From 41cf337f21a1471528b6a706a4df406b54556b8d Mon Sep 17 00:00:00 2001 From: Devaraj Ranganna Date: Tue, 24 Sep 2024 14:34:04 +0000 Subject: [PATCH] manifest: Add the `security-risk` attribute In addition to adding the `security-risk` attribute, update TPIP script to check if all the dependencies contains this attribute. Signed-off-by: Devaraj Ranganna --- manifest.yml | 26 ++++++++++++++++++++++ release_changes/202409241441.change.md | 1 + tools/scripts/check_listed_dependencies.py | 7 ++++++ 3 files changed, 34 insertions(+) create mode 100644 release_changes/202409241441.change.md diff --git a/manifest.yml b/manifest.yml index 03fde72..642f9f2 100644 --- a/manifest.yml +++ b/manifest.yml @@ -6,6 +6,7 @@ dependencies: - name: "FreeRTOS-Kernel" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "V11.1.0" repository: type: "git" @@ -14,6 +15,7 @@ dependencies: - name: "arm-corstone-platform-bsp" license: "Apache-2.0" tpip-category: "category-2" + security-risk: "low" version: "v0.3.0" repository: type: "git" @@ -22,6 +24,7 @@ dependencies: - name: "trusted-firmware-m" license: "BSD-3-Clause" tpip-category: "category-2" + security-risk: "high" version: "TF-Mv2.1.0" repository: type: "git" @@ -30,6 +33,7 @@ dependencies: - name: "mbedtls" license: "Apache-2.0" tpip-category: "category-2" + security-risk: "high" version: "v3.6.0" repository: type: "git" @@ -38,6 +42,7 @@ dependencies: - name: "IoT_Socket" license: "Apache-2.0" tpip-category: "category-2" + security-risk: "low" version: "1e15f55ae08c2169c0e4a59216e78a4906a66af8" repository: type: "git" @@ -46,6 +51,7 @@ dependencies: - name: "AVH" license: "Apache-2.0" tpip-category: "category-2" + security-risk: "low" version: "ab37f6126c94fee7bbd061f77716745dfbb77592" repository: type: "git" @@ -54,6 +60,7 @@ dependencies: - name: "freertos-pkcs11-psa" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "6caaf973920df9ae6823ef9be42f7e86aa91d168" repository: type: "git" @@ -62,6 +69,7 @@ dependencies: - name: "freertos-ota-pal-psa" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "08e6c6eeb978f28d873f9a12c58882b88f1b7235" repository: type: "git" @@ -70,6 +78,7 @@ dependencies: - name: "coreMQTT-Agent" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v1.2.0" repository: type: "git" @@ -78,6 +87,7 @@ dependencies: - name: "coreMQTT" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v2.1.1" repository: type: "git" @@ -86,6 +96,7 @@ dependencies: - name: "coreJSON" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v3.2.0" repository: type: "git" @@ -94,6 +105,7 @@ dependencies: - name: "corePKCS11" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v3.5.0" repository: type: "git" @@ -102,6 +114,7 @@ dependencies: - name: "coreSNTP" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v1.2.0" repository: type: "git" @@ -110,6 +123,7 @@ dependencies: - name: "backoffAlgorithm" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v1.3.0" repository: type: "git" @@ -118,6 +132,7 @@ dependencies: - name: "ota-for-aws-iot-embedded-sdk" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v3.4.0" repository: type: "git" @@ -126,6 +141,7 @@ dependencies: - name: "tinycbor" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "9924cfed3b95ad6de299ae675064430fdb886216" repository: type: "git" @@ -134,6 +150,7 @@ dependencies: - name: "toolchains" license: "Apache-2.0" tpip-category: "category-2" + security-risk: "low" version: "f77e1ba2bb830f6950a88c34849cf3df9af4ad32" repository: type: "git" @@ -142,6 +159,7 @@ dependencies: - name: "FreeRTOS-Libraries-Integration-Tests" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "202210.01" repository: type: "git" @@ -150,6 +168,7 @@ dependencies: - name: "Unity" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "v2.5.2" repository: type: "git" @@ -158,6 +177,7 @@ dependencies: - name: "FreeRTOS-Plus-TCP" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "ba4e25c350020abcb787a3a319fdf991bef70538" repository: type: "git" @@ -166,6 +186,7 @@ dependencies: - name: "ml-embedded-evaluation-kit" license: "Apache-2.0" tpip-category: "category-2" + security-risk: "low" version: "24.05" repository: type: "git" @@ -174,6 +195,7 @@ dependencies: - name: "speexdsp" license: "BSD-3-Clause" tpip-category: "category-2" + security-risk: "low" version: "738e17905e1ca2a1fa932ddd9c2a85d089f4e845" repository: type: "git" @@ -182,6 +204,7 @@ dependencies: - name: "isp_mali-c55" license: "BSD-3-Clause" tpip-category: "category-2" + security-risk: "low" version: "r0p0_1.0" repository: type: "git" @@ -190,6 +213,7 @@ dependencies: - name: "arm-2d" license: "Apache-2.0" tpip-category: "category-2" + security-risk: "low" version: "v1.1.5" repository: type: "git" @@ -198,6 +222,7 @@ dependencies: - name: "Fake Function Framework" license: "MIT" tpip-category: "category-2" + security-risk: "low" version: "5111c61e1ef7848e3afd3550044a8cf4405f4199" repository: type: "git" @@ -206,6 +231,7 @@ dependencies: - name: "GoogleTest" license: "BSD-3-Clause" tpip-category: "category-2" + security-risk: "low" version: "v1.15.2" repository: type: "git" diff --git a/release_changes/202409241441.change.md b/release_changes/202409241441.change.md new file mode 100644 index 0000000..68cae31 --- /dev/null +++ b/release_changes/202409241441.change.md @@ -0,0 +1 @@ +manifest: Add the `security-risk` attribute diff --git a/tools/scripts/check_listed_dependencies.py b/tools/scripts/check_listed_dependencies.py index 303222e..2c13a1a 100644 --- a/tools/scripts/check_listed_dependencies.py +++ b/tools/scripts/check_listed_dependencies.py @@ -19,6 +19,7 @@ def main(manifest_file: str) -> None: - a TPIP category attribute - a version attribute - a path attribute + - a security risk attribute Args: manifest_file (str): Path to the YAML manifest file. """ @@ -56,6 +57,12 @@ def check_the_manifest(manifest_data: Dict) -> bool: f" `tpip-category` attribute in the manifest file" ) manifest_has_all_attributes = False + if "security-risk" not in dependency: + print( + f"Dependency '{dependency['name']}' is missing" + f" `security-risk` attribute in the manifest file" + ) + manifest_has_all_attributes = False if "version" not in dependency: print( f"Dependency '{dependency['name']}' is missing"