cve-check: add include/exclude layers

author akuster <akuster808@gmail.com>

Mon, 8 Feb 2021 05:51:30 +0000 (05:51 +0000)

committer Steve Sakoman <steve@sakoman.com>

Mon, 16 Aug 2021 14:41:07 +0000 (04:41 -1000)
author akuster <akuster808@gmail.com>
Mon, 8 Feb 2021 05:51:30 +0000 (05:51 +0000)
committer Steve Sakoman <steve@sakoman.com>
Mon, 16 Aug 2021 14:41:07 +0000 (04:41 -1000)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass

index 8086cf05e9cb72cdc438a6c9a8187c6bf75bece5..8e7e3c60ff4eeedc96836d7f97c853e510675abe 100644 (file)
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
  #
  CVE_CHECK_WHITELIST ?= ""
  
+# Layers to be excluded
+CVE_CHECK_LAYER_EXCLUDELIST ??= ""
+
+# Layers to be included 
+CVE_CHECK_LAYER_INCLUDELIST ??= ""
+
+
  # set to "alphabetical" for version using single alphabetical character as increament release
  CVE_VERSION_SUFFIX ??= ""
  
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
      CVE manifest if enabled.
      """
  
+
      cve_file = d.getVar("CVE_CHECK_LOG")
      fdir_name  = d.getVar("FILE_DIRNAME")
      layer = fdir_name.split("/")[-3]
  
+    include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
+    exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
+
+    if exclude_layers and layer in exclude_layers:
+        return
+
+    if include_layers and layer not in include_layers:
+        return
+
      nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
      write_string = ""
      unpatched_cves = []
author	akuster <akuster808@gmail.com>
	Mon, 8 Feb 2021 05:51:30 +0000 (05:51 +0000)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 16 Aug 2021 14:41:07 +0000 (04:41 -1000)