From patchwork Mon Nov 11 18:29:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 179100 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp7022313ilf; Mon, 11 Nov 2019 10:31:08 -0800 (PST) X-Google-Smtp-Source: APXvYqypboLKiI4cbvx4CwEUwoalcgpCV4uSvnhfNXNwbqFcQgFIc7yyF6wukb0iUy/NN263qWtN X-Received: by 2002:a63:2c3:: with SMTP id 186mr30374702pgc.166.1573497068248; Mon, 11 Nov 2019 10:31:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573497068; cv=none; d=google.com; s=arc-20160816; b=iXG1ewIaPx7nkijaguwzwvWtftxdbpQHmtrxfGvxZhWoamoguAkvNmgVHoH6xgyB+J 6+2hs+gUwLN/EBV8cyNteDPfeSp3/ldTUjr0uCNxmBE9WiqZ7xXPx5jCmVKPuSuyTrH2 rse+j5y2jv1A8rXTe3hdJpVrJ5ZlZ3um2UUfFFzZTEX3LTq15ssqXMbM4WYuE7brdiVV t2WBDqFockl9L4C+PVwtwLA2L/gwGKEfiN3UnAKBlMfynLArvfIuRKDsSqfVb3Jnr6HB lGq4F3htJ0OQHe54uP/ZOBVr+6pWJEB11zsfJF+x+oiDiWDnqsRp/ASx0YQbxVSzuqcq +XDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=sFmp+NnBwFwaH82SckXjW+8XOuUhzCmIsAGn92S2ZJU=; b=KMUx6/T+yiQGvuWkPQqoo3FNi+C5JNKoPOVKHMtDBJPqiE0ctz/CMzhEP1mm3n2LVo tBc8HyZ9Wvp+Iqp5Cu9iD7Xq/256ja6EtfzJWox5bGSTXWjmN/0JBRsIiq0zpsgxeYP3 Xdpg1Jtdkty1Q3+GSS8QyXoLYrAA26oTc22Trn8lsybqiu+EvCsAVEbpEkl60OHwtiEL C4qhVY7No9mqPOb/UaOVAIT9LWUVhy+0wYLfgdGWaMVJ4W4lyEkJBv3rKILiFpRj2Zo0 dwHh+RDjfyJREGhvSCdpKp8CHk7WEUkb5VX4NtPJdlfaDCOUHH0DIkFlVBtaZmjoa0IO hsyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=aeWlzGir; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id t15si17297431plo.71.2019.11.11.10.31.07; Mon, 11 Nov 2019 10:31:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=aeWlzGir; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id F3C2D7FC38; Mon, 11 Nov 2019 18:30:28 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mail.openembedded.org (Postfix) with ESMTP id 6FE237FA88 for ; Mon, 11 Nov 2019 18:30:14 +0000 (UTC) Received: by mail-pf1-f176.google.com with SMTP id p24so11232752pfn.4 for ; Mon, 11 Nov 2019 10:30:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=MTPlbdV2kzNVJ0uYniwmPagNs43B4KG0ZEqQNd7r3mQ=; b=aeWlzGirFbhlc88pfwyNzvlYVTDkxoGsyHh4Tx+HZWPP3HmSVoOuQuIkmdCiFTT57e D0aNrizRYL+H+2AvsjV/4Lb7M9fNN9CBku6XZjMXN//l91GRNaiJpx+bZAiaa1Y9lRc5 h0r8gEoarx6dr36RyS9z40Atb25DnOl3jNuThkEwLK2z+PFM03Ox0YVXilcPH44ZQTny wxo9ScH9w+UcMD3n2O/qj9F/uhcilYr91w/yrXMolTOpwTiiPHONPGztqVae3pu6KNsK VdIKovlsJSV2gIKoUBUv3B1iPk/NokKjljUGyeUltAMT+m7LjECVRQ+XFAuQTv5H2HFY MolQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=MTPlbdV2kzNVJ0uYniwmPagNs43B4KG0ZEqQNd7r3mQ=; b=GWweqUf6wG4+5EVgVzBkdZArUg52MRjlrvRQFg3CGnwHwISOPqNw2t6iFBaaxyJ68l NqYBIPUMqSLQRNfRiFXTmFbV4QZKiZaHLSr2h4BFrT9nnZ9RnOTVlwXIg3zwNfDlJcRy 5Re3iBnPZ1FW+0O6Z7hFbhdeUHWaQCoUeTkzB6gAuzsrWuzPx0Vr6wRQCKzq7TnTj3b6 0gobeHTV3f2hfg8R0cucgXri/Moi+xaBTq7XF5p4lT/lHg2y4oMiFAKM/zKnJipqHzHa kyfopNcfFBFFsoOznBax9iF2f6uSWUsfsfVVh3Cp5UBgGmmVYk21jqUcE+zw3vV2I+Ao 3uGg== X-Gm-Message-State: APjAAAXbyKF1BlbiGaPXG4Gn6T7pVf509ktyiQvAVyIq776aGkcDM4hd SViDpJkUONbpjhxnLqmlDMgs8vW5 X-Received: by 2002:a63:cf4a:: with SMTP id b10mr29206687pgj.86.1573497015270; Mon, 11 Nov 2019 10:30:15 -0800 (PST) Received: from akuster-ThinkPad-T460s.mvista.com ([2601:202:4180:a5c0:604a:b703:29ca:5c7d]) by smtp.gmail.com with ESMTPSA id l62sm17731698pgl.24.2019.11.11.10.30.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 11 Nov 2019 10:30:14 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Mon, 11 Nov 2019 10:29:49 -0800 Message-Id: <29d926802e7f8b4614a2dafa0af4c923912e1811.1573496794.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 07/21] cve-check: ensure all known CVEs are in the report X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton CVEs that are whitelisted or were not vulnerable when there are version comparisons were not included in the report, so alter the logic to ensure that all relevant CVEs are in the report for completeness. Signed-off-by: Ross Burton Signed-off-by: Armin Kuster --- meta/classes/cve-check.bbclass | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c00d291..f87bcc9 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -208,12 +208,14 @@ def check_cves(d, patched_cves): if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) + # TODO: this should be in the report as 'whitelisted' + patched_cves.add(cve) elif cve in patched_cves: bb.note("%s has been patched" % (cve)) else: to_append = False if (operator_start == '=' and pv == version_start): - cves_unpatched.append(cve) + to_append = True else: if operator_start: try: @@ -243,8 +245,11 @@ def check_cves(d, patched_cves): to_append = to_append_start or to_append_end if to_append: + bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) cves_unpatched.append(cve) - bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve)) + else: + bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) + patched_cves.add(cve) conn.close() return (list(patched_cves), cves_unpatched)