summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-09-06 12:40:45 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-08 10:20:21 +0100
commitd908f4dfa0228de193cfc81184fe083ef3f925b5 (patch)
tree5d84ec00e20a098b02d05dafd9bc1a9b6c71a8cc
parentb51c4fa46a3ee84e53ee4c2c9ad63496653f7335 (diff)
downloadpoky-warrior-next.tar.gz
cve-update: handle baseMetricV2 as optionalwarrior-next
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 1b4f31692b..c64dd768c8 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
160 if not elt['impact']: 160 if not elt['impact']:
161 continue 161 continue
162 162
163 accessVector = None
163 cveId = elt['cve']['CVE_data_meta']['ID'] 164 cveId = elt['cve']['CVE_data_meta']['ID']
164 cveDesc = elt['cve']['description']['description_data'][0]['value'] 165 cveDesc = elt['cve']['description']['description_data'][0]['value']
165 date = elt['lastModifiedDate'] 166 date = elt['lastModifiedDate']
166 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
167 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
168
169 try: 167 try:
168 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
169 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
170 except KeyError:
171 cvssv2 = 0.0
172 try:
173 accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
170 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] 174 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
171 except: 175 except KeyError:
176 accessVector = accessVector or "UNKNOWN"
172 cvssv3 = 0.0 177 cvssv3 = 0.0
173 178
174 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 179 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",