From: Ross Burton <[email protected]> We don't make do_cve_check depend on do_unpack because that would be a waste of time 99% of the time. The compromise here is that we can't scan remote patches for issues, but this isn't a problem so downgrade the warning to a note.
Also move the check for CVEs in the filename before the local file check so that even with remote patches, we still check for CVE references in the name. Signed-off-by: Ross Burton <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 0251cad677579f5b4dcc25fa2f8552c6040ac2cf) Signed-off-by: Steve Sakoman <[email protected]> --- meta/lib/oe/cve_check.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index b4c9f6ffe3..8acd2879bf 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -95,11 +95,6 @@ def get_patched_cves(d): for url in oe.patch.src_patches(d): patch_file = bb.fetch.decodeurl(url)[2] - # Remote compressed patches may not be unpacked, so silently ignore them - if not os.path.isfile(patch_file): - bb.warn("%s does not exist, cannot extract CVE list" % patch_file) - continue - # Check patch file name for CVE ID fname_match = cve_file_name_match.search(patch_file) if fname_match: @@ -107,6 +102,12 @@ def get_patched_cves(d): patched_cves.add(cve) bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file)) + # Remote patches won't be present and compressed patches won't be + # unpacked, so say we're not scanning them + if not os.path.isfile(patch_file): + bb.note("%s is remote or compressed, not scanning content" % patch_file) + continue + with open(patch_file, "r", encoding="utf-8") as f: try: patch_text = f.read() -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#190333): https://lists.openembedded.org/g/openembedded-core/message/190333 Mute This Topic: https://lists.openembedded.org/mt/102463472/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
