diff options
| author | Konrad Weihmann <kweihmann@outlook.com> | 2020-07-26 16:10:06 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-07-27 10:37:58 +0100 |
| commit | bbefe04a622e166d95093d5127c316de91b27d20 (patch) | |
| tree | 43513946586806bedaefc2c1a4cbb942481a2b57 /meta | |
| parent | 32f23b7467174e0317d9cc1e2fd64624b74cca76 (diff) | |
| download | poky-bbefe04a622e166d95093d5127c316de91b27d20.tar.gz | |
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2.
Let the parser handle it as an optional item.
In case use baseMetricV2 before baseMetricV3
(From OE-Core rev: fdcbf3f28289188c5a97664d1421d4a5c4991eda)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index f27ade40db..32d6dbdffc 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -176,15 +176,20 @@ def update_db(c, jsondata): | |||
| 176 | if not elt['impact']: | 176 | if not elt['impact']: |
| 177 | continue | 177 | continue |
| 178 | 178 | ||
| 179 | accessVector = None | ||
| 179 | cveId = elt['cve']['CVE_data_meta']['ID'] | 180 | cveId = elt['cve']['CVE_data_meta']['ID'] |
| 180 | cveDesc = elt['cve']['description']['description_data'][0]['value'] | 181 | cveDesc = elt['cve']['description']['description_data'][0]['value'] |
| 181 | date = elt['lastModifiedDate'] | 182 | date = elt['lastModifiedDate'] |
| 182 | accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] | ||
| 183 | cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] | ||
| 184 | |||
| 185 | try: | 183 | try: |
| 184 | accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] | ||
| 185 | cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] | ||
| 186 | except KeyError: | ||
| 187 | cvssv2 = 0.0 | ||
| 188 | try: | ||
| 189 | accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] | ||
| 186 | cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] | 190 | cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] |
| 187 | except: | 191 | except KeyError: |
| 192 | accessVector = accessVector or "UNKNOWN" | ||
| 188 | cvssv3 = 0.0 | 193 | cvssv3 = 0.0 |
| 189 | 194 | ||
| 190 | c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", | 195 | c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", |