summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-09-06 12:40:45 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-16 13:34:54 +0100
commitba9853a96baa1e14193105bafae9d5de04ec9494 (patch)
tree76c549bef12234d09fc43b590c3d9239af58a639 /meta
parent540b1140a40a229965fcdcb6192eae46de5e31dd (diff)
downloadpoky-ba9853a96baa1e14193105bafae9d5de04ec9494.tar.gz
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 1b4f31692b..c64dd768c8 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
160 if not elt['impact']: 160 if not elt['impact']:
161 continue 161 continue
162 162
163 accessVector = None
163 cveId = elt['cve']['CVE_data_meta']['ID'] 164 cveId = elt['cve']['CVE_data_meta']['ID']
164 cveDesc = elt['cve']['description']['description_data'][0]['value'] 165 cveDesc = elt['cve']['description']['description_data'][0]['value']
165 date = elt['lastModifiedDate'] 166 date = elt['lastModifiedDate']
166 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
167 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
168
169 try: 167 try:
168 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
169 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
170 except KeyError:
171 cvssv2 = 0.0
172 try:
173 accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
170 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] 174 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
171 except: 175 except KeyError:
176 accessVector = accessVector or "UNKNOWN"
172 cvssv3 = 0.0 177 cvssv3 = 0.0
173 178
174 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 179 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",