve-export.bbclass
@@ -0,0 +1,37 @@
+# This class is used to get patched and ignored CVEs from the build
+#
+# To use this class inherit it in the local.conf file.
+#
+# It executes an anonymous function which sets below variables
+#
+# CVE_IGNORED = CVEs those are ignored in recipes
+# CVE_PATCHED = CVEs those are fixed by applying patches
+#
+# It does not consider all the CVEs that are ignored in
+# poky/meta/conf/distro/include/cve-extra-exclusions.inc
+# and only provide CVEs that are ignored in the recipe.
+#
+# The product name sets default to BPN and version sets default to
+# PV but it can be overriden per recipe, to get the value of
+# product and version use d.getVar()
+
+CVE_PRODUCT ??= "${BPN}"
+CVE_VERSION ??= "${PV}"
+CVE_CHECK_IGNORE ?= ""
+
+python __anonymous () {
+ import re
+ from oe.cve_check import get_patched_cves
+ from oe.cve_check import get_ignored_cves
+
+ # Check if cve-extra-exclusions.inc file is included or not
+ if re.search('cve-extra-exclusions.inc', d.getVar('BBINCLUDED')):
+ paths = d.getVar('PATH').split(':')
+ cves = d.getVar('CVE_CHECK_IGNORE').split()
+ ignored_cves = get_ignored_cves(paths, cves)
+ else:
+ ignored_cves = " ".join(d.getVar('CVE_CHECK_IGNORE'))
+
+ d.setVar('CVE_IGNORED', ignored_cves)
+ d.setVar('CVE_PATCHED', " ".join(get_patched_cves(d)))
+}
--
2.17.1
next prev parent reply other threads:[~2022-05-11 14:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-11 14:36 [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves Akash Hadke
2022-05-11 14:36 ` Akash Hadke [this message]
2022-05-11 14:36 ` [poky][master][PATCH 3/3] cve_export.py: Add new selftest for cve-export.bbclass Akash Hadke
2022-05-17 9:12 ` [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves Marta Rybczynska
2022-05-17 11:42 ` Akash Hadke
2022-05-17 13:33 ` Marta Rybczynska
2022-05-17 13:51 ` akash hadke
2022-05-17 14:19 ` [OE-core] " richard.purdie
2022-05-18 9:46 ` akash hadke
2022-05-18 10:33 ` [OE-core] " richard.purdie
2022-05-18 11:58 ` Marta Rybczynska
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220511143613.25002-2-akash.hadke@kpit.com \
--to=akash.hadke@kpit.com \
--cc=hadkeakash4@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ranjitsinh.rathod@kpit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.