diff options
| author | Ross Burton <ross@burtonini.com> | 2020-11-24 12:57:24 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-29 20:24:32 +0000 |
| commit | 22dea63874735f9cba8feb93409f85a0099ccaf9 (patch) | |
| tree | 2d50f3e81e6fa964a98ef0db986b697457f04918 | |
| parent | 3ecf5d9692fec97b37af6a4e6c747a4e2c2ca292 (diff) | |
| download | poky-22dea63874735f9cba8feb93409f85a0099ccaf9.tar.gz | |
cve-update-db-native: handle all-wildcard versions
If a CPE version field is just *:*:*:* it should be handled the same as
-:*:*:*, that is 'all versions'. To ease handling, transform this case
to use -.
(From OE-Core rev: 04a9bc4ca5294fe6834513669c7746a824d12b04)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index cf2b251e21..cf62e1e32c 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -172,7 +172,12 @@ def parse_node_and_insert(c, node, cveId): | |||
| 172 | op_end = '<' | 172 | op_end = '<' |
| 173 | v_end = cpe['versionEndExcluding'] | 173 | v_end = cpe['versionEndExcluding'] |
| 174 | 174 | ||
| 175 | yield [cveId, vendor, product, v_start, op_start, v_end, op_end] | 175 | if op_start or op_end or v_start or v_end: |
| 176 | yield [cveId, vendor, product, v_start, op_start, v_end, op_end] | ||
| 177 | else: | ||
| 178 | # This is no version information, expressed differently. | ||
| 179 | # Save processing by representing as -. | ||
| 180 | yield [cveId, vendor, product, '-', '', '', ''] | ||
| 176 | 181 | ||
| 177 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) | 182 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) |
| 178 | 183 | ||