summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-09-06 12:40:45 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-16 13:35:10 +0100
commitbc319fd044a7b53b3e726b333a55fb6b2a5f5425 (patch)
treec849f5750252e8319c52152efd309657b48d1c78
parent0d061fc545d09b5234b8a8fae73ce69a17fa1609 (diff)
downloadpoky-bc319fd044a7b53b3e726b333a55fb6b2a5f5425.tar.gz
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c) (From OE-Core rev: 4cee5c4bc74edde48fe19ec11c78f6c598cf08b6) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index db1d69a28e..e9a023e9bd 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
160 if not elt['impact']: 160 if not elt['impact']:
161 continue 161 continue
162 162
163 accessVector = None
163 cveId = elt['cve']['CVE_data_meta']['ID'] 164 cveId = elt['cve']['CVE_data_meta']['ID']
164 cveDesc = elt['cve']['description']['description_data'][0]['value'] 165 cveDesc = elt['cve']['description']['description_data'][0]['value']
165 date = elt['lastModifiedDate'] 166 date = elt['lastModifiedDate']
166 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
167 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
168
169 try: 167 try:
168 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
169 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
170 except KeyError:
171 cvssv2 = 0.0
172 try:
173 accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
170 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] 174 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
171 except: 175 except KeyError:
176 accessVector = accessVector or "UNKNOWN"
172 cvssv3 = 0.0 177 cvssv3 = 0.0
173 178
174 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 179 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",