summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-07-26 14:10:06 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-08-04 22:17:38 (GMT)
commitcb791c2755d238305707281c3b9b0c8c34022952 (patch)
treeeead1fafe4afe33a2a6377c403b85d879ec92e18
parentc65ad03f2bd06223dc833009724533dde38cddc5 (diff)
downloadpoky-cb791c2755d238305707281c3b9b0c8c34022952.tar.gz
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: e1c507da9fa5fd12dd42037d0476d94fe3aac730) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fdcbf3f28289188c5a97664d1421d4a5c4991eda) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index d69d79c..0577a5c 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -167,15 +167,20 @@ def update_db(c, jsondata):
167 if not elt['impact']: 167 if not elt['impact']:
168 continue 168 continue
169 169
170 accessVector = None
170 cveId = elt['cve']['CVE_data_meta']['ID'] 171 cveId = elt['cve']['CVE_data_meta']['ID']
171 cveDesc = elt['cve']['description']['description_data'][0]['value'] 172 cveDesc = elt['cve']['description']['description_data'][0]['value']
172 date = elt['lastModifiedDate'] 173 date = elt['lastModifiedDate']
173 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
174 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
175
176 try: 174 try:
175 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
176 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
177 except KeyError:
178 cvssv2 = 0.0
179 try:
180 accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
177 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] 181 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
178 except: 182 except KeyError:
183 accessVector = accessVector or "UNKNOWN"
179 cvssv3 = 0.0 184 cvssv3 = 0.0
180 185
181 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 186 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",