mirror of
https://github.com/espressif/esp-idf-sbom.git
synced 2025-05-17 15:26:09 +08:00
b763986021
This introduces a new excluded_cves.yaml file. It's a straightforward YAML file where CVE IDs serve as keys and corresponding text as values. It includes a list of CVEs that should be excluded from the check report of unanalyzed CVEs in the NVD database when the --name option is applied. When a new unanalyzed CVE is reported, it should be assessed. If it is not related to ESP-IDF, it should be added to this list to prevent it from being reported again. This will help reduce false positive reports and ensure that potential real vulnerabilities from unanalyzed CVEs are not overlooked. A six-second wait was added between NVD requests as recommended by their Best Practices, and the request timeout was increased from 30 to 60 seconds. This should improve the failure rate of requests. Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
57 lines
1.5 KiB
YAML
57 lines
1.5 KiB
YAML
# See https://pre-commit.com for more information
|
|
# See https://pre-commit.com/hooks.html for more hooks
|
|
|
|
default_stages: [commit]
|
|
|
|
repos:
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.3.0
|
|
hooks:
|
|
- id: trailing-whitespace
|
|
- id: end-of-file-fixer
|
|
- id: check-executables-have-shebangs
|
|
- id: mixed-line-ending
|
|
args: ['-f=lf']
|
|
- id: double-quote-string-fixer
|
|
|
|
- repo: https://github.com/pycqa/flake8
|
|
rev: 5.0.4
|
|
hooks:
|
|
- id: flake8
|
|
args: ['--config=.flake8']
|
|
|
|
- repo: https://github.com/pycqa/isort
|
|
rev: 5.11.5
|
|
hooks:
|
|
- id: isort
|
|
name: isort (python)
|
|
|
|
- repo: https://github.com/pre-commit/mirrors-mypy
|
|
rev: 'v0.991' # Use the sha / tag you want to point at
|
|
hooks:
|
|
- id: mypy
|
|
additional_dependencies:
|
|
- 'types-PyYAML'
|
|
|
|
- repo: https://github.com/espressif/conventional-precommit-linter
|
|
rev: v1.4.0 # The version tag you wish to use
|
|
hooks:
|
|
- id: conventional-precommit-linter
|
|
stages: [commit-msg]
|
|
|
|
- repo: https://github.com/espressif/check-copyright/
|
|
rev: v1.0.3
|
|
hooks:
|
|
- id: check-copyright
|
|
args: ['--config', 'check_copyright_config.yaml']
|
|
|
|
- repo: local
|
|
hooks:
|
|
- id: validate-excluded-cves
|
|
name: Validate Excluded CVEs
|
|
entry: test/validate_excluded_cves.py
|
|
language: python
|
|
files: 'excluded_cves.yaml'
|
|
additional_dependencies:
|
|
- PyYAML
|