diff options
author | Ross Burton <ross@burtonini.com> | 2020-11-19 10:38:09 +0000 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2020-11-25 23:02:35 +0800 |
commit | 62e07072bbeeebfead34bbdb04e75cff1c4ef1e1 (patch) | |
tree | f4ecd6e08e5730e741f5c1727df50d7146f3cdd8 | |
parent | 881986b4032d893464dbcbd7e7e114b454af0a1b (diff) | |
download | openembedded-core-contrib-62e07072bbeeebfead34bbdb04e75cff1c4ef1e1.tar.gz |
cve-check: show real PN/PV
The output currently shows the remapped product and version fields,
which may not be the actual recipe name/version. As this report is about
recipes, use the real values.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 18827d7f40db4a4f92680bd59ca655cca373ad65)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r-- | meta/classes/cve-check.bbclass | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 25cefda92e..d843e7c4ac 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -208,6 +208,9 @@ def check_cves(d, patched_cves): """ from distutils.version import LooseVersion + pn = d.getVar("PN") + real_pv = d.getVar("PV") + cves_unpatched = [] # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) products = d.getVar("CVE_PRODUCT").split() @@ -217,7 +220,7 @@ def check_cves(d, patched_cves): pv = d.getVar("CVE_VERSION").split("+git")[0] # If the recipe has been whitlisted we return empty lists - if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): + if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split(): bb.note("Recipe has been whitelisted, skipping check") return ([], [], []) @@ -286,12 +289,12 @@ def check_cves(d, patched_cves): vulnerable = vulnerable_start or vulnerable_end if vulnerable: - bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) + bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) cves_unpatched.append(cve) break if not vulnerable: - bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) + bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) # TODO: not patched but not vulnerable patched_cves.add(cve) |