blob: aa064977277adf34950b4582baec1b966dce0628 [file] [log] [blame]
Andrew Geisslerd1e89492021-02-12 15:35:20 -06001import collections
2import re
3import itertools
4import functools
5
6_Version = collections.namedtuple(
7 "_Version", ["release", "patch_l", "pre_l", "pre_v"]
8)
9
10@functools.total_ordering
11class Version():
12
13 def __init__(self, version, suffix=None):
Andrew Geissler95ac1b82021-03-31 14:34:31 -050014
15 suffixes = ["alphabetical", "patch"]
16
Andrew Geisslerd1e89492021-02-12 15:35:20 -060017 if str(suffix) == "alphabetical":
18 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(?P<patch_l>[a-z]))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
Andrew Geissler95ac1b82021-03-31 14:34:31 -050019 elif str(suffix) == "patch":
20 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(p|patch)(?P<patch_l>[0-9]+))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
Andrew Geisslerd1e89492021-02-12 15:35:20 -060021 else:
22 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
23 regex = re.compile(r"^\s*" + version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE)
24
25 match = regex.search(version)
26 if not match:
27 raise Exception("Invalid version: '{0}'".format(version))
28
29 self._version = _Version(
30 release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")),
Andrew Geissler95ac1b82021-03-31 14:34:31 -050031 patch_l=match.group("patch_l") if str(suffix) in suffixes and match.group("patch_l") else "",
Andrew Geisslerd1e89492021-02-12 15:35:20 -060032 pre_l=match.group("pre_l"),
33 pre_v=match.group("pre_v")
34 )
35
36 self._key = _cmpkey(
37 self._version.release,
38 self._version.patch_l,
39 self._version.pre_l,
40 self._version.pre_v
41 )
42
43 def __eq__(self, other):
44 if not isinstance(other, Version):
45 return NotImplemented
46 return self._key == other._key
47
48 def __gt__(self, other):
49 if not isinstance(other, Version):
50 return NotImplemented
51 return self._key > other._key
52
53def _cmpkey(release, patch_l, pre_l, pre_v):
54 # remove leading 0
55 _release = tuple(
56 reversed(list(itertools.dropwhile(lambda x: x == 0, reversed(release))))
57 )
58
59 _patch = patch_l.upper()
60
61 if pre_l is None and pre_v is None:
62 _pre = float('inf')
63 else:
64 _pre = float(pre_v) if pre_v else float('-inf')
65 return _release, _patch, _pre
Patrick Williams0ca19cc2021-08-16 14:03:13 -050066
67
68def get_patched_cves(d):
69 """
70 Get patches that solve CVEs using the "CVE: " tag.
71 """
72
73 import re
74 import oe.patch
75
76 pn = d.getVar("PN")
77 cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
78
79 # Matches the last "CVE-YYYY-ID" in the file name, also if written
80 # in lowercase. Possible to have multiple CVE IDs in a single
81 # file name, but only the last one will be detected from the file name.
82 # However, patch files contents addressing multiple CVE IDs are supported
83 # (cve_match regular expression)
84
85 cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
86
87 patched_cves = set()
88 bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
89 for url in oe.patch.src_patches(d):
90 patch_file = bb.fetch.decodeurl(url)[2]
91
Patrick Williams03907ee2022-05-01 06:28:52 -050092 # Remote compressed patches may not be unpacked, so silently ignore them
Patrick Williams0ca19cc2021-08-16 14:03:13 -050093 if not os.path.isfile(patch_file):
Patrick Williams03907ee2022-05-01 06:28:52 -050094 bb.warn("%s does not exist, cannot extract CVE list" % patch_file)
95 continue
Patrick Williams0ca19cc2021-08-16 14:03:13 -050096
97 # Check patch file name for CVE ID
98 fname_match = cve_file_name_match.search(patch_file)
99 if fname_match:
100 cve = fname_match.group(1).upper()
101 patched_cves.add(cve)
102 bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
103
104 with open(patch_file, "r", encoding="utf-8") as f:
105 try:
106 patch_text = f.read()
107 except UnicodeDecodeError:
108 bb.debug(1, "Failed to read patch %s using UTF-8 encoding"
109 " trying with iso8859-1" % patch_file)
110 f.close()
111 with open(patch_file, "r", encoding="iso8859-1") as f:
112 patch_text = f.read()
113
114 # Search for one or more "CVE: " lines
115 text_match = False
116 for match in cve_match.finditer(patch_text):
117 # Get only the CVEs without the "CVE: " tag
118 cves = patch_text[match.start()+5:match.end()]
119 for cve in cves.split():
120 bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
121 patched_cves.add(cve)
122 text_match = True
123
124 if not fname_match and not text_match:
125 bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
126
127 return patched_cves
128
129
130def get_cpe_ids(cve_product, version):
131 """
132 Get list of CPE identifiers for the given product and version
133 """
134
135 version = version.split("+git")[0]
136
137 cpe_ids = []
138 for product in cve_product.split():
139 # CVE_PRODUCT in recipes may include vendor information for CPE identifiers. If not,
140 # use wildcard for vendor.
141 if ":" in product:
142 vendor, product = product.split(":", 1)
143 else:
144 vendor = "*"
145
146 cpe_id = f'cpe:2.3:a:{vendor}:{product}:{version}:*:*:*:*:*:*:*'
147 cpe_ids.append(cpe_id)
148
149 return cpe_ids
Andrew Geissler9aee5002022-03-30 16:27:02 +0000150
151def cve_check_merge_jsons(output, data):
152 """
153 Merge the data in the "package" property to the main data file
154 output
155 """
156 if output["version"] != data["version"]:
157 bb.error("Version mismatch when merging JSON outputs")
158 return
159
160 for product in output["package"]:
161 if product["name"] == data["package"][0]["name"]:
162 bb.error("Error adding the same package twice")
163 return
164
165 output["package"].append(data["package"][0])
Andrew Geissler78b72792022-06-14 06:47:25 -0500166
167def update_symlinks(target_path, link_path):
168 """
169 Update a symbolic link link_path to point to target_path.
170 Remove the link and recreate it if exist and is different.
171 """
172 if link_path != target_path and os.path.exists(target_path):
173 if os.path.exists(os.path.realpath(link_path)):
174 os.remove(link_path)
175 os.symlink(os.path.basename(target_path), link_path)