diff options
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 5c8b512c11..4b4ea7893e 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -297,7 +297,8 @@ def check_cves(d, patched_cves): | |||
297 | vendor = "%" | 297 | vendor = "%" |
298 | 298 | ||
299 | # Find all relevant CVE IDs. | 299 | # Find all relevant CVE IDs. |
300 | for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): | 300 | cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)) |
301 | for cverow in cve_cursor: | ||
301 | cve = cverow[0] | 302 | cve = cverow[0] |
302 | 303 | ||
303 | if cve in cve_ignore: | 304 | if cve in cve_ignore: |
@@ -316,7 +317,8 @@ def check_cves(d, patched_cves): | |||
316 | vulnerable = False | 317 | vulnerable = False |
317 | ignored = False | 318 | ignored = False |
318 | 319 | ||
319 | for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): | 320 | product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)) |
321 | for row in product_cursor: | ||
320 | (_, _, _, version_start, operator_start, version_end, operator_end) = row | 322 | (_, _, _, version_start, operator_start, version_end, operator_end) = row |
321 | #bb.debug(2, "Evaluating row " + str(row)) | 323 | #bb.debug(2, "Evaluating row " + str(row)) |
322 | if cve in cve_ignore: | 324 | if cve in cve_ignore: |
@@ -360,10 +362,12 @@ def check_cves(d, patched_cves): | |||
360 | bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) | 362 | bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) |
361 | cves_unpatched.append(cve) | 363 | cves_unpatched.append(cve) |
362 | break | 364 | break |
365 | product_cursor.close() | ||
363 | 366 | ||
364 | if not vulnerable: | 367 | if not vulnerable: |
365 | bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) | 368 | bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) |
366 | patched_cves.add(cve) | 369 | patched_cves.add(cve) |
370 | cve_cursor.close() | ||
367 | 371 | ||
368 | if not cves_in_product: | 372 | if not cves_in_product: |
369 | bb.note("No CVE records found for product %s, pn %s" % (product, pn)) | 373 | bb.note("No CVE records found for product %s, pn %s" % (product, pn)) |
@@ -388,14 +392,15 @@ def get_cve_info(d, cves): | |||
388 | conn = sqlite3.connect(db_file, uri=True) | 392 | conn = sqlite3.connect(db_file, uri=True) |
389 | 393 | ||
390 | for cve in cves: | 394 | for cve in cves: |
391 | for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): | 395 | cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)) |
396 | for row in cursor: | ||
392 | cve_data[row[0]] = {} | 397 | cve_data[row[0]] = {} |
393 | cve_data[row[0]]["summary"] = row[1] | 398 | cve_data[row[0]]["summary"] = row[1] |
394 | cve_data[row[0]]["scorev2"] = row[2] | 399 | cve_data[row[0]]["scorev2"] = row[2] |
395 | cve_data[row[0]]["scorev3"] = row[3] | 400 | cve_data[row[0]]["scorev3"] = row[3] |
396 | cve_data[row[0]]["modified"] = row[4] | 401 | cve_data[row[0]]["modified"] = row[4] |
397 | cve_data[row[0]]["vector"] = row[5] | 402 | cve_data[row[0]]["vector"] = row[5] |
398 | 403 | cursor.close() | |
399 | conn.close() | 404 | conn.close() |
400 | return cve_data | 405 | return cve_data |
401 | 406 | ||