Re: [OE-core] [PATCH] cve-check: Fix report generation

From: Alex Kiernan <alex.kiernan@gmail.com>
To: "Ernst Sjöstrand" <ernstp@gmail.com>
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Patches and discussions about the oe-core layer
	<openembedded-core@lists.openembedded.org>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: Re: [OE-core] [PATCH] cve-check: Fix report generation
Date: Tue, 17 May 2022 09:26:11 +0100	[thread overview]
Message-ID: <CAO5Uq5QdkvN1tXf5uFZYeZyLoCrKoPVqTjmiG_0pdG2tJWWCmg@mail.gmail.com> (raw)
In-Reply-To: <CAD=4a=Wbmmui9iHMnYk4T9cutUnSmXXq_BBiaQcVmotY9CU_RQ@mail.gmail.com>

Tested-by: Alex Kiernan <alex.kiernan@gmail.com>

On Tue, May 17, 2022 at 8:55 AM Ernst Sjöstrand <ernstp@gmail.com> wrote:
>
> Reviewed-by: Ernst Sjöstrand <ernstp@gmail.com>
>
> Den tis 17 maj 2022 kl 08:01 skrev Marta Rybczynska <rybczynska@gmail.com>:
>>
>> The addition of summary output caused two issues: error when building
>> an image and the fact that JSON output was generated even when
>> CVE_CHECK_FORMAT_JSON.
>>
>> When generating an image it caused an error like:
>> ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python function in exec_func_python() autogenerated:
>>
>>   The stack trace of python calls that resulted in this exception/failure was:
>>   File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
>>        0001:
>>    *** 0002:cve_check_write_rootfs_manifest(d)
>>        0003:
>>   File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213, function: cve_check_write_rootfs_manifest
>>        0209:
>>        0210:        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
>>        0211:        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
>>        0212:        bb.note("Generating JSON CVE manifest")
>>    *** 0213:        generate_json_report(json_summary_name, json_summary_link_name)
>>        0214:        bb.plain("Image CVE JSON report stored in: %s" % link_path)
>>        0215:}
>>        0216:
>>        0217:ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
>>   Exception: NameError: name 'json_summary_name' is not defined
>>
>> The fix is to pass the d variable to the pure python function generate_json_report
>> to get correct values of variables and add conditions for the JSON
>> output where needed.
>>
>> In addition clarify the message presenting the summary JSON file,
>> which isn't related to an image.
>>
>> Uses partial fixes from Alex Kiernan, Ernst Sjöstrand (ernstp),
>> and Davide Gardenal.
>>
>> Fixes: f2987891d315 ("cve-check: add JSON format to summary output")
>>
>> Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
>> ---
>>  meta/classes/cve-check.bbclass | 18 ++++++++++--------
>>  1 file changed, 10 insertions(+), 8 deletions(-)
>>
>> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
>> index 24ddb865ea..7cd98ae462 100644
>> --- a/meta/classes/cve-check.bbclass
>> +++ b/meta/classes/cve-check.bbclass
>> @@ -79,7 +79,7 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
>>  # set to "alphabetical" for version using single alphabetical character as increment release
>>  CVE_VERSION_SUFFIX ??= ""
>>
>> -def generate_json_report(out_path, link_path):
>> +def generate_json_report(d, out_path, link_path):
>>      if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
>>          import json
>>          from oe.cve_check import cve_check_merge_jsons
>> @@ -127,10 +127,11 @@ python cve_save_summary_handler () {
>>                      os.remove(cvefile_link)
>>                  os.symlink(os.path.basename(cve_summary_file), cvefile_link)
>>
>> +    if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
>>          json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
>>          json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp))
>> -        generate_json_report(json_summary_name, json_summary_link_name)
>> -        bb.plain("CVE report summary created at: %s" % json_summary_link_name)
>> +        generate_json_report(d, json_summary_name, json_summary_link_name)
>> +        bb.plain("Complete CVE JSON report summary created at: %s" % json_summary_link_name)
>>  }
>>
>>  addhandler cve_save_summary_handler
>> @@ -207,11 +208,12 @@ python cve_check_write_rootfs_manifest () {
>>                  os.symlink(os.path.basename(manifest_name), manifest_link)
>>              bb.plain("Image CVE report stored in: %s" % manifest_name)
>>
>> -        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
>> -        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
>> -        bb.note("Generating JSON CVE manifest")
>> -        generate_json_report(json_summary_name, json_summary_link_name)
>> -        bb.plain("Image CVE JSON report stored in: %s" % link_path)
>> +        if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
>> +            link_path = os.path.join(deploy_dir, "%s.json" % link_name)
>> +            manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
>> +            bb.note("Generating JSON CVE manifest")
>> +            generate_json_report(d, manifest_path, link_path)
>> +            bb.plain("Image CVE JSON report stored in: %s" % link_path)
>>  }
>>
>>  ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
>> --
>> 2.33.0
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#165707): https://lists.openembedded.org/g/openembedded-core/message/165707
>> Mute This Topic: https://lists.openembedded.org/mt/91158052/4947266
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ernstp@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>


-- 
Alex Kiernan