diff options
Diffstat (limited to 'meta/recipes-core/meta/cve-update-db-native.bb')
-rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index cf2b251e21..b073936298 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
@@ -138,14 +138,24 @@ def parse_node_and_insert(c, node, cveId): | |||
138 | for cpe in node.get('cpe_match', ()): | 138 | for cpe in node.get('cpe_match', ()): |
139 | if not cpe['vulnerable']: | 139 | if not cpe['vulnerable']: |
140 | return | 140 | return |
141 | cpe23 = cpe['cpe23Uri'].split(':') | 141 | cpe23 = cpe.get('cpe23Uri') |
142 | if not cpe23: | ||
143 | return | ||
144 | cpe23 = cpe23.split(':') | ||
145 | if len(cpe23) < 6: | ||
146 | return | ||
142 | vendor = cpe23[3] | 147 | vendor = cpe23[3] |
143 | product = cpe23[4] | 148 | product = cpe23[4] |
144 | version = cpe23[5] | 149 | version = cpe23[5] |
145 | 150 | ||
151 | if cpe23[6] == '*' or cpe23[6] == '-': | ||
152 | version_suffix = "" | ||
153 | else: | ||
154 | version_suffix = "_" + cpe23[6] | ||
155 | |||
146 | if version != '*' and version != '-': | 156 | if version != '*' and version != '-': |
147 | # Version is defined, this is a '=' match | 157 | # Version is defined, this is a '=' match |
148 | yield [cveId, vendor, product, version, '=', '', ''] | 158 | yield [cveId, vendor, product, version + version_suffix, '=', '', ''] |
149 | elif version == '-': | 159 | elif version == '-': |
150 | # no version information is available | 160 | # no version information is available |
151 | yield [cveId, vendor, product, version, '', '', ''] | 161 | yield [cveId, vendor, product, version, '', '', ''] |
@@ -172,7 +182,12 @@ def parse_node_and_insert(c, node, cveId): | |||
172 | op_end = '<' | 182 | op_end = '<' |
173 | v_end = cpe['versionEndExcluding'] | 183 | v_end = cpe['versionEndExcluding'] |
174 | 184 | ||
175 | yield [cveId, vendor, product, v_start, op_start, v_end, op_end] | 185 | if op_start or op_end or v_start or v_end: |
186 | yield [cveId, vendor, product, v_start, op_start, v_end, op_end] | ||
187 | else: | ||
188 | # This is no version information, expressed differently. | ||
189 | # Save processing by representing as -. | ||
190 | yield [cveId, vendor, product, '-', '', '', ''] | ||
176 | 191 | ||
177 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) | 192 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) |
178 | 193 | ||