diff options
Diffstat (limited to 'poky/meta/classes/cve-check.bbclass')
-rw-r--r-- | poky/meta/classes/cve-check.bbclass | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 6c04ff9f09..d715fbf4d8 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -44,14 +44,14 @@ CVE_CHECK_CREATE_MANIFEST ??= "1" CVE_CHECK_REPORT_PATCHED ??= "1" # Whitelist for packages (PN) -CVE_CHECK_PN_WHITELIST ?= "" +CVE_CHECK_SKIP_RECIPE ?= "" # Whitelist for CVE. If a CVE is found, then it is considered patched. # The value is a string containing space separated CVE values: # -# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234' +# CVE_CHECK_IGNORE = 'CVE-2014-2524 CVE-2018-1234' # -CVE_CHECK_WHITELIST ?= "" +CVE_CHECK_IGNORE ?= "" # Layers to be excluded CVE_CHECK_LAYER_EXCLUDELIST ??= "" @@ -144,6 +144,7 @@ python cve_check_write_rootfs_manifest () { manifest_name = d.getVar("CVE_CHECK_MANIFEST") cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") + bb.utils.mkdirhier(os.path.dirname(manifest_name)) shutil.copyfile(cve_tmp_file, manifest_name) if manifest_name and os.path.exists(manifest_name): @@ -177,11 +178,11 @@ def check_cves(d, patched_cves): pv = d.getVar("CVE_VERSION").split("+git")[0] # If the recipe has been whitelisted we return empty lists - if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split(): + if pn in d.getVar("CVE_CHECK_SKIP_RECIPE").split(): bb.note("Recipe has been whitelisted, skipping check") return ([], [], []) - cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split() + cve_whitelist = d.getVar("CVE_CHECK_IGNORE").split() import sqlite3 db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") @@ -264,7 +265,8 @@ def get_cve_info(d, cves): import sqlite3 cve_data = {} - conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) + db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") + conn = sqlite3.connect(db_file, uri=True) for cve in cves: for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): |