All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 08/14] cve-check: add JSON format to summary output
Date: Wed, 11 May 2022 08:19:27 -1000	[thread overview]
Message-ID: <d8ef964ffeb92684d01d71c983af9dbb1e1b0c4f.1652292852.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1652292852.git.steve@sakoman.com>

From: Davide Gardenal <davidegarde2000@gmail.com>

Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON format.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 51 ++++++++++++++++++++++------------
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 41b4eb2dbf..350ed8ec39 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -75,6 +75,30 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
 # set to "alphabetical" for version using single alphabetical character as increment release
 CVE_VERSION_SUFFIX ??= ""
 
+def generate_json_report(out_path, link_path):
+    if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
+        import json
+        from oe.cve_check import cve_check_merge_jsons
+
+        bb.note("Generating JSON CVE summary")
+        index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
+        summary = {"version":"1", "package": []}
+        with open(index_file) as f:
+            filename = f.readline()
+            while filename:
+                with open(filename.rstrip()) as j:
+                    data = json.load(j)
+                    cve_check_merge_jsons(summary, data)
+                filename = f.readline()
+
+        with open(out_path, "w") as f:
+            json.dump(summary, f, indent=2)
+
+        if link_path != out_path:
+            if os.path.exists(os.path.realpath(link_path)):
+                os.remove(link_path)
+            os.symlink(os.path.basename(out_path), link_path)
+
 python cve_save_summary_handler () {
     import shutil
     import datetime
@@ -97,6 +121,11 @@ python cve_save_summary_handler () {
             if os.path.exists(os.path.realpath(cvefile_link)):
                 os.remove(cvefile_link)
             os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+
+        json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
+        json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp))
+        generate_json_report(json_summary_name, json_summary_link_name)
+        bb.plain("CVE report summary created at: %s" % json_summary_link_name)
 }
 
 addhandler cve_save_summary_handler
@@ -170,25 +199,11 @@ python cve_check_write_rootfs_manifest () {
             os.symlink(os.path.basename(manifest_name), manifest_link)
             bb.plain("Image CVE report stored in: %s" % manifest_name)
 
-    if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
-        import json
+        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
         bb.note("Generating JSON CVE manifest")
-        deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
-        link_name = d.getVar("IMAGE_LINK_NAME")
-        manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
-        index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
-        manifest = {"version":"1", "package": []}
-        with open(index_file) as f:
-            filename = f.readline()
-            while filename:
-                with open(filename.rstrip()) as j:
-                    data = json.load(j)
-                    cve_check_merge_jsons(manifest, data)
-                filename = f.readline()
-
-        with open(manifest_name, "w") as f:
-            json.dump(manifest, f, indent=2)
-        bb.plain("Image CVE report stored in: %s" % manifest_name)
+        generate_json_report(json_summary_name, json_summary_link_name)
+        bb.plain("Image CVE JSON report stored in: %s" % link_path)
 }
 
 ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
-- 
2.25.1



  parent reply	other threads:[~2022-05-11 18:20 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 03/14] busybox: fix CVE-2022-28391 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval Steve Sakoman
2022-05-11 18:19 ` Steve Sakoman [this message]
2022-05-11 18:19 ` [OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 12/14] base: Avoid circular references to our own scripts Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 13/14] scripts: Make git intercept global Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d8ef964ffeb92684d01d71c983af9dbb1e1b0c4f.1652292852.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.