From d22c9fad09db9897602b8402101b7a47ce7f2cfc Mon Sep 17 00:00:00 2001 From: Michael Platings Date: Wed, 3 Jan 2024 15:17:54 +0000 Subject: [PATCH] Improve security of downloading Google Test Specifying the checksum of downloads is recommended to ensure their integrity. Also document the fact that third party sources are downloaded to facilitate the auditing of dependencies. --- SECURITY.md | 5 +++++ test/CMakeLists.txt | 2 ++ 2 files changed, 7 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 51db03f84..d5b3ca7dc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -11,3 +11,8 @@ It is not suitable for deployment or production use. This status will change prior to the project's initial release. Security bugs can be reported to arm-security@arm.com at any stage of the project's development. + +Scripts within this project may download and patch third party sources. +It is the responsibility of the users of such scripts to track such third party sources for security issues. +The third party sources that may be downloaded are: +* Google Test 1.12.1. diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index b60d2dba6..91e782999 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -21,9 +21,11 @@ set(INTRINSICCV_TEST_FRAMEWORK_SOURCES ) include(FetchContent) +# Please update SECURITY.md if adding, removing or changing the version of third party content. FetchContent_Declare( googletest URL https://github.com/google/googletest/archive/refs/tags/release-1.12.1.tar.gz + URL_HASH SHA256=81964fe578e9bd7c94dfdb09c8e4d6e6759e19967e397dbea48d1c10e45d0df2 # Disable death test feature otherwise tests may crash when run under emulation. PATCH_COMMAND cd && patch --strip=1 --input=${CMAKE_CURRENT_SOURCE_DIR}/patches/googletest.patch ) -- GitLab