From c25965e378d8fb2eef806bd19f8662c7511c6ffa Mon Sep 17 00:00:00 2001 From: Konrad Weihmann Date: Sun, 26 Jul 2020 16:10:06 +0200 Subject: cve-update: handle baseMetricV2 as optional Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: 135a6a4f55aed6148f45d01b307fadbd45be2997) Signed-off-by: Konrad Weihmann Signed-off-by: Richard Purdie (cherry picked from commit fdcbf3f28289188c5a97664d1421d4a5c4991eda) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'meta/recipes-core') diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index f27ade40db..32d6dbdffc 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -176,15 +176,20 @@ def update_db(c, jsondata): if not elt['impact']: continue + accessVector = None cveId = elt['cve']['CVE_data_meta']['ID'] cveDesc = elt['cve']['description']['description_data'][0]['value'] date = elt['lastModifiedDate'] - accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] - cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] - try: + accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] + cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] + except KeyError: + cvssv2 = 0.0 + try: + accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] - except: + except KeyError: + accessVector = accessVector or "UNKNOWN" cvssv3 = 0.0 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", -- cgit v1.2.3-54-g00ecf