summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/meta/cve-update-db-native.bb
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core/meta/cve-update-db-native.bb')
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb21
1 files changed, 18 insertions, 3 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index cf2b251e21..b073936298 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -138,14 +138,24 @@ def parse_node_and_insert(c, node, cveId):
138 for cpe in node.get('cpe_match', ()): 138 for cpe in node.get('cpe_match', ()):
139 if not cpe['vulnerable']: 139 if not cpe['vulnerable']:
140 return 140 return
141 cpe23 = cpe['cpe23Uri'].split(':') 141 cpe23 = cpe.get('cpe23Uri')
142 if not cpe23:
143 return
144 cpe23 = cpe23.split(':')
145 if len(cpe23) < 6:
146 return
142 vendor = cpe23[3] 147 vendor = cpe23[3]
143 product = cpe23[4] 148 product = cpe23[4]
144 version = cpe23[5] 149 version = cpe23[5]
145 150
151 if cpe23[6] == '*' or cpe23[6] == '-':
152 version_suffix = ""
153 else:
154 version_suffix = "_" + cpe23[6]
155
146 if version != '*' and version != '-': 156 if version != '*' and version != '-':
147 # Version is defined, this is a '=' match 157 # Version is defined, this is a '=' match
148 yield [cveId, vendor, product, version, '=', '', ''] 158 yield [cveId, vendor, product, version + version_suffix, '=', '', '']
149 elif version == '-': 159 elif version == '-':
150 # no version information is available 160 # no version information is available
151 yield [cveId, vendor, product, version, '', '', ''] 161 yield [cveId, vendor, product, version, '', '', '']
@@ -172,7 +182,12 @@ def parse_node_and_insert(c, node, cveId):
172 op_end = '<' 182 op_end = '<'
173 v_end = cpe['versionEndExcluding'] 183 v_end = cpe['versionEndExcluding']
174 184
175 yield [cveId, vendor, product, v_start, op_start, v_end, op_end] 185 if op_start or op_end or v_start or v_end:
186 yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
187 else:
188 # This is no version information, expressed differently.
189 # Save processing by representing as -.
190 yield [cveId, vendor, product, '-', '', '', '']
176 191
177 c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) 192 c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
178 193
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-06 02:33:53 +0000