mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2fdabc368a52a9bf60f76f33e92b94de843688a8
poky/meta/lib/patchtest/tests/test_patch_cve.py
Trevor Gamblin 2fdabc368a patchtest: improve test issue messages 
The patchtest tests provide vague feedback to the user, and many of them
also provide redundant 'fix' strings that could easily be incorporated
into the issue messages themselves. Simplify them so that it is more
clear what the errors are and how they can be addressed. No
recommendation is given when the issue string adequately conveys the
issue, e.g. with a missing "LICENSE" entry in a newly-created recipe.

(From OE-Core rev: 0bfb3614244ec7aa79b6424bc63f9f2bccdabe98)

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-10-13 11:53:06 +01:00

51 lines
2.1 KiB
Python
Raw Blame History

# Checks related to the patch's CVE lines
#
# Copyright (C) 2016 Intel Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# SPDX-License-Identifier: GPL-2.0-or-later
import base
import os
import re
class CVE(base.Base):
re_cve_pattern = re.compile("CVE\-\d{4}\-\d+", re.IGNORECASE)
re_cve_payload_tag = re.compile("\+CVE:(\s+CVE\-\d{4}\-\d+)+")
def setUp(self):
if self.unidiff_parse_error:
self.skip('Parse error %s' % self.unidiff_parse_error)
# we are just interested in series that introduce CVE patches, thus discard other
# possibilities: modification to current CVEs, patch directly introduced into the
# recipe, upgrades already including the CVE, etc.
new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
if not new_cves:
self.skip('No new CVE patches introduced')
def test_cve_tag_format(self):
for commit in CVE.commits:
if self.re_cve_pattern.search(commit.shortlog) or self.re_cve_pattern.search(commit.commit_message):
tag_found = False
for line in commit.payload.splitlines():
if self.re_cve_payload_tag.match(line):
tag_found = True
break
if not tag_found:
self.fail('Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX"',
commit=commit)
Reference in New Issue View Git Blame Copy Permalink