[Bf-blender-cvs] [a1471e5a679] tmp_libs_34: deps_builder: add triage for cve-bin-tool reports
Ray Molenkamp
noreply at git.blender.org
Tue Oct 18 18:15:15 CEST 2022
Commit: a1471e5a679d469f4c3c68b05a59dabe50d7358c
Author: Ray Molenkamp
Date: Tue Oct 18 10:15:08 2022 -0600
Branches: tmp_libs_34
https://developer.blender.org/rBa1471e5a679d469f4c3c68b05a59dabe50d7358c
deps_builder: add triage for cve-bin-tool reports
Add any CVE's we looked at into cve_check.csv.in with
their triage status, i did CVE-2009-2940 as an example.
The possible triage states are:
NewFound
Unexplored
Confirmed
Mitigated
Ignored
===================================================================
M build_files/build_environment/cmake/cve_check.cmake
M build_files/build_environment/cmake/cve_check.csv.in
===================================================================
diff --git a/build_files/build_environment/cmake/cve_check.cmake b/build_files/build_environment/cmake/cve_check.cmake
index dfb190bcffa..bd8f73a1e64 100644
--- a/build_files/build_environment/cmake/cve_check.cmake
+++ b/build_files/build_environment/cmake/cve_check.cmake
@@ -30,7 +30,7 @@ foreach (_variableName ${_variableNames})
list(GET CPE_LIST 3 CPE_VENDOR)
list(GET CPE_LIST 4 CPE_NAME)
list(GET CPE_LIST 5 CPE_VERSION)
- set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}\n")
+ set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION},,,\n")
endif()
endforeach()
configure_file(${CMAKE_SOURCE_DIR}/cmake/cve_check.csv.in ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv @ONLY)
diff --git a/build_files/build_environment/cmake/cve_check.csv.in b/build_files/build_environment/cmake/cve_check.csv.in
index 6e7e8db5609..bd7d8373c74 100644
--- a/build_files/build_environment/cmake/cve_check.csv.in
+++ b/build_files/build_environment/cmake/cve_check.csv.in
@@ -1,2 +1,3 @@
-vendor,product,version
+vendor,product,version,cve_number,remarks,comment
+python,python,3.10.8,CVE-2009-2940,Ignored,Does not apply to Blender we do not ship pygresql
@SBOMCONTENTS@
More information about the Bf-blender-cvs
mailing list