1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# Checks related to the patch's CVE lines
#
# Copyright (C) 2016 Intel Corporation
#
# SPDX-License-Identifier: GPL-2.0-only
#
import base
import os
import patchtest_patterns
import pyparsing
class TestPatch(base.Base):
@classmethod
def setUpClassLocal(cls):
cls.newpatches = []
# get just those relevant patches: new software patches
for patch in cls.patchset:
if patch.path.endswith('.patch') and patch.is_added_file:
cls.newpatches.append(patch)
cls.mark = str(patchtest_patterns.signed_off_by_prefix).strip('"')
# match PatchSignedOffBy.mark with '+' preceding it
cls.prog = patchtest_patterns.patch_signed_off_by
def setUp(self):
if self.unidiff_parse_error:
self.skip('Parse error %s' % self.unidiff_parse_error)
self.valid_status = ", ".join(patchtest_patterns.upstream_status_nonliteral_valid_status)
self.standard_format = "Upstream-Status: <Valid status>"
# we are just interested in series that introduce CVE patches, thus discard other
# possibilities: modification to current CVEs, patch directly introduced into the
# recipe, upgrades already including the CVE, etc.
new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
if not new_cves:
self.skip('No new CVE patches introduced')
def test_upstream_status_presence_format(self):
if not TestPatch.newpatches:
self.skip("There are no new software patches, no reason to test Upstream-Status presence/format")
for newpatch in TestPatch.newpatches:
payload = newpatch.__str__()
if not patchtest_patterns.upstream_status_regex.search_string(payload):
self.fail(
"Added patch file is missing Upstream-Status: <Valid status> in the commit message",
data=[
("Standard format", self.standard_format),
("Valid status", self.valid_status),
],
)
for line in payload.splitlines():
if patchtest_patterns.patchmetadata_regex.match(line):
continue
if patchtest_patterns.upstream_status_regex.search_string(line):
if patchtest_patterns.inappropriate.searchString(line):
try:
patchtest_patterns.upstream_status_inappropriate_info.parseString(
line.lstrip("+")
)
except pyparsing.ParseException as pe:
self.fail(
"Upstream-Status is Inappropriate, but no reason was provided",
data=[
("Current", pe.pstr),
(
"Standard format",
"Upstream-Status: Inappropriate [reason]",
),
],
)
elif patchtest_patterns.submitted.searchString(line):
try:
patchtest_patterns.upstream_status_submitted_info.parseString(
line.lstrip("+")
)
except pyparsing.ParseException as pe:
self.fail(
"Upstream-Status is Submitted, but it is not mentioned where",
data=[
("Current", pe.pstr),
(
"Standard format",
"Upstream-Status: Submitted [where]",
),
],
)
else:
try:
patchtest_patterns.upstream_status.parseString(line.lstrip("+"))
except pyparsing.ParseException as pe:
self.fail(
"Upstream-Status is in incorrect format",
data=[
("Current", pe.pstr),
("Standard format", self.standard_format),
("Valid status", self.valid_status),
],
)
def test_signed_off_by_presence(self):
if not TestPatch.newpatches:
self.skip("There are no new software patches, no reason to test %s presence" % PatchSignedOffBy.mark)
for newpatch in TestPatch.newpatches:
payload = newpatch.__str__()
for line in payload.splitlines():
if patchtest_patterns.patchmetadata_regex.match(line):
continue
if TestPatch.prog.search_string(payload):
break
else:
self.fail('A patch file has been added without a Signed-off-by tag: \'%s\'' % os.path.basename(newpatch.path))
def test_cve_tag_format(self):
for commit in TestPatch.commits:
if patchtest_patterns.cve.search_string(
commit.shortlog
) or patchtest_patterns.cve.search_string(commit.commit_message):
tag_found = False
for line in commit.payload.splitlines():
if patchtest_patterns.cve_payload_tag.search_string(line):
tag_found = True
break
if not tag_found:
self.fail('Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX"',
commit=commit)
|
