From: Ross Burton <ross.burton@intel.com>
Date: Fri, 9 Feb 2018 12:43:17 +0000 (+0000)
Subject: cve-check: short-circuit checking if CVE_PRODUCT isn't set
X-Git-Tag: uninative-1.8~341
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06;p=openembedded-core.git

cve-check: short-circuit checking if CVE_PRODUCT isn't set

For some recipes is is meaningless to do a CVE check, for example packagegroups
or images.  Check that CVE_PRODUCT is set and short-circuit the scan if it
isn't.

Signed-off-by: Ross Burton <ross.burton@intel.com>
---

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883fa7..d8087dd7c6 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
+    # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+    if not bpn:
+        return ([], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")