From df2a1f37f77d19e62a5fbdb462a9b24e104f0448 Mon Sep 17 00:00:00 2001 From: Konrad Weihmann Date: Thu, 22 Apr 2021 18:48:27 +0200 Subject: cve-update-db-native: skip on empty cpe23Uri Recently an entry in the NVD DB appeared that looks like that {'vulnerable': True, 'cpe_name': []}. As besides all the vulnerable flag no data is present we would get a KeyError exception on acccess. Use get method on dictionary and return if no meta data is present Also quit if the length of the array after splitting is less than 6 (From OE-Core rev: 00ce2796d97de2bc376b038d0ea7969088791d34) Signed-off-by: Konrad Weihmann Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'meta/recipes-core') diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 25ec6bac71..e5822cee58 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -139,7 +139,12 @@ def parse_node_and_insert(c, node, cveId): for cpe in node.get('cpe_match', ()): if not cpe['vulnerable']: return - cpe23 = cpe['cpe23Uri'].split(':') + cpe23 = cpe.get('cpe23Uri') + if not cpe23: + return + cpe23 = cpe23.split(':') + if len(cpe23) < 6: + return vendor = cpe23[3] product = cpe23[4] version = cpe23[5] -- cgit v1.2.3-54-g00ecf