首頁 探索 說明
登入
crispAudio
/
poky
镜像来自 git://git.yoctoproject.org/poky
5
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

cve-check.bbclass: make warning contain CVE IDs

When warning users about unpatched CVE, we'd better put CVE IDs into
the warning message, so that it would be more straight forward for the
user to know which CVEs are not patched.

So instead of:
  WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check /path/to/workdir/cve/cve.log.
We should have:
  WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check /path/to/workdir/cve/cve.log.

(From OE-Core rev: ad46069e7b58f2fba373131716f28407816fa1a6)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi 8 年之前
父節點
4ef31feab1
當前提交
86795b756a
共有 1 個文件被更改,包括 5 次插入4 次删除
統一視圖 顯示文件統計
  1. 5 4
      meta/classes/cve-check.bbclass

+ 5 - 4
meta/classes/cve-check.bbclass
查看文件 

@@ -234,7 +234,7 @@ def cve_write_data(d, patched, unpatched, cve_data):
 
     cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
 
     cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
 
     nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
 
     nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
 
     write_string = ""
 
     write_string = ""
 
-    first_alert = True
 
+    unpatched_cves = []
 
     bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
 
     bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
 
 
 
     for cve in sorted(cve_data):
 
     for cve in sorted(cve_data):
 
@@ -244,15 +244,16 @@ def cve_write_data(d, patched, unpatched, cve_data):
 
         if cve in patched:
 
         if cve in patched:
 
             write_string += "CVE STATUS: Patched\n"
 
             write_string += "CVE STATUS: Patched\n"
 
         else:
 
         else:
 
+            unpatched_cves.append(cve)
 
             write_string += "CVE STATUS: Unpatched\n"
 
             write_string += "CVE STATUS: Unpatched\n"
 
-            if first_alert:
 
-                bb.warn("Found unpatched CVE, for more information check %s" % cve_file)
 
-                first_alert = False
 
         write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
 
         write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
 
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
 
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
 
         write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
 
         write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
 
         write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
 
         write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
 
 
 
+    if unpatched_cves:
 
+        bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
 
+
 
     with open(cve_file, "w") as f:
 
     with open(cve_file, "w") as f:
 
         bb.note("Writing file %s with CVE information" % cve_file)
 
         bb.note("Writing file %s with CVE information" % cve_file)
 
         f.write(write_string)
 
         f.write(write_string)