summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/meta/cve-update-db.bb
Commit message (Collapse)AuthorAgeFilesLines
* cve-check: Depends on cve-update-db-nativePierre Le Magourou2019-07-091-143/+0
| | | | | | | | | do_populate_cve_db is a native task. (From OE-Core rev: 4078da92b49946848cddebe1735f301af161e162) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db: Catch request.urlopen errors.Pierre Le Magourou2019-07-051-9/+21
| | | | | | | | | | | If the NVD url is not accessible, print a warning on top of the CVE report, and continue. The database will not be fully updated, but cve_check can still run on the previous database. (From OE-Core rev: 0325dd72714f0b447558084f481b77f0ec850eed) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db: do_populate_cve_db depends on do_fetchPierre Le Magourou2019-06-281-8/+13
| | | | | | | | | | | | | | | To be able to populate NVD database on a fetchall (bitbake <image> --run-all=fetch), set the do_populate_cve_db task to be executed before do_fetch. Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE variable because do_populate_cve_db can be called in a context where cve-check class is not loaded. (From OE-Core rev: 975793e3825a2a9ca6dc0e43577f680214cb7993) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db: Manage proxy if needed.Pierre Le Magourou2019-06-271-2/+9
| | | | | | | | | | If https_proxy environment variable is defined, manage proxy to be able to download meta and json data feeds from https://nvd.nist.gov (From OE-Core rev: 09be21f4d1793b1e26e78391f51bfc0a27b76deb) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db: Use std library instead of urllib3Pierre Le Magourou2019-06-271-6/+4
| | | | | | | | | | | urllib3 was used in this recipe but it was not set as a dependency. As it is not specifically needed, rewrite the recipe with urllib from the standard library. (From OE-Core rev: c0eabd30d7b9c2517f4ec9229640be421ecc8a5e) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db: New recipe to update CVE databasePierre Le Magourou2019-06-201-0/+121
cve-check-tool-native do_populate_cve_db task was using deprecated NVD xml data feeds, cve-update-db uses NVD json data feeds. Sqlite database schema was updated to take into account CVSSv3 CVE scores and operator in affected product versions. A new META table was added to store the last modification date of the NVD json data feeds. (From OE-Core rev: 546d14135c50c6a571dfbf3baf6e9b22ce3d58e0) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-06 21:19:27 +0000