Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cve-filter: Add class to filter cve files #95

Merged
merged 1 commit into from
Jun 11, 2024
Merged

cve-filter: Add class to filter cve files #95

merged 1 commit into from
Jun 11, 2024

Conversation

mdrodrigo
Copy link
Contributor

The following files was added:
- classes/cve-filter.bbclass
- lib/ossystems/cve_filter.py
- lib/ossystems/init.py

Also, the following file was changed:
- conf/layer.conf

@mdrodrigo mdrodrigo requested review from otavio and rafluan and removed request for otavio June 10, 2024 19:46
@otavio
Copy link
Member

otavio commented Jun 10, 2024

I also noticed a few style code errors. Check with a code formatting tool to avoid those.

@mdrodrigo mdrodrigo force-pushed the topic/cve-filter-master branch 3 times, most recently from acb6b25 to f57ccaa Compare June 11, 2024 17:30
otavio
otavio reviewed Jun 11, 2024
View reviewed changes
classes/cve-filter.bbclass Outdated Show resolved Hide resolved
@mdrodrigo
cve-filter: Add class to filter cve files
8fe7cdd 
This class is designed to filter CVEs (Common Vulnerabilities
and Exposures) from CVE files. It should be used in conjunction
with the cve-check class from the openembedded-core.

Steps to Use This Class

1. Add the following lines to your distro configuration file:

   include conf/distro/include/cve-extra-exclusions.inc
   INHERIT += "cve-check"

2. Inherit the cve-filter class in the image recipe.

--------  Configuration Variables  ----------------------------

The cve-filter class provides several configurable variables:

CVE_FILTER_PREVIOUS_FILE: Specifies the previous version of
the CVE JSON file. If no file is provided, only the current
file will be considered.
Default: empty

CVE_FILTER_PREVIOUS_VERSION: Specifies the distro version of
the previous CVE JSON file. The CVE_FILTER_PREVIOUS_FILE must
be defined, otherwise the value 0 will be used.
Example: "1.0.0"
Default: "0.0.0"

CVE_FILTER_MARKDOWN_FILE_NAME: Specifies the name of the
output Markdown file containing the list of detected CVEs.
Default: "${IMAGE_NAME}.md"

CVE_FILTER_IGNORED_CVES: Lists the CVEs that should be ignored by the filter.
Example: "CVE-2017-6264 CVE-2023-1234"
Default: empty

The following files was added:
    - classes/cve-filter.bbclass
    - lib/ossystems/cve_filter.py
    - lib/ossystems/__init__.py

Also, the following file was changed:
    - conf/layer.conf

Signed-off-by: Rodrigo M. Duarte <rodrigo.duarte@ossystems.com.br>
@otavio otavio merged commit b82ffa2 into master Jun 11, 2024
@otavio otavio deleted the topic/cve-filter-master branch June 11, 2024 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@otavio otavio otavio left review comments

@rafluan rafluan Awaiting requested review from rafluan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdrodrigo @otavio