diff options
| author |   Lee Chee Yang <chee.yang.lee@intel.com> | 2021-01-29 11:51:15 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-30 10:38:49 +0000 |
| commit | 5dfd5ad5144708b474ef31eaa89a846c57be8ac0 (patch) | |
| tree | 9e40a44aa3ca920d8790c4346072d0fbb6d44821 /meta/classes | |
| parent | c5a6cc4146402620851e2a1f2b01d69989150ba2 (diff) | |
| download | openembedded-core-contrib-5dfd5ad5144708b474ef31eaa89a846c57be8ac0.tar.gz | |
cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning
add CVE_VERSION_SUFFIX to indicate the version suffix type, currently
works in two value, "alphabetical" if the version string uses single
alphabetical character suffix as incremental release, blank to not
consider the unidentified suffixes. This can be expand when more suffix
pattern identified.
refactor cve_check.Version class to use functools and add parameter to
handle suffix condition.
Also update testcases to cover new changes.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 646cc879dd..ed86403b6b 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -53,6 +53,9 @@ CVE_CHECK_PN_WHITELIST ?= "" # CVE_CHECK_WHITELIST ?= "" +# set to "alphabetical" for version using single alphabetical character as increament release +CVE_VERSION_SUFFIX ??= "" + python cve_save_summary_handler () { import shutil import datetime @@ -210,6 +213,7 @@ def check_cves(d, patched_cves): pn = d.getVar("PN") real_pv = d.getVar("PV") + suffix = d.getVar("CVE_VERSION_SUFFIX") cves_unpatched = [] # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) @@ -263,8 +267,8 @@ def check_cves(d, patched_cves): else: if operator_start: try: - vulnerable_start = (operator_start == '>=' and Version(pv) >= Version(version_start)) - vulnerable_start |= (operator_start == '>' and Version(pv) > Version(version_start)) + vulnerable_start = (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix)) + vulnerable_start |= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix)) except: bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_start, version_start, cve)) @@ -274,8 +278,8 @@ def check_cves(d, patched_cves): if operator_end: try: - vulnerable_end = (operator_end == '<=' and Version(pv) <= Version(version_end) ) - vulnerable_end |= (operator_end == '<' and Version(pv) < Version(version_end) ) + vulnerable_end = (operator_end == '<=' and Version(pv,suffix) <= Version(version_end,suffix) ) + vulnerable_end |= (operator_end == '<' and Version(pv,suffix) < Version(version_end,suffix) ) except: bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_end, version_end, cve)) |