[yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker

Fri Jun 14 16:48:32 PDT 2019

Chen,

On 6/14/19 1:13 AM, ChenQi wrote:
> Hi Armin,
>
> I just noticed this selftest case.
> Have you considered putting it into oe-core?
Yes I have. That was the first place I wanted to put it but Richard and
Ross have reservations about doing that so it sits in meta-security
until we can get it into core.

Regards,
armin


>
> Best Regards,
> Chen Qi
>
> On 05/10/2019 11:09 AM, Armin Kuster wrote:
>> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
>> ---
>>   lib/oeqa/selftest/cases/cvechecker.py | 27 +++++++++++++++++++++++++++
>>   1 file changed, 27 insertions(+)
>>   create mode 100644 lib/oeqa/selftest/cases/cvechecker.py
>>
>> diff --git a/lib/oeqa/selftest/cases/cvechecker.py
>> b/lib/oeqa/selftest/cases/cvechecker.py
>> new file mode 100644
>> index 0000000..23ca7d2
>> --- /dev/null
>> +++ b/lib/oeqa/selftest/cases/cvechecker.py
>> @@ -0,0 +1,27 @@
>> +import os
>> +import re
>> +
>> +from oeqa.selftest.case import OESelftestTestCase
>> +from oeqa.utils.commands import bitbake, get_bb_var
>> +
>> +class CveCheckerTests(OESelftestTestCase):
>> +    def test_cve_checker(self):
>> +        image = "core-image-sato"
>> +
>> +        deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE")
>> +        image_link_name = get_bb_var('IMAGE_LINK_NAME', image)
>> +
>> +        manifest_link = os.path.join(deploy_dir, "%s.cve" %
>> image_link_name)
>> +
>> +        self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
>> +        if (not 'cve-check' in get_bb_var('INHERIT')):
>> +            add_cve_check_config = 'INHERIT += "cve-check"'
>> +            self.append_config(add_cve_check_config)
>> +        self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
>> +        result = bitbake("-k -c cve_check %s" % image,
>> ignore_status=True)
>> +        if (not 'cve-check' in get_bb_var('INHERIT')):
>> +            self.remove_config(add_cve_check_config)
>> +
>> +        isfile = os.path.isfile(manifest_link)
>> +        self.assertEqual(True, isfile, 'Failed to create cve data
>> file : %s' % manifest_link)
>> +
>
>