[Bf-blender-cvs] [a1471e5a679] tmp_libs_34: deps_builder: add triage for cve-bin-tool reports

[Ray Molenkamp]

Commit: a1471e5a679d469f4c3c68b05a59dabe50d7358c
Author: Ray Molenkamp
Date:   Tue Oct 18 10:15:08 2022 -0600
Branches: tmp_libs_34
https://developer.blender.org/rBa1471e5a679d469f4c3c68b05a59dabe50d7358c

deps_builder: add triage for cve-bin-tool reports

Add any CVE's we looked at into cve_check.csv.in with
their triage status, i did CVE-2009-2940 as an example.
The possible triage states are:

NewFound
Unexplored
Confirmed
Mitigated
Ignored

===================================================================

M	build_files/build_environment/cmake/cve_check.cmake
M	build_files/build_environment/cmake/cve_check.csv.in

===================================================================

diff --git a/build_files/build_environment/cmake/cve_check.cmake b/build_files/build_environment/cmake/cve_check.cmake
index dfb190bcffa..bd8f73a1e64 100644
--- a/build_files/build_environment/cmake/cve_check.cmake
+++ b/build_files/build_environment/cmake/cve_check.cmake
@@ -30,7 +30,7 @@ foreach (_variableName ${_variableNames})
       list(GET CPE_LIST 3 CPE_VENDOR)
       list(GET CPE_LIST 4 CPE_NAME)
       list(GET CPE_LIST 5 CPE_VERSION)
-      set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}\n")
+      set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION},,,\n")
   endif()
 endforeach()
 configure_file(${CMAKE_SOURCE_DIR}/cmake/cve_check.csv.in ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv @ONLY)
diff --git a/build_files/build_environment/cmake/cve_check.csv.in b/build_files/build_environment/cmake/cve_check.csv.in
index 6e7e8db5609..bd7d8373c74 100644
--- a/build_files/build_environment/cmake/cve_check.csv.in
+++ b/build_files/build_environment/cmake/cve_check.csv.in
@@ -1,2 +1,3 @@
-vendor,product,version
+vendor,product,version,cve_number,remarks,comment
+python,python,3.10.8,CVE-2009-2940,Ignored,Does not apply to Blender we do not ship pygresql 
 @SBOMCONTENTS@