summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-09-06 10:40:45 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-16 12:35:10 (GMT)
commitbc319fd044a7b53b3e726b333a55fb6b2a5f5425 (patch)
treec849f5750252e8319c52152efd309657b48d1c78
parent0d061fc545d09b5234b8a8fae73ce69a17fa1609 (diff)
downloadpoky-bc319fd044a7b53b3e726b333a55fb6b2a5f5425.tar.gz
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c) (From OE-Core rev: 4cee5c4bc74edde48fe19ec11c78f6c598cf08b6) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index db1d69a..e9a023e 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
160 if not elt['impact']: 160 if not elt['impact']:
161 continue 161 continue
162 162
163 accessVector = None
163 cveId = elt['cve']['CVE_data_meta']['ID'] 164 cveId = elt['cve']['CVE_data_meta']['ID']
164 cveDesc = elt['cve']['description']['description_data'][0]['value'] 165 cveDesc = elt['cve']['description']['description_data'][0]['value']
165 date = elt['lastModifiedDate'] 166 date = elt['lastModifiedDate']
166 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
167 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
168
169 try: 167 try:
168 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
169 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
170 except KeyError:
171 cvssv2 = 0.0
172 try:
173 accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
170 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] 174 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
171 except: 175 except KeyError:
176 accessVector = accessVector or "UNKNOWN"
172 cvssv3 = 0.0 177 cvssv3 = 0.0
173 178
174 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 179 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",