diff options
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/cve-check.bbclass | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c0d4e2a972..4fc4e545e4 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -290,7 +290,8 @@ def check_cves(d, patched_cves): | |||
290 | vendor = "%" | 290 | vendor = "%" |
291 | 291 | ||
292 | # Find all relevant CVE IDs. | 292 | # Find all relevant CVE IDs. |
293 | for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): | 293 | cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)) |
294 | for cverow in cve_cursor: | ||
294 | cve = cverow[0] | 295 | cve = cverow[0] |
295 | 296 | ||
296 | if cve in cve_whitelist: | 297 | if cve in cve_whitelist: |
@@ -309,7 +310,8 @@ def check_cves(d, patched_cves): | |||
309 | vulnerable = False | 310 | vulnerable = False |
310 | ignored = False | 311 | ignored = False |
311 | 312 | ||
312 | for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): | 313 | product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)) |
314 | for row in product_cursor: | ||
313 | (_, _, _, version_start, operator_start, version_end, operator_end) = row | 315 | (_, _, _, version_start, operator_start, version_end, operator_end) = row |
314 | #bb.debug(2, "Evaluating row " + str(row)) | 316 | #bb.debug(2, "Evaluating row " + str(row)) |
315 | if cve in cve_whitelist: | 317 | if cve in cve_whitelist: |
@@ -353,10 +355,12 @@ def check_cves(d, patched_cves): | |||
353 | bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) | 355 | bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) |
354 | cves_unpatched.append(cve) | 356 | cves_unpatched.append(cve) |
355 | break | 357 | break |
358 | product_cursor.close() | ||
356 | 359 | ||
357 | if not vulnerable: | 360 | if not vulnerable: |
358 | bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) | 361 | bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) |
359 | patched_cves.add(cve) | 362 | patched_cves.add(cve) |
363 | cve_cursor.close() | ||
360 | 364 | ||
361 | if not cves_in_product: | 365 | if not cves_in_product: |
362 | bb.note("No CVE records found for product %s, pn %s" % (product, pn)) | 366 | bb.note("No CVE records found for product %s, pn %s" % (product, pn)) |
@@ -378,14 +382,15 @@ def get_cve_info(d, cves): | |||
378 | conn = sqlite3.connect(db_file, uri=True) | 382 | conn = sqlite3.connect(db_file, uri=True) |
379 | 383 | ||
380 | for cve in cves: | 384 | for cve in cves: |
381 | for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): | 385 | cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)) |
386 | for row in cursor: | ||
382 | cve_data[row[0]] = {} | 387 | cve_data[row[0]] = {} |
383 | cve_data[row[0]]["summary"] = row[1] | 388 | cve_data[row[0]]["summary"] = row[1] |
384 | cve_data[row[0]]["scorev2"] = row[2] | 389 | cve_data[row[0]]["scorev2"] = row[2] |
385 | cve_data[row[0]]["scorev3"] = row[3] | 390 | cve_data[row[0]]["scorev3"] = row[3] |
386 | cve_data[row[0]]["modified"] = row[4] | 391 | cve_data[row[0]]["modified"] = row[4] |
387 | cve_data[row[0]]["vector"] = row[5] | 392 | cve_data[row[0]]["vector"] = row[5] |
388 | 393 | cursor.close() | |
389 | conn.close() | 394 | conn.close() |
390 | return cve_data | 395 | return cve_data |
391 | 396 | ||