[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core] [PATCH] cve-check: don't warn if a patch is remote
From: "Ross Burton" <ross.burton () arm ! com>
Date: 2023-10-31 18:36:41
Message-ID: 20231031183641.62514-1-ross.burton () arm ! com
[Download RAW message or body]
Content-Transfer-Encoding: quoted-printable
From: Ross Burton <ross.burton@arm.com>
We don't make do_cve_check depend on do_unpack because that would be a
waste of time 99% of the time. The compromise here is that we can't
scan remote patches for issues, but this isn't a problem so downgrade
the warning to a note.
Also move the check for CVEs in the filename before the local file check
so that even with remote patches, we still check for CVE references in
the name.
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
meta/lib/oe/cve_check.py | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index c0ab22d25ea..3fa77bf9a71 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -95,11 +95,6 @@ def get_patched_cves(d):
for url in oe.patch.src_patches(d):
patch_file = bb.fetch.decodeurl(url)[2]
- # Remote compressed patches may not be unpacked, so silently ignore them
- if not os.path.isfile(patch_file):
- bb.warn("%s does not exist, cannot extract CVE list" % patch_file)
- continue
-
# Check patch file name for CVE ID
fname_match = cve_file_name_match.search(patch_file)
if fname_match:
@@ -107,6 +102,12 @@ def get_patched_cves(d):
patched_cves.add(cve)
bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
+ # Remote patches won't be present and compressed patches won't be
+ # unpacked, so say we're not scanning them
+ if not os.path.isfile(patch_file):
+ bb.note("%s is remote or compressed, not scanning content" % patch_file)
+ continue
+
with open(patch_file, "r", encoding="utf-8") as f:
try:
patch_text = f.read()
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189868): https://lists.openembedded.org/g/openembedded-core/message/189868
Mute This Topic: https://lists.openembedded.org/mt/102304042/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic