| Message ID | 20220502074317.6470-1-davide.gardenal@huawei.com |
|---|---|
| State | Accepted, archived |
| Commit | f2987891d315466b7ef180ecce81d15320ce8487 |
| Headers | show |
| Series | [master,kirkstone] cve-check: add JSON format to summary output | expand |
Hi Davide, This patch needs to be sent first for the master branch and backported for kirkstone only after that. Jose Davide Gardenal <davidegarde2000@gmail.com> escreveu no dia segunda, 2/05/2022 à(s) 08:43: > Create generate_json_report including all the code used to generate the > JSON > manifest file. > Add to cve_save_summary_handler the ability to create the summary in JSON > format. > > Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> > --- > meta/classes/cve-check.bbclass | 50 +++++++++++++------- > 1 file changed, 32 insertions(+), 18 deletions(-) > > diff --git a/meta/classes/cve-check.bbclass > b/meta/classes/cve-check.bbclass > index 78516d0..64875d7 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -79,6 +79,29 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" > # set to "alphabetical" for version using single alphabetical character > as increment release > CVE_VERSION_SUFFIX ??= "" > > +def generate_json_report(out_path, link_path): > + if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): > + import json > + from oe.cve_check import cve_check_merge_jsons > + > + bb.note("Generating JSON CVE summary") > + index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") > + summary = {"version":"1", "package": []} > + with open(index_file) as f: > + filename = f.readline() > + while filename: > + with open(filename.rstrip()) as j: > + data = json.load(j) > + cve_check_merge_jsons(summary, data) > + filename = f.readline() > + > + with open(out_path, "w") as f: > + json.dump(summary, f, indent=2) > + > + if os.path.exists(os.path.realpath(link_path)): > + os.remove(link_path) > + os.symlink(os.path.basename(out_path), link_path) > + > python cve_save_summary_handler () { > import shutil > import datetime > @@ -101,6 +124,11 @@ python cve_save_summary_handler () { > if os.path.exists(os.path.realpath(cvefile_link)): > os.remove(cvefile_link) > os.symlink(os.path.basename(cve_summary_file), cvefile_link) > + > + json_summary_link_name = os.path.join(cvelogpath, > d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) > + json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % > (cve_summary_name, timestamp)) > + generate_json_report(json_summary_name, json_summary_link_name) > + bb.plain("CVE report summary created at: %s" % > json_summary_link_name) > } > > addhandler cve_save_summary_handler > @@ -175,25 +203,11 @@ python cve_check_write_rootfs_manifest () { > os.symlink(os.path.basename(manifest_name), manifest_link) > bb.plain("Image CVE report stored in: %s" % manifest_name) > > - if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): > - import json > + link_path = os.path.join(deploy_dir, "%s.json" % link_name) > + manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") > bb.note("Generating JSON CVE manifest") > - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") > - link_name = d.getVar("IMAGE_LINK_NAME") > - manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") > - index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") > - manifest = {"version":"1", "package": []} > - with open(index_file) as f: > - filename = f.readline() > - while filename: > - with open(filename.rstrip()) as j: > - data = json.load(j) > - cve_check_merge_jsons(manifest, data) > - filename = f.readline() > - > - with open(manifest_name, "w") as f: > - json.dump(manifest, f, indent=2) > - bb.plain("Image CVE report stored in: %s" % manifest_name) > + generate_json_report(json_summary_name, json_summary_link_name) > + bb.plain("Image CVE JSON report stored in: %s" % link_path) > } > > ROOTFS_POSTPROCESS_COMMAND:prepend = > "${@'cve_check_write_rootfs_manifest; ' if > d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" > -- > 2.32.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165160): > https://lists.openembedded.org/g/openembedded-core/message/165160 > Mute This Topic: https://lists.openembedded.org/mt/90830880/5052612 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > quaresma.jose@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On Sun, May 1, 2022 at 11:08 PM Jose Quaresma <quaresma.jose@gmail.com> wrote: > > Hi Davide, > > This patch needs to be sent first for the master branch and backported for kirkstone only after that. He's tagged [master] in the subject in addition to [kirkstone], so this is fine. I appreciate the heads up that I should keep an eye out for the master commit. Steve > Davide Gardenal <davidegarde2000@gmail.com> escreveu no dia segunda, 2/05/2022 à(s) 08:43: >> >> Create generate_json_report including all the code used to generate the JSON >> manifest file. >> Add to cve_save_summary_handler the ability to create the summary in JSON format. >> >> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> >> --- >> meta/classes/cve-check.bbclass | 50 +++++++++++++------- >> 1 file changed, 32 insertions(+), 18 deletions(-) >> >> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass >> index 78516d0..64875d7 100644 >> --- a/meta/classes/cve-check.bbclass >> +++ b/meta/classes/cve-check.bbclass >> @@ -79,6 +79,29 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" >> # set to "alphabetical" for version using single alphabetical character as increment release >> CVE_VERSION_SUFFIX ??