diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/cve-check.bbclass | 12 | ||||
-rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 21 |
2 files changed, 13 insertions, 20 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 512d4c7302..c00d2910be 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" | |||
26 | CVE_VERSION ??= "${PV}" | 26 | CVE_VERSION ??= "${PV}" |
27 | 27 | ||
28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" | 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" |
29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db" | 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" |
30 | 30 | ||
31 | CVE_CHECK_LOG ?= "${T}/cve.log" | 31 | CVE_CHECK_LOG ?= "${T}/cve.log" |
32 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" | 32 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" |
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves): | |||
200 | c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) | 200 | c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) |
201 | 201 | ||
202 | for row in c: | 202 | for row in c: |
203 | cve = row[1] | 203 | cve = row[0] |
204 | version_start = row[4] | 204 | version_start = row[3] |
205 | operator_start = row[5] | 205 | operator_start = row[4] |
206 | version_end = row[6] | 206 | version_end = row[5] |
207 | operator_end = row[7] | 207 | operator_end = row[6] |
208 | 208 | ||
209 | if cve in cve_whitelist: | 209 | if cve in cve_whitelist: |
210 | bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) | 210 | bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) |
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index cd270443b1..af2946b5f8 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
@@ -25,7 +25,7 @@ python do_populate_cve_db() { | |||
25 | YEAR_START = 2002 | 25 | YEAR_START = 2002 |
26 | 26 | ||
27 | db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' | 27 | db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' |
28 | db_file = db_dir + '/nvdcve.db' | 28 | db_file = db_dir + '/nvdcve_1.0.db' |
29 | json_tmpfile = db_dir + '/nvd.json.gz' | 29 | json_tmpfile = db_dir + '/nvd.json.gz' |
30 | proxy = d.getVar("https_proxy") | 30 | proxy = d.getVar("https_proxy") |
31 | cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a') | 31 | cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a') |
@@ -60,6 +60,10 @@ python do_populate_cve_db() { | |||
60 | c.execute("select DATE from META where YEAR = ?", (year,)) | 60 | c.execute("select DATE from META where YEAR = ?", (year,)) |
61 | meta = c.fetchone() | 61 | meta = c.fetchone() |
62 | if not meta or meta[0] != last_modified: | 62 | if not meta or meta[0] != last_modified: |
63 | # Clear products table entries corresponding to current year | ||
64 | cve_year = 'CVE-' + str(year) + '%' | ||
65 | c.execute("delete from PRODUCTS where ID like ?", (cve_year,)) | ||
66 | |||
63 | # Update db with current year json file | 67 | # Update db with current year json file |
64 | req = urllib.request.Request(json_url) | 68 | req = urllib.request.Request(json_url) |
65 | if proxy: | 69 | if proxy: |
@@ -86,27 +90,16 @@ python do_populate_cve_db() { | |||
86 | conn.close() | 90 | conn.close() |
87 | } | 91 | } |
88 | 92 | ||
89 | # DJB2 hash algorithm | ||
90 | def hash_djb2(s): | ||
91 | hash = 5381 | ||
92 | for x in s: | ||
93 | hash = (( hash << 5) + hash) + ord(x) | ||
94 | |||
95 | return hash & 0xFFFFFFFF | ||
96 | |||
97 | def initialize_db(c): | 93 | def initialize_db(c): |
98 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | 94 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") |
99 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ | 95 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ |
100 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") | 96 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") |
101 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \ | 97 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ |
102 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ | 98 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ |
103 | VERSION_END TEXT, OPERATOR_END TEXT)") | 99 | VERSION_END TEXT, OPERATOR_END TEXT)") |
104 | 100 | ||
105 | def insert_elt(c, db_values): | 101 | def insert_elt(c, db_values): |
106 | product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3] | 102 | query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)" |
107 | hashstr = hash_djb2(product_str) | ||
108 | db_values.insert(0, hashstr) | ||
109 | query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)" | ||
110 | c.execute(query, db_values) | 103 | c.execute(query, db_values) |
111 | 104 | ||
112 | def parse_node_and_insert(c, node, cveId): | 105 | def parse_node_and_insert(c, node, cveId): |