Blame - poky/meta/lib/patchtest/tests/test_mbox_cve.py - openbmc/openbmc

blob: f99194c094ca8433166be99406e761197de7823b [file] [log] [blame]

Andrew Geissler	220dafd	2023-10-04 10:18:08 -0500	[diff] [blame]	1	# Checks related to the patch's CVE lines
				2	#
				3	# Copyright (C) 2016 Intel Corporation
				4	#
				5	# This program is free software; you can redistribute it and/or modify
				6	# it under the terms of the GNU General Public License version 2 as
				7	# published by the Free Software Foundation.
				8	#
				9	# This program is distributed in the hope that it will be useful,
				10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
				11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				12	# GNU General Public License for more details.
				13	#
				14	# You should have received a copy of the GNU General Public License along
				15	# with this program; if not, write to the Free Software Foundation, Inc.,
				16	# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				17
				18	# SPDX-License-Identifier: GPL-2.0-or-later
				19
				20	import base
				21	import os
				22	import parse_cve_tags
				23	import re
				24
				25	class CVE(base.Base):
				26
				27	revert_shortlog_regex = re.compile('Revert\s+".*"')
				28	prog = parse_cve_tags.cve_tag
				29
				30	def setUp(self):
				31	if self.unidiff_parse_error:
				32	self.skip('Parse error %s' % self.unidiff_parse_error)
				33
				34	# we are just interested in series that introduce CVE patches, thus discard other
				35	# possibilities: modification to current CVEs, patch directly introduced into the
				36	# recipe, upgrades already including the CVE, etc.
				37	new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
				38	if not new_cves:
				39	self.skip('No new CVE patches introduced')
				40
				41	def test_cve_presence_in_commit_message(self):
				42	for commit in CVE.commits:
				43	# skip those patches that revert older commits, these do not required the tag presence
				44	if self.revert_shortlog_regex.match(commit.shortlog):
				45	continue
				46	if not self.prog.search_string(commit.payload):
				47	self.fail('Missing or incorrectly formatted CVE tag in mbox',
				48	'Correct or include the CVE tag in the mbox with format: "CVE: CVE-YYYY-XXXX"',
				49	commit)