= "" >> >> +def generate_json_report(out_path, link_path): >> + if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): >> + import json >> + from oe.cve_check import cve_check_merge_jsons >> + >> + bb.note("Generating JSON CVE summary") >> + index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") >> + summary = {"version":"1", "package": []} >> + with open(index_file) as f: >> + filename = f.readline() >> + while filename: >> + with open(filename.rstrip()) as j: >> + data = json.load(j) >> + cve_check_merge_jsons(summary, data) >> + filename = f.readline() >> + >> + with open(out_path, "w") as f: >> + json.dump(summary, f, indent=2) >> + >> + if os.path.exists(os.path.realpath(link_path)): >> + os.remove(link_path) >> + os.symlink(os.path.basename(out_path), link_path) >> + >> python cve_save_summary_handler () { >> import shutil >> import datetime >> @@ -101,6 +124,11 @@ python cve_save_summary_handler () { >> if os.path.exists(os.path.realpath(cvefile_link)): >> os.remove(cvefile_link) >> os.symlink(os.path.basename(cve_summary_file), cvefile_link) >> + >> + json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) >> + json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp)) >> + generate_json_report(json_summary_name, json_summary_link_name) >> + bb.plain("CVE report summary created at: %s" % json_summary_link_name) >> } >> >> addhandler cve_save_summary_handler >> @@ -175,25 +203,11 @@ python cve_check_write_rootfs_manifest () { >> os.symlink(os.path.basename(manifest_name), manifest_link) >> bb.plain("Image CVE report stored in: %s" % manifest_name) >> >> - if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): >> - import json >> + link_path = os.path.join(deploy_dir, "%s.json" % link_name) >> + manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") >> bb.note("Generating JSON CVE manifest") >> - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") >> - link_name = d.getVar("IMAGE_LINK_NAME") >> - manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") >> - index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") >> - manifest = {"version":"1", "package": []} >> - with open(index_file) as f: >> - filename = f.readline() >> - while filename: >> - with open(filename.rstrip()) as j: >> - data = json.load(j) >> - cve_check_merge_jsons(manifest, data) >> - filename = f.readline() >> - >> - with open(manifest_name, "w") as f: >> - json.dump(manifest, f, indent=2) >> - bb.plain("Image CVE report stored in: %s" % manifest_name) >> + generate_json_report(json_summary_name, json_summary_link_name) >> + bb.plain("Image CVE JSON report stored in: %s" % link_path) >> } >> >> ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" >> -- >> 2.32.0 >> >> >> >> > > > -- > Best regards, > > José Quaresma > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165162): https://lists.openembedded.org/g/openembedded-core/message/165162 > Mute This Topic: https://lists.openembedded.org/mt/90830880/3617601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [sakoman@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 78516d0..64875d7 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -79,6 +79,29 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" # set to "alphabetical" for version using single alphabetical character as increment release CVE_VERSION_SUFFIX ??= "" +def generate_json_report(out_path, link_path): + if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): + import json + from oe.cve_check import cve_check_merge_jsons + + bb.note("Generating JSON CVE summary") + index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") + summary = {"version":"1", "package": []} + with open(index_file) as f: + filename = f.readline() + while filename: + with open(filename.rstrip()) as j: + data = json.load(j) + cve_check_merge_jsons(summary, data) + filename = f.readline() + + with open(out_path, "w") as f: + json.dump(summary, f, indent=2) + + if os.path.exists(os.path.realpath(link_path)): + os.remove(link_path) + os.symlink(os.path.basename(out_path), link_path) + python cve_save_summary_handler () { import shutil import datetime @@ -101,6 +124,11 @@ python cve_save_summary_handler () { if os.path.exists(os.path.realpath(cvefile_link)): os.remove(cvefile_link) os.symlink(os.path.basename(cve_summary_file), cvefile_link) + + json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) + json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp)) + generate_json_report(json_summary_name, json_summary_link_name) + bb.plain("CVE report summary created at: %s" % json_summary_link_name) } addhandler cve_save_summary_handler @@ -175,25 +203,11 @@ python cve_check_write_rootfs_manifest () { os.symlink(os.path.basename(manifest_name), manifest_link) bb.plain("Image CVE report stored in: %s" % manifest_name) - if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): - import json + link_path = os.path.join(deploy_dir, "%s.json" % link_name) + manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") bb.note("Generating JSON CVE manifest") - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") - link_name = d.getVar("IMAGE_LINK_NAME") - manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") - index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") - manifest = {"version":"1", "package": []} - with open(index_file) as f: - filename = f.readline() - while filename: - with open(filename.rstrip()) as j: - data = json.load(j) - cve_check_merge_jsons(manifest, data) - filename = f.readline() - - with open(manifest_name, "w") as f: - json.dump(manifest, f, indent=2) - bb.plain("Image CVE report stored in: %s" % manifest_name) + generate_json_report(json_summary_name, json_summary_link_name) + bb.plain("Image CVE JSON report stored in: %s" % link_path) } ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
Create generate_json_report including all the code used to generate the JSON manifest file. Add to cve_save_summary_handler the ability to create the summary in JSON format. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> --- meta/classes/cve-check.bbclass | 50 +++++++++++++------- 1 file changed, 32 insertions(+), 18 deletions(-)