Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cve-filter: Add class to filter cve files #98

Merged
merged 1 commit into from
Jun 12, 2024
Merged

cve-filter: Add class to filter cve files #98

merged 1 commit into from
Jun 12, 2024

Conversation

mdrodrigo
Copy link
Contributor

This class is designed to filter CVEs (Common Vulnerabilities and Exposures) from CVE files. It should be used in conjunction with the cve-check class from the openembedded-core.

Steps to Use This Class

  1. Add the following lines to your distro configuration file:

    include conf/distro/include/cve-extra-exclusions.inc INHERIT += "cve-check"

  2. Inherit the cve-filter class in the image recipe.

-------- Configuration Variables ----------------------------

The cve-filter class provides several configurable variables:

CVE_FILTER_PREVIOUS_FILE: Specifies the previous version of the CVE JSON file. If no file is provided, only the current file will be considered.
Default: empty

CVE_FILTER_PREVIOUS_VERSION: Specifies the distro version of the previous CVE JSON file. The CVE_FILTER_PREVIOUS_FILE must be defined, otherwise the value 0 will be used.
Example: "1.0.0"
Default: "0.0.0"

CVE_FILTER_MARKDOWN_FILE_NAME: Specifies the name of the output Markdown file containing the list of detected CVEs. Default: "${IMAGE_NAME}.md"

CVE_FILTER_IGNORED_CVES: Lists the CVEs that should be ignored by the filter.
Example: "CVE-2017-6264 CVE-2023-1234"
Default: empty

The following files was added:
- classes/cve-filter.bbclass
- lib/ossystems/cve_filter.py
- lib/ossystems/init.py

Also, the following file was changed:
- conf/layer.conf

Signed-off-by: Rodrigo M. Duarte rodrigo.duarte@ossystems.com.br
(cherry picked from commit 8fe7cdd)

@mdrodrigo
cve-filter: Add class to filter cve files
53394dc 
This class is designed to filter CVEs (Common Vulnerabilities
and Exposures) from CVE files. It should be used in conjunction
with the cve-check class from the openembedded-core.

Steps to Use This Class

1. Add the following lines to your distro configuration file:

   include conf/distro/include/cve-extra-exclusions.inc
   INHERIT += "cve-check"

2. Inherit the cve-filter class in the image recipe.

--------  Configuration Variables  ----------------------------

The cve-filter class provides several configurable variables:

CVE_FILTER_PREVIOUS_FILE: Specifies the previous version of
the CVE JSON file. If no file is provided, only the current
file will be considered.
Default: empty

CVE_FILTER_PREVIOUS_VERSION: Specifies the distro version of
the previous CVE JSON file. The CVE_FILTER_PREVIOUS_FILE must
be defined, otherwise the value 0 will be used.
Example: "1.0.0"
Default: "0.0.0"

CVE_FILTER_MARKDOWN_FILE_NAME: Specifies the name of the
output Markdown file containing the list of detected CVEs.
Default: "${IMAGE_NAME}.md"

CVE_FILTER_IGNORED_CVES: Lists the CVEs that should be ignored by the filter.
Example: "CVE-2017-6264 CVE-2023-1234"
Default: empty

The following files was added:
    - classes/cve-filter.bbclass
    - lib/ossystems/cve_filter.py
    - lib/ossystems/__init__.py

Also, the following file was changed:
    - conf/layer.conf

Signed-off-by: Rodrigo M. Duarte <rodrigo.duarte@ossystems.com.br>
(cherry picked from commit 8fe7cdd)
@otavio otavio merged commit f99403e into mickledore Jun 12, 2024
@otavio otavio deleted the topic/cve-mickledore branch June 12, 2024 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdrodrigo @otavio