* [PATCH] cve-check: Add allowlist that is same function of whitelist.
@ 2021-06-22 8:29 ito-yuichi
2021-06-22 16:35 ` [oe] " Khem Raj
0 siblings, 1 reply; 3+ messages in thread
From: ito-yuichi @ 2021-06-22 8:29 UTC (permalink / raw)
To: openembedded-devel
The Linux team plan to removed references to racially-charged jargon from
their code for more neutral and inclusive language.
So replace use of "whitelist" with "allowlist" in cve-check.
First, we add CVE_CHECK_ALLOWLIST and it is considered patched as well as
CVE_CHECK_WHITELIST.
We plan to replace about other word later and eventualy, replace all
"whitelist" to "allowlist".
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
---
meta/classes/cve-check.bbclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 112ee3379d..5e3441a783 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -52,6 +52,7 @@ CVE_CHECK_PN_WHITELIST ?= ""
# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
#
CVE_CHECK_WHITELIST ?= ""
+CVE_CHECK_ALLOWLIST ?= ""
# Layers to be excluded
CVE_CHECK_LAYER_EXCLUDELIST ??= ""
@@ -238,7 +239,7 @@ def check_cves(d, patched_cves):
old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
if old_cve_whitelist:
bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
- cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
+ cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() + d.getVar("CVE_CHECK_WHITELIST").split()
import sqlite3
db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [oe] [PATCH] cve-check: Add allowlist that is same function of whitelist.
2021-06-22 8:29 [PATCH] cve-check: Add allowlist that is same function of whitelist ito-yuichi
@ 2021-06-22 16:35 ` Khem Raj
2021-06-23 0:19 ` ito-yuichi
0 siblings, 1 reply; 3+ messages in thread
From: Khem Raj @ 2021-06-22 16:35 UTC (permalink / raw)
To: ito-yuichi, openembedded-devel
Thanks for the patch, you need to send to oe-core mailing list since
this class is part of core metadata.
On 6/22/21 1:29 AM, ito-yuichi@fujitsu.com wrote:
> The Linux team plan to removed references to racially-charged jargon from
> their code for more neutral and inclusive language.
> So replace use of "whitelist" with "allowlist" in cve-check.
>
> First, we add CVE_CHECK_ALLOWLIST and it is considered patched as well as
> CVE_CHECK_WHITELIST.
> We plan to replace about other word later and eventualy, replace all
> "whitelist" to "allowlist".
>
> Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
> ---
> meta/classes/cve-check.bbclass | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index 112ee3379d..5e3441a783 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -52,6 +52,7 @@ CVE_CHECK_PN_WHITELIST ?= ""
> # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
> #
> CVE_CHECK_WHITELIST ?= ""
> +CVE_CHECK_ALLOWLIST ?= ""
>
> # Layers to be excluded
> CVE_CHECK_LAYER_EXCLUDELIST ??= ""
> @@ -238,7 +239,7 @@ def check_cves(d, patched_cves):
> old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
> if old_cve_whitelist:
> bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
> - cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
> + cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() + d.getVar("CVE_CHECK_WHITELIST").split()
>
> import sqlite3
> db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
>
>
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [oe] [PATCH] cve-check: Add allowlist that is same function of whitelist.
2021-06-22 16:35 ` [oe] " Khem Raj
@ 2021-06-23 0:19 ` ito-yuichi
0 siblings, 0 replies; 3+ messages in thread
From: ito-yuichi @ 2021-06-23 0:19 UTC (permalink / raw)
To: 'Khem Raj', openembedded-devel
Hi Khem,
Sorry, I mistook send mailing list, and thank you for your advice.
> -----Original Message-----
> From: Khem Raj <raj.khem@gmail.com>
> Sent: Wednesday, June 23, 2021 1:35 AM
> To: Ito, Yuichi/伊藤 有一 <ito-yuichi@fujitsu.com>;
> openembedded-devel@lists.openembedded.org
> Subject: Re: [oe] [PATCH] cve-check: Add allowlist that is same function of
> whitelist.
>
> Thanks for the patch, you need to send to oe-core mailing list since this class
> is part of core metadata.
>
> On 6/22/21 1:29 AM, ito-yuichi@fujitsu.com wrote:
> > The Linux team plan to removed references to racially-charged jargon
> > from their code for more neutral and inclusive language.
> > So replace use of "whitelist" with "allowlist" in cve-check.
> >
> > First, we add CVE_CHECK_ALLOWLIST and it is considered patched as
> well
> > as CVE_CHECK_WHITELIST.
> > We plan to replace about other word later and eventualy, replace all
> > "whitelist" to "allowlist".
> >
> > Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
> > ---
> > meta/classes/cve-check.bbclass | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/meta/classes/cve-check.bbclass
> > b/meta/classes/cve-check.bbclass index 112ee3379d..5e3441a783 100644
> > --- a/meta/classes/cve-check.bbclass
> > +++ b/meta/classes/cve-check.bbclass
> > @@ -52,6 +52,7 @@ CVE_CHECK_PN_WHITELIST ?= ""
> > # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
> > #
> > CVE_CHECK_WHITELIST ?= ""
> > +CVE_CHECK_ALLOWLIST ?= ""
> >
> > # Layers to be excluded
> > CVE_CHECK_LAYER_EXCLUDELIST ??= ""
> > @@ -238,7 +239,7 @@ def check_cves(d, patched_cves):
> > old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
> > if old_cve_whitelist:
> > bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please
> use CVE_CHECK_WHITELIST.")
> > - cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
> > + cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() +
> > + d.getVar("CVE_CHECK_WHITELIST").split()
> >
> > import sqlite3
> > db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
> >
> >
> >
> >
> >
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-23 0:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-22 8:29 [PATCH] cve-check: Add allowlist that is same function of whitelist ito-yuichi
2021-06-22 16:35 ` [oe] " Khem Raj
2021-06-23 0:19 ` ito-yuichi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.