diff options
| author | Antoine Lubineau <antoine.lubineau@easymile.com> | 2023-09-21 10:23:52 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-28 12:37:46 +0100 |
| commit | 8e680771d29230a0be432546c8b6c4efa8787728 (patch) | |
| tree | 9d93579d811a8c067a3a6a1602749218cbf72aed /meta/classes | |
| parent | 77d5805fd46e146d52096cd5073310aa19335829 (diff) | |
| download | poky-8e680771d29230a0be432546c8b6c4efa8787728.tar.gz | |
cve-check: add CVSS vector string to CVE database and reports
This allows building detailed vulnerability analysis tools without
relying on external resources.
(From OE-Core rev: 048ff0ad927f4d37cc5547ebeba9e0c221687ea6)
Signed-off-by: Antoine Lubineau <antoine.lubineau@easymile.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 55ae298024..b55f4299da 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}" | |||
| 32 | CVE_VERSION ??= "${PV}" | 32 | CVE_VERSION ??= "${PV}" |
| 33 | 33 | ||
| 34 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" | 34 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" |
| 35 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" | 35 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db" |
| 36 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" | 36 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" |
| 37 | 37 | ||
| 38 | CVE_CHECK_LOG ?= "${T}/cve.log" | 38 | CVE_CHECK_LOG ?= "${T}/cve.log" |
| @@ -442,6 +442,7 @@ def get_cve_info(d, cves): | |||
| 442 | cve_data[row[0]]["scorev3"] = row[3] | 442 | cve_data[row[0]]["scorev3"] = row[3] |
| 443 | cve_data[row[0]]["modified"] = row[4] | 443 | cve_data[row[0]]["modified"] = row[4] |
| 444 | cve_data[row[0]]["vector"] = row[5] | 444 | cve_data[row[0]]["vector"] = row[5] |
| 445 | cve_data[row[0]]["vectorString"] = row[6] | ||
| 445 | cursor.close() | 446 | cursor.close() |
| 446 | conn.close() | 447 | conn.close() |
| 447 | return cve_data | 448 | return cve_data |
| @@ -507,6 +508,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): | |||
| 507 | write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] | 508 | write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] |
| 508 | write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] | 509 | write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] |
| 509 | write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] | 510 | write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] |
| 511 | write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"] | ||
| 510 | write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) | 512 | write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) |
| 511 | 513 | ||
| 512 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": | 514 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": |
| @@ -623,6 +625,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): | |||
| 623 | "scorev2" : cve_data[cve]["scorev2"], | 625 | "scorev2" : cve_data[cve]["scorev2"], |
| 624 | "scorev3" : cve_data[cve]["scorev3"], | 626 | "scorev3" : cve_data[cve]["scorev3"], |
| 625 | "vector" : cve_data[cve]["vector"], | 627 | "vector" : cve_data[cve]["vector"], |
| 628 | "vectorString" : cve_data[cve]["vectorString"], | ||
| 626 | "status" : status, | 629 | "status" : status, |
| 627 | "link": issue_link | 630 | "link": issue_link |
| 628 | } | 631 | } |