[PATCH] cve-check: Add allowlist that is same function of whitelist.

[PATCH] cve-check: Add allowlist that is same function of whitelist.

[ito-yuichi]

The Linux team plan to removed references to racially-charged jargon from
their code for more neutral and inclusive language.
So replace use of "whitelist" with "allowlist" in cve-check.

First, we add CVE_CHECK_ALLOWLIST and it is considered patched as well as
CVE_CHECK_WHITELIST.
We plan to replace about other word later and eventualy, replace all
"whitelist" to "allowlist".

Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
---
 meta/classes/cve-check.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 112ee3379d..5e3441a783 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -52,6 +52,7 @@ CVE_CHECK_PN_WHITELIST ?= ""
 # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
 #
 CVE_CHECK_WHITELIST ?= ""
+CVE_CHECK_ALLOWLIST ?= ""
 
 # Layers to be excluded
 CVE_CHECK_LAYER_EXCLUDELIST ??= ""
@@ -238,7 +239,7 @@ def check_cves(d, patched_cves):
     old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
     if old_cve_whitelist:
         bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
-    cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
+    cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() + d.getVar("CVE_CHECK_WHITELIST").split()
 
     import sqlite3
     db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
-- 
2.25.1

Re: [oe] [PATCH] cve-check: Add allowlist that is same function of whitelist.

[Khem Raj]

Thanks for the patch, you need to send to oe-core mailing list since 
this class is part of core metadata.

On 6/22/21 1:29 AM, ito-yuichi@fujitsu.com wrote:
> The Linux team plan to removed references to racially-charged jargon from
> their code for more neutral and inclusive language.
> So replace use of "whitelist" with "allowlist" in cve-check.
> 
> First, we add CVE_CHECK_ALLOWLIST and it is considered patched as well as
> CVE_CHECK_WHITELIST.
> We plan to replace about other word later and eventualy, replace all
> "whitelist" to "allowlist".
> 
> Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
> ---
>   meta/classes/cve-check.bbclass | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index 112ee3379d..5e3441a783 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -52,6 +52,7 @@ CVE_CHECK_PN_WHITELIST ?= ""
>   # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
>   #
>   CVE_CHECK_WHITELIST ?= ""
> +CVE_CHECK_ALLOWLIST ?= ""
>   
>   # Layers to be excluded
>   CVE_CHECK_LAYER_EXCLUDELIST ??= ""
> @@ -238,7 +239,7 @@ def check_cves(d, patched_cves):
>       old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
>       if old_cve_whitelist:
>           bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
> -    cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
> +    cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() + d.getVar("CVE_CHECK_WHITELIST").split()
>   
>       import sqlite3
>       db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
> 
> 
> 
> 
> 

Re: [oe] [PATCH] cve-check: Add allowlist that is same function of whitelist.

[ito-yuichi]

Hi Khem,

Sorry, I mistook send mailing list, and thank you for your advice.

> -----Original Message-----
> From: Khem Raj <raj.khem@gmail.com>
> Sent: Wednesday, June 23, 2021 1:35 AM
> To: Ito, Yuichi/伊藤 有一 <ito-yuichi@fujitsu.com>;
> openembedded-devel@lists.openembedded.org
> Subject: Re: [oe] [PATCH] cve-check: Add allowlist that is same function of
> whitelist.
> 
> Thanks for the patch, you need to send to oe-core mailing list since this class
> is part of core metadata.
> 
> On 6/22/21 1:29 AM, ito-yuichi@fujitsu.com wrote:
> > The Linux team plan to removed references to racially-charged jargon
> > from their code for more neutral and inclusive language.
> > So replace use of "whitelist" with "allowlist" in cve-check.
> >
> > First, we add CVE_CHECK_ALLOWLIST and it is considered patched as
> well
> > as CVE_CHECK_WHITELIST.
> > We plan to replace about other word later and eventualy, replace all
> > "whitelist" to "allowlist".
> >
> > Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
> > ---
> >   meta/classes/cve-check.bbclass | 3 ++-
> >   1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/meta/classes/cve-check.bbclass
> > b/meta/classes/cve-check.bbclass index 112ee3379d..5e3441a783 100644
> > --- a/meta/classes/cve-check.bbclass
> > +++ b/meta/classes/cve-check.bbclass
> > @@ -52,6 +52,7 @@ CVE_CHECK_PN_WHITELIST ?= ""
> >   # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
> >   #
> >   CVE_CHECK_WHITELIST ?= ""
> > +CVE_CHECK_ALLOWLIST ?= ""
> >
> >   # Layers to be excluded
> >   CVE_CHECK_LAYER_EXCLUDELIST ??= ""
> > @@ -238,7 +239,7 @@ def check_cves(d, patched_cves):
> >       old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
> >       if old_cve_whitelist:
> >           bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please
> use CVE_CHECK_WHITELIST.")
> > -    cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
> > +    cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() +
> > + d.getVar("CVE_CHECK_WHITELIST").split()
> >
> >       import sqlite3
> >       db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
> >
> >
> >
> > 
> >