Andrew Geissler | 220dafd | 2023-10-04 10:18:08 -0500 | [diff] [blame] | 1 | # Checks related to the patch's CVE lines |
| 2 | # |
| 3 | # Copyright (C) 2016 Intel Corporation |
| 4 | # |
| 5 | # This program is free software; you can redistribute it and/or modify |
| 6 | # it under the terms of the GNU General Public License version 2 as |
| 7 | # published by the Free Software Foundation. |
| 8 | # |
| 9 | # This program is distributed in the hope that it will be useful, |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | # GNU General Public License for more details. |
| 13 | # |
| 14 | # You should have received a copy of the GNU General Public License along |
| 15 | # with this program; if not, write to the Free Software Foundation, Inc., |
| 16 | # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 17 | |
| 18 | # SPDX-License-Identifier: GPL-2.0-or-later |
| 19 | |
| 20 | import base |
| 21 | import os |
| 22 | import parse_cve_tags |
| 23 | import re |
| 24 | |
| 25 | class CVE(base.Base): |
| 26 | |
| 27 | revert_shortlog_regex = re.compile('Revert\s+".*"') |
| 28 | prog = parse_cve_tags.cve_tag |
| 29 | |
| 30 | def setUp(self): |
| 31 | if self.unidiff_parse_error: |
| 32 | self.skip('Parse error %s' % self.unidiff_parse_error) |
| 33 | |
| 34 | # we are just interested in series that introduce CVE patches, thus discard other |
| 35 | # possibilities: modification to current CVEs, patch directly introduced into the |
| 36 | # recipe, upgrades already including the CVE, etc. |
| 37 | new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file] |
| 38 | if not new_cves: |
| 39 | self.skip('No new CVE patches introduced') |
| 40 | |
| 41 | def test_cve_presence_in_commit_message(self): |
| 42 | for commit in CVE.commits: |
| 43 | # skip those patches that revert older commits, these do not required the tag presence |
| 44 | if self.revert_shortlog_regex.match(commit.shortlog): |
| 45 | continue |
| 46 | if not self.prog.search_string(commit.payload): |
| 47 | self.fail('Missing or incorrectly formatted CVE tag in mbox', |
| 48 | 'Correct or include the CVE tag in the mbox with format: "CVE: CVE-YYYY-XXXX"', |
| 49 | commit) |