From: Marta Rybczynska <rybczynska@gmail.com>
To: Akash Hadke <Akash.Hadke@kpit.com>
Cc: OE-core <openembedded-core@lists.openembedded.org>,
Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com>,
Akash Hadke <hadkeakash4@gmail.com>
Subject: Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves
Date: Tue, 17 May 2022 15:33:41 +0200 [thread overview]
Message-ID: <CAApg2=Rz9VaHE2EVOS9aVJ2B-1vnN9Opbqv-p26w_YqLRMdCgg@mail.gmail.com> (raw)
In-Reply-To: <PN3PR01MB67120A503C169C733A3C0A888ECE9@PN3PR01MB6712.INDPRD01.PROD.OUTLOOK.COM>
On Tue, May 17, 2022 at 1:42 PM Akash Hadke <Akash.Hadke@kpit.com> wrote:
>
> Hello Marta,
>
> Actually, I wanted to add the ignored and patched CVEs in buildhistory and for that purpose, I am exporting variables CVE_IGNORED and CVE_PATCHED with those values. I don't want to use cve-check.bbclass as it checks for the CVEs from the NVD database, and I only want to get ignored and patched CVEs from the recipe.
Hello again Akash,
What you'd like to do is to see the difference in ignored and patched
CVEs in buildhistory? Do I get it right?
>
> Regarding meta/conf/distro/include/cve-extra-exclusions.inc if any project includes it then CVEs that are ignored in cve-extra-exclusions.inc will get shown for each recipe in the CVE_CHECK_IGNORED list even though the CVEs are not related to that component recipe. Hence, I have did the changes to exclude CVEs from cve-extra-exclusions.inc
I think I understand the idea. The point I'm making is that if someone
does not include the cve-extra-exclusions.inc in their distro, the
code will still use it and filter out CVEs they still see when doing
cve-check.
Kind regards,
Marta
>
> Best Regards,
> Akash
> ________________________________
> From: Marta Rybczynska <rybczynska@gmail.com>
> Sent: 17 May 2022 14:42
> To: Akash Hadke <Akash.Hadke@kpit.com>
> Cc: OE-core <openembedded-core@lists.openembedded.org>; Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com>; Akash Hadke <hadkeakash4@gmail.com>
> Subject: Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves
>
> Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> On Wed, May 11, 2022 at 4:37 PM akash hadke via lists.openembedded.org
> <akash.hadke=kpit.com@lists.openembedded.org> wrote:
> >
> > Add new method get_ignored_cves in cve_check.py
> > to get ignored CVEs from recipe by excluding distro-wide
> > ignored CVEs from meta/conf/distro/include/cve-extra-exclusions.inc
> >
> > While calling this method use below code to get argument values
> > paths = d.getVar('PATH').split(':')
> > cves = d.getVar('CVE_CHECK_IGNORE').split()
> >
>
> Hello Akash,
> While looking into this patch set I'm wondering what is your use case.
> It seems to be to get a list
> of ignored and patched CVEs. This is already available from the
> cve-check output or from the create-spdx
> output after some parsing. With the new JSON format for cve-check it
> becomes very easy. If you could
> elaborate more on the way you plan to use this data, I'm pretty sure
> we can come with a simple
> post-processing script to do the same.
>
> BTW Why do assume people always include
> meta/conf/distro/include/cve-extra-exclusions.inc ?
> We don't do that at Oniro and we use our own judgement on outstanding CVEs.
>
> Regards,
> Marta
next prev parent reply other threads:[~2022-05-17 13:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-11 14:36 [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves Akash Hadke
2022-05-11 14:36 ` [poky][master][PATCH 2/3] cve-export.bbclass: Add a new class to get patched and ignored CVEs from the build Akash Hadke
2022-05-11 14:36 ` [poky][master][PATCH 3/3] cve_export.py: Add new selftest for cve-export.bbclass Akash Hadke
2022-05-17 9:12 ` [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves Marta Rybczynska
2022-05-17 11:42 ` Akash Hadke
2022-05-17 13:33 ` Marta Rybczynska [this message]
2022-05-17 13:51 ` akash hadke
2022-05-17 14:19 ` [OE-core] " richard.purdie
2022-05-18 9:46 ` akash hadke
2022-05-18 10:33 ` [OE-core] " richard.purdie
2022-05-18 11:58 ` Marta Rybczynska
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAApg2=Rz9VaHE2EVOS9aVJ2B-1vnN9Opbqv-p26w_YqLRMdCgg@mail.gmail.com' \
--to=rybczynska@gmail.com \
--cc=Akash.Hadke@kpit.com \
--cc=Ranjitsinh.Rathod@kpit.com \
--cc=hadkeakash4@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.