cve-check: Add allowlist that is same function of whitelist.

Submitted by ito-yuichi@fujitsu.com on June 22, 2021, 8:29 a.m. | Patch ID: 179915

Details

Message ID 20210622082917.1567681-1-ito-yuichi@fujitsu.com
State New
Headers show

Commit Message

ito-yuichi@fujitsu.com June 22, 2021, 8:29 a.m.
The Linux team plan to removed references to racially-charged jargon from
their code for more neutral and inclusive language.
So replace use of "whitelist" with "allowlist" in cve-check.

First, we add CVE_CHECK_ALLOWLIST and it is considered patched as well as
CVE_CHECK_WHITELIST.
We plan to replace about other word later and eventualy, replace all
"whitelist" to "allowlist".

Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
---
 meta/classes/cve-check.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 112ee3379d..5e3441a783 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -52,6 +52,7 @@  CVE_CHECK_PN_WHITELIST ?= ""
 # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
 #
 CVE_CHECK_WHITELIST ?= ""
+CVE_CHECK_ALLOWLIST ?= ""
 
 # Layers to be excluded
 CVE_CHECK_LAYER_EXCLUDELIST ??= ""
@@ -238,7 +239,7 @@  def check_cves(d, patched_cves):
     old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
     if old_cve_whitelist:
         bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
-    cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
+    cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() + d.getVar("CVE_CHECK_WHITELIST").split()
 
     import sqlite3
     db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")

Comments

Khem Raj June 22, 2021, 4:35 p.m.
Thanks for the patch, you need to send to oe-core mailing list since 
this class is part of core metadata.

On 6/22/21 1:29 AM, ito-yuichi@fujitsu.com wrote:
> The Linux team plan to removed references to racially-charged jargon from
> their code for more neutral and inclusive language.
> So replace use of "whitelist" with "allowlist" in cve-check.
> 
> First, we add CVE_CHECK_ALLOWLIST and it is considered patched as well as
> CVE_CHECK_WHITELIST.
> We plan to replace about other word later and eventualy, replace all
> "whitelist" to "allowlist".
> 
> Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
> ---
>   meta/classes/cve-check.bbclass | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index 112ee3379d..5e3441a783 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -52,6 +52,7 @@ CVE_CHECK_PN_WHITELIST ?= ""
>   # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
>   #
>   CVE_CHECK_WHITELIST ?= ""
> +CVE_CHECK_ALLOWLIST ?= ""
>   
>   # Layers to be excluded
>   CVE_CHECK_LAYER_EXCLUDELIST ??= ""
> @@ -238,7 +239,7 @@ def check_cves(d, patched_cves):
>       old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
>       if old_cve_whitelist:
>           bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
> -    cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
> +    cve_whitelist = d.getVar("CVE_CHECK_ALLOWLIST").split() + d.getVar("CVE_CHECK_WHITELIST").split()
>   
>       import sqlite3
>       db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
> 
> 
> 
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#91979): https://lists.openembedded.org/g/openembedded-devel/message/91979
Mute This Topic: https://lists.openembedded.org/mt/83709039/3617530
Group Owner: openembedded-devel+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-