diff options
author | Konrad Weihmann <kweihmann@outlook.com> | 2020-09-06 12:40:45 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-09-08 10:20:21 +0100 |
commit | d908f4dfa0228de193cfc81184fe083ef3f925b5 (patch) | |
tree | 5d84ec00e20a098b02d05dafd9bc1a9b6c71a8cc /meta/recipes-core/meta/cve-update-db-native.bb | |
parent | b51c4fa46a3ee84e53ee4c2c9ad63496653f7335 (diff) | |
download | poky-warrior-next.tar.gz |
cve-update: handle baseMetricV2 as optionalwarrior-next
Currently in NVD DB an item popped up, which hasn't set baseMetricV2.
Let the parser handle it as an optional item.
In case use baseMetricV2 before baseMetricV3
(From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/meta/cve-update-db-native.bb')
-rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 1b4f31692b..c64dd768c8 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
@@ -160,15 +160,20 @@ def update_db(c, jsondata): | |||
160 | if not elt['impact']: | 160 | if not elt['impact']: |
161 | continue | 161 | continue |
162 | 162 | ||
163 | accessVector = None | ||
163 | cveId = elt['cve']['CVE_data_meta']['ID'] | 164 | cveId = elt['cve']['CVE_data_meta']['ID'] |
164 | cveDesc = elt['cve']['description']['description_data'][0]['value'] | 165 | cveDesc = elt['cve']['description']['description_data'][0]['value'] |
165 | date = elt['lastModifiedDate'] | 166 | date = elt['lastModifiedDate'] |
166 | accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] | ||
167 | cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] | ||
168 | |||
169 | try: | 167 | try: |
168 | accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] | ||
169 | cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] | ||
170 | except KeyError: | ||
171 | cvssv2 = 0.0 | ||
172 | try: | ||
173 | accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] | ||
170 | cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] | 174 | cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] |
171 | except: | 175 | except KeyError: |
176 | accessVector = accessVector or "UNKNOWN" | ||
172 | cvssv3 = 0.0 | 177 | cvssv3 = 0.0 |
173 | 178 | ||
174 | c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", | 179 | c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", |