diff options
| author | Yoann Congal <yoann.congal@smile.fr> | 2024-03-15 01:20:20 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-03-15 07:36:14 +0000 |
| commit | 789b10030c6fd6f96cfeaae6760bc7bae7738073 (patch) | |
| tree | 2c380e455b8190942a138a6138b9a15c921fcf23 /meta/recipes-core | |
| parent | c698cf6723f344ddb1a755b4a2a0996aefa851f4 (diff) | |
| download | poky-789b10030c6fd6f96cfeaae6760bc7bae7738073.tar.gz | |
cve-update-nvd2-native: Remove rejected CVE from database
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
(From OE-Core rev: f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 4b8d01fe84..1901641965 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
| @@ -324,6 +324,10 @@ def update_db(conn, elt): | |||
| 324 | vectorString = None | 324 | vectorString = None |
| 325 | cveId = elt['cve']['id'] | 325 | cveId = elt['cve']['id'] |
| 326 | if elt['cve']['vulnStatus'] == "Rejected": | 326 | if elt['cve']['vulnStatus'] == "Rejected": |
| 327 | c = conn.cursor() | ||
| 328 | c.execute("delete from PRODUCTS where ID = ?;", [cveId]) | ||
| 329 | c.execute("delete from NVD where ID = ?;", [cveId]) | ||
| 330 | c.close() | ||
| 327 | return | 331 | return |
| 328 | cveDesc = "" | 332 | cveDesc = "" |
| 329 | for desc in elt['cve']['descriptions']: | 333 | for desc in elt['cve']['descriptions']: |