From ebf1fda1840639382d1284a899a5d26ad7b6414a Mon Sep 17 00:00:00 2001 From: Joao Povoas Date: Jun 18 2025 16:15:08 +0000 Subject: Merge branch 'users/jpovoas/scripts/c-b-s-blacklist-change' into users/jpovoas/scripts/for-next --- diff --git a/scripts/cve_tools/check-branch-status b/scripts/cve_tools/check-branch-status index 1cc872a..f8a05b9 100755 --- a/scripts/cve_tools/check-branch-status +++ b/scripts/cve_tools/check-branch-status @@ -23,8 +23,20 @@ check_blacklisted() local branch="$1" local sha="$2" local cve="$3" - local blacklist_entry="$(get_blacklist_entry $branch $sha $cve)" - [ -n "$blacklist_entry" ] && echo -n "blacklisted " + local blacklist_entry="" + + if [ -n "$cve" ]; then + blacklist_entry="$(get_blacklist_entry $branch $sha $cve)" + if [ -n "$blacklist_entry" ] ; then + echo -n "cve_blacklisted " + return + fi + fi + blacklist_entry="$(get_blacklist_entry $branch $sha)" + if [ -n "$blacklist_entry" ]; then + # Add warning to output? + echo -n "sha_blacklisted " + fi } check_disabled() @@ -64,7 +76,7 @@ __check_applied_sha() local files= readarray -t files < <(sha2files "$sha") - echo -n "$sha $cve ${cvss:-CVSS_unknown} " + echo -n "$sha ${cve:-no_cve} ${cvss:-CVSS_unknown} " if sha_merged_in_upstream_tag $sha $base then echo "fix_in_base" @@ -121,15 +133,8 @@ __check_applied_sha() if check_disabled $branch && check_arch $branch then echo -n "fix_missing " - if [ -n "$cvss" ] - then - if cvss_affects_branch $branch $cvss - then - check_blacklisted $branch $sha "$cve" - else - echo -n "skipable " - fi - fi + cvss_affects_branch $branch $cvss || echo -n "cvss_uneligible " + check_blacklisted $branch $sha "$cve" fi fi @@ -165,14 +170,10 @@ check_applied_sha() fi fi - if [ -z "$cve" ] - then - echo "$1 doesn't resolve to CVE" >&2 - return + if [ -n "$cve" ]; then + cvss="$(cve2cvss $cve)" fi - cvss="$(cve2cvss $cve)" - for s in $sha do __check_applied_sha $s $base $branch $cve $cvss