From: Akash Hadke <akash.hadke@kpit.com>
To: openembedded-core@lists.openembedded.org
Cc: ranjitsinh.rathod@kpit.com, Akash Hadke <hadkeakash4@gmail.com>
Subject: [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves
Date: Wed, 11 May 2022 16:36:11 +0200 [thread overview]
Message-ID: <20220511143613.25002-1-akash.hadke@kpit.com> (raw)
Add new method get_ignored_cves in cve_check.py
to get ignored CVEs from recipe by excluding distro-wide
ignored CVEs from meta/conf/distro/include/cve-extra-exclusions.inc
While calling this method use below code to get argument values
paths = d.getVar('PATH').split(':')
cves = d.getVar('CVE_CHECK_IGNORE').split()
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
---
meta/lib/oe/cve_check.py | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index dc7d2e2826..d96d47b737 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -163,3 +163,41 @@ def cve_check_merge_jsons(output, data):
return
output["package"].append(data["package"][0])
+
+def get_ignored_cves(paths, cves):
+ """
+ Get ignored CVEs from the recipe and exlude the CVEs from
+ meta/conf/distro/include/cve-extra-exclusions.inc
+
+ While calling this method use below code to get argument values
+ paths = d.getVar('PATH').split(':')
+ cves = d.getVar('CVE_CHECK_IGNORE').split()
+ """
+ import os
+
+ cve_extra_exclusion_inc_file = "../meta/conf/distro/include/cve-extra-exclusions.inc"
+ for path in paths:
+ check_for_correct_file_path = os.path.join(path, cve_extra_exclusion_inc_file)
+ if os.path.isfile(check_for_correct_file_path):
+ inc_file = check_for_correct_file_path
+ else:
+ continue
+
+ cve_check_ignored = set()
+ ignored_cves = set()
+ with open(inc_file) as f:
+ lines = f.readlines()
+ for line in lines:
+ if line.strip():
+ # Ignore the comments from cve-extra-exclusions.inc
+ if not re.search("^#", line):
+ cve_match = re.findall(r'CVE\-\d{4}\-\d+', line)
+ for cve in cve_match:
+ ignored_cves.add(cve)
+
+ for cve in cves:
+ if cve not in ignored_cves:
+ cve_check_ignored.add(cve)
+ ignored_cves_from_recipe = " ".join(cve_check_ignored)
+
+ return ignored_cves_from_recipe
--
2.17.1
next reply other threads:[~2022-05-11 14:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-11 14:36 Akash Hadke [this message]
2022-05-11 14:36 ` [poky][master][PATCH 2/3] cve-export.bbclass: Add a new class to get patched and ignored CVEs from the build Akash Hadke
2022-05-11 14:36 ` [poky][master][PATCH 3/3] cve_export.py: Add new selftest for cve-export.bbclass Akash Hadke
2022-05-17 9:12 ` [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves Marta Rybczynska
2022-05-17 11:42 ` Akash Hadke
2022-05-17 13:33 ` Marta Rybczynska
2022-05-17 13:51 ` akash hadke
2022-05-17 14:19 ` [OE-core] " richard.purdie
2022-05-18 9:46 ` akash hadke
2022-05-18 10:33 ` [OE-core] " richard.purdie
2022-05-18 11:58 ` Marta Rybczynska
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220511143613.25002-1-akash.hadke@kpit.com \
--to=akash.hadke@kpit.com \
--cc=hadkeakash4@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ranjitsinh.rathod@kpit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox