From: Ross Burton Date: Thu, 19 Nov 2020 10:38:09 +0000 (+0000) Subject: cve-check: show real PN/PV X-Git-Tag: 2020-04.5-dunfell~110 X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=2618eedbafc408c41479e63dac88a9b5bab461fc;p=openembedded-core.git cve-check: show real PN/PV The output currently shows the remapped product and version fields, which may not be the actual recipe name/version. As this report is about recipes, use the real values. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 18827d7f40db4a4f92680bd59ca655cca373ad65) Signed-off-by: Steve Sakoman --- diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 17f64a8a9c..669da6c8e9 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -205,6 +205,9 @@ def check_cves(d, patched_cves): """ from distutils.version import LooseVersion + pn = d.getVar("PN") + real_pv = d.getVar("PV") + cves_unpatched = [] # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) products = d.getVar("CVE_PRODUCT").split() @@ -214,7 +217,7 @@ def check_cves(d, patched_cves): pv = d.getVar("CVE_VERSION").split("+git")[0] # If the recipe has been whitlisted we return empty lists - if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): + if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split(): bb.note("Recipe has been whitelisted, skipping check") return ([], [], []) @@ -283,12 +286,12 @@ def check_cves(d, patched_cves): vulnerable = vulnerable_start or vulnerable_end if vulnerable: - bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) + bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) cves_unpatched.append(cve) break if not vulnerable: - bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) + bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) # TODO: not patched but not vulnerable patched_cves.add(cve)