mirror of
git://git.yoctoproject.org/poky.git
synced 2025-07-19 21:09:03 +02:00
4c378fc895
- simplify base.py, data.py - move some leftover regex patterns to patterns.py - remove pyparsing path logic, since this is no longer needed - rename PatchTestInput class to PatchtestParser - data.py: rename to patchtest_parser.py - patterns.py: rename to patchtest_patterns.py - move PatchTestDataStore to test_metadata.py since that's the only place it's used - remove unused logger code (From OE-Core rev: 1e971b05b036b0b1eb0bdbd9b26b54d06e74294c) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
132 lines
5.9 KiB
Python
132 lines
5.9 KiB
Python
# Checks related to the patch's CVE lines
|
|
#
|
|
# Copyright (C) 2016 Intel Corporation
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
|
|
import base
|
|
import os
|
|
import patchtest_patterns
|
|
import pyparsing
|
|
|
|
class TestPatch(base.Base):
|
|
|
|
@classmethod
|
|
def setUpClassLocal(cls):
|
|
cls.newpatches = []
|
|
# get just those relevant patches: new software patches
|
|
for patch in cls.patchset:
|
|
if patch.path.endswith('.patch') and patch.is_added_file:
|
|
cls.newpatches.append(patch)
|
|
|
|
cls.mark = str(patchtest_patterns.signed_off_by_prefix).strip('"')
|
|
|
|
# match PatchSignedOffBy.mark with '+' preceding it
|
|
cls.prog = patchtest_patterns.patch_signed_off_by
|
|
|
|
def setUp(self):
|
|
if self.unidiff_parse_error:
|
|
self.skip('Parse error %s' % self.unidiff_parse_error)
|
|
|
|
self.valid_status = ", ".join(patchtest_patterns.upstream_status_nonliteral_valid_status)
|
|
self.standard_format = "Upstream-Status: <Valid status>"
|
|
|
|
# we are just interested in series that introduce CVE patches, thus discard other
|
|
# possibilities: modification to current CVEs, patch directly introduced into the
|
|
# recipe, upgrades already including the CVE, etc.
|
|
new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
|
|
if not new_cves:
|
|
self.skip('No new CVE patches introduced')
|
|
|
|
def test_upstream_status_presence_format(self):
|
|
if not TestPatch.newpatches:
|
|
self.skip("There are no new software patches, no reason to test Upstream-Status presence/format")
|
|
|
|
for newpatch in TestPatch.newpatches:
|
|
payload = newpatch.__str__()
|
|
if not patchtest_patterns.upstream_status_regex.search_string(payload):
|
|
self.fail(
|
|
"Added patch file is missing Upstream-Status: <Valid status> in the commit message",
|
|
data=[
|
|
("Standard format", self.standard_format),
|
|
("Valid status", self.valid_status),
|
|
],
|
|
)
|
|
for line in payload.splitlines():
|
|
if patchtest_patterns.patchmetadata_regex.match(line):
|
|
continue
|
|
if patchtest_patterns.upstream_status_regex.search_string(line):
|
|
if patchtest_patterns.inappropriate.searchString(line):
|
|
try:
|
|
patchtest_patterns.upstream_status_inappropriate_info.parseString(
|
|
line.lstrip("+")
|
|
)
|
|
except pyparsing.ParseException as pe:
|
|
self.fail(
|
|
"Upstream-Status is Inappropriate, but no reason was provided",
|
|
data=[
|
|
("Current", pe.pstr),
|
|
(
|
|
"Standard format",
|
|
"Upstream-Status: Inappropriate [reason]",
|
|
),
|
|
],
|
|
)
|
|
elif patchtest_patterns.submitted.searchString(line):
|
|
try:
|
|
patchtest_patterns.upstream_status_submitted_info.parseString(
|
|
line.lstrip("+")
|
|
)
|
|
except pyparsing.ParseException as pe:
|
|
self.fail(
|
|
"Upstream-Status is Submitted, but it is not mentioned where",
|
|
data=[
|
|
("Current", pe.pstr),
|
|
(
|
|
"Standard format",
|
|
"Upstream-Status: Submitted [where]",
|
|
),
|
|
],
|
|
)
|
|
else:
|
|
try:
|
|
patchtest_patterns.upstream_status.parseString(line.lstrip("+"))
|
|
except pyparsing.ParseException as pe:
|
|
self.fail(
|
|
"Upstream-Status is in incorrect format",
|
|
data=[
|
|
("Current", pe.pstr),
|
|
("Standard format", self.standard_format),
|
|
("Valid status", self.valid_status),
|
|
],
|
|
)
|
|
|
|
def test_signed_off_by_presence(self):
|
|
if not TestPatch.newpatches:
|
|
self.skip("There are no new software patches, no reason to test %s presence" % PatchSignedOffBy.mark)
|
|
|
|
for newpatch in TestPatch.newpatches:
|
|
payload = newpatch.__str__()
|
|
for line in payload.splitlines():
|
|
if patchtest_patterns.patchmetadata_regex.match(line):
|
|
continue
|
|
if TestPatch.prog.search_string(payload):
|
|
break
|
|
else:
|
|
self.fail('A patch file has been added without a Signed-off-by tag: \'%s\'' % os.path.basename(newpatch.path))
|
|
|
|
def test_cve_tag_format(self):
|
|
for commit in TestPatch.commits:
|
|
if patchtest_patterns.cve.search_string(
|
|
commit.shortlog
|
|
) or patchtest_patterns.cve.search_string(commit.commit_message):
|
|
tag_found = False
|
|
for line in commit.payload.splitlines():
|
|
if patchtest_patterns.cve_payload_tag.search_string(line):
|
|
tag_found = True
|
|
break
|
|
if not tag_found:
|
|
self.fail('Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX"',
|
|
commit=commit)
|