diff options
Diffstat (limited to 'poky/meta/classes/cve-check.bbclass')
-rw-r--r-- | poky/meta/classes/cve-check.bbclass | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index c00d2910b..1c8b2223a 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -208,19 +208,21 @@ def check_cves(d, patched_cves): if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) + # TODO: this should be in the report as 'whitelisted' + patched_cves.add(cve) elif cve in patched_cves: bb.note("%s has been patched" % (cve)) else: to_append = False if (operator_start == '=' and pv == version_start): - cves_unpatched.append(cve) + to_append = True else: if operator_start: try: to_append_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start)) to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start)) except: - bb.note("%s: Failed to compare %s %s %s for %s" % + bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_start, version_start, cve)) to_append_start = False else: @@ -231,7 +233,7 @@ def check_cves(d, patched_cves): to_append_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end)) to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end)) except: - bb.note("%s: Failed to compare %s %s %s for %s" % + bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_end, version_end, cve)) to_append_end = False else: @@ -243,8 +245,11 @@ def check_cves(d, patched_cves): to_append = to_append_start or to_append_end if to_append: + bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) cves_unpatched.append(cve) - bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve)) + else: + bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) + patched_cves.add(cve) conn.close() return (list(patched_cves), cves_unpatched) |