diff mbox series

scripts/checklayer: check for SECURITY.md

Message ID 20241113131429.2349997-1-ross.burton@arm.com
State New
Headers show
Series scripts/checklayer: check for SECURITY.md | expand

Commit Message

Ross Burton Nov. 13, 2024, 1:14 p.m. UTC 
Add a check for a SECURITY.md file (or similar) to yocto-check-layer, as
knowing where to report security issues is important.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 scripts/lib/checklayer/cases/common.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)
diff mbox series

Patch

diff --git a/scripts/lib/checklayer/cases/common.py b/scripts/lib/checklayer/cases/common.py
index 97b16f78c8e..2da3d9d77a3 100644
--- a/scripts/lib/checklayer/cases/common.py
+++ b/scripts/lib/checklayer/cases/common.py
@@ -40,6 +40,19 @@  class CommonCheckLayer(OECheckLayerTestCase):
         email_regex = re.compile(r"[^@]+@[^@]+")
         self.assertTrue(email_regex.match(data))
 
+    def test_security(self):
+        """
+        Test that the layer has a SECURITY.md (or similar) file.
+        """
+        if self.tc.layer['type'] == LayerType.CORE:
+            raise unittest.SkipTest("Core layer's SECURITY is top level")
+
+        security = os.path.join(self.tc.layer['path'], 'SECURITY')
+        security_glob = os.path.join(self.tc.layer['path'], 'SECURITY.*')
+
+        files = glob.glob(security) + glob.glob(security_glob)
+        self.assertTrue(files, msg="Layer doesn't contain a SECURITY.md file.")
+
     def test_parse(self):
         check_command('Layer %s failed to parse.' % self.tc.layer['name'],
                       'bitbake -p')