summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-09-06 10:40:45 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-16 12:34:54 (GMT)
commitba9853a96baa1e14193105bafae9d5de04ec9494 (patch)
tree76c549bef12234d09fc43b590c3d9239af58a639
parent540b1140a40a229965fcdcb6192eae46de5e31dd (diff)
downloadpoky-ba9853a96baa1e14193105bafae9d5de04ec9494.tar.gz
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 1b4f316..c64dd76 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
160 if not elt['impact']: 160 if not elt['impact']:
161 continue 161 continue
162 162
163 accessVector = None
163 cveId = elt['cve']['CVE_data_meta']['ID'] 164 cveId = elt['cve']['CVE_data_meta']['ID']
164 cveDesc = elt['cve']['description']['description_data'][0]['value'] 165 cveDesc = elt['cve']['description']['description_data'][0]['value']
165 date = elt['lastModifiedDate'] 166 date = elt['lastModifiedDate']
166 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
167 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
168
169 try: 167 try:
168 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
169 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
170 except KeyError:
171 cvssv2 = 0.0
172 try:
173 accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
170 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] 174 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
171 except: 175 except KeyError:
176 accessVector = accessVector or "UNKNOWN"
172 cvssv3 = 0.0 177 cvssv3 = 0.0
173 178
174 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 179 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",