sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity

cve-check.bbclass: make warning contain CVE IDs 

When warning users about unpatched CVE, we'd better put CVE IDs into
the warning message, so that it would be more straight forward for the
user to know which CVEs are not patched.

So instead of:
  WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check /path/to/workdir/cve/cve.log.
We should have:
  WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check /path/to/workdir/cve/cve.log.

(From OE-Core rev: ad46069e7b58f2fba373131716f28407816fa1a6)

(From OE-Core rev: e0e1414a4574d4165a8dc5d0d9d0d5b5a660355f)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Chen Qi 2017-05-09 17:31:36 +08:00 committed by Richard Purdie
parent bc45d3a86b
commit d2586b6fde
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
meta/classes/cve-check.bbclass
View File

@ -234,7 +234,7 @@ def cve_write_data(d, patched, unpatched, cve_data):
cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
write_string = ""
first_alert = True
unpatched_cves = []
bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
for cve in sorted(cve_data):
@ -244,15 +244,16 @@ def cve_write_data(d, patched, unpatched, cve_data):
if cve in patched:
write_string += "CVE STATUS: Patched\n"
else:
unpatched_cves.append(cve)
write_string += "CVE STATUS: Unpatched\n"
if first_alert:
bb.warn("Found unpatched CVE, for more information check %s" % cve_file)
first_alert = False
write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
if unpatched_cves:
bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
with open(cve_file, "w") as f:
bb.note("Writing file %s with CVE information" % cve_file)
f.write(write_string)