diff mbox series

[v2,4/6] cve-check: move message outsite check_cves and sort

Message ID 20250428134205.900354-5-daniel.turull@ericsson.com
State New
Headers show
Series Check compiled files to filter kernel CVEs | expand

Commit Message

Daniel Turull April 28, 2025, 1:42 p.m. UTC 
From: Daniel Turull <daniel.turull@ericsson.com>

When adding corrections from multiple sources of CVEs, the
message showing standing CVES should be at the end. Also sort them.

CC: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
---
 meta/classes/cve-check.bbclass | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 86ddfaae5f..12159a98d2 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -173,6 +173,12 @@  python do_cve_check () {
             if len(cve_data) or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
                 get_cve_info(d, cve_data)
                 cve_write_data(d, cve_data, status)
+
+            if d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
+                unpatched_cves = [cve for cve in cve_data if cve_data[cve]["abbrev-status"] == "Unpatched"]
+                if unpatched_cves:
+                    bb.warn("Found unpatched CVE (%s)" % " ".join(sorted(unpatched_cves)))
+
         else:
             bb.note("No CVE database found, skipping CVE check")
 
@@ -422,10 +428,6 @@  def check_cves(d, cve_data):
     if not cves_in_recipe:
         bb.note("No CVE records for products in recipe %s" % (pn))
 
-    if d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
-        unpatched_cves = [cve for cve in cve_data if cve_data[cve]["abbrev-status"] == "Unpatched"]
-        if unpatched_cves:
-            bb.warn("Found unpatched CVE (%s)" % " ".join(unpatched_cves))
 
     return (cve_data, cves_status)