diff options
| author | Marta Rybczynska <rybczynska@gmail.com> | 2025-02-13 06:57:51 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-02-18 11:56:04 +0000 |
| commit | 7a3904c6a730272841941a20531aa1616cc608c5 (patch) | |
| tree | fbd2bfef5967504caa500f0c0110346b5ef9ebe4 | |
| parent | ae7097e4c1cf7093bd769158cfcd1f947410743f (diff) | |
| download | poky-7a3904c6a730272841941a20531aa1616cc608c5.tar.gz | |
cve-update-db-native: update structure
Update the database structure and tasks to fit the current YP master.
This means:
- add the unpack task
- update the database structure (CVSS, vector string)
- use the temporary database in the same directory as the download
However, the old feed does not include CVSS4
(From OE-Core rev: dd249921a5d6b8e472242b57415de3f210dc81f1)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index e042e67b09..3a9d43943c 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -5,7 +5,6 @@ INHIBIT_DEFAULT_DEPS = "1" | |||
| 5 | 5 | ||
| 6 | inherit native | 6 | inherit native |
| 7 | 7 | ||
| 8 | deltask do_unpack | ||
| 9 | deltask do_patch | 8 | deltask do_patch |
| 10 | deltask do_configure | 9 | deltask do_configure |
| 11 | deltask do_compile | 10 | deltask do_compile |
| @@ -21,7 +20,10 @@ CVE_DB_UPDATE_INTERVAL ?= "86400" | |||
| 21 | # Timeout for blocking socket operations, such as the connection attempt. | 20 | # Timeout for blocking socket operations, such as the connection attempt. |
| 22 | CVE_SOCKET_TIMEOUT ?= "60" | 21 | CVE_SOCKET_TIMEOUT ?= "60" |
| 23 | 22 | ||
| 24 | CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db" | 23 | CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK2/${CVE_CHECK_DB_FILENAME}" |
| 24 | CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock" | ||
| 25 | |||
| 26 | CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DLDIR_FILE}.tmp" | ||
| 25 | 27 | ||
| 26 | python () { | 28 | python () { |
| 27 | if not bb.data.inherits_class("cve-check", d): | 29 | if not bb.data.inherits_class("cve-check", d): |
| @@ -38,7 +40,7 @@ python do_fetch() { | |||
| 38 | 40 | ||
| 39 | bb.utils.export_proxies(d) | 41 | bb.utils.export_proxies(d) |
| 40 | 42 | ||
| 41 | db_file = d.getVar("CVE_CHECK_DB_FILE") | 43 | db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE") |
| 42 | db_dir = os.path.dirname(db_file) | 44 | db_dir = os.path.dirname(db_file) |
| 43 | db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") | 45 | db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") |
| 44 | 46 | ||
| @@ -72,10 +74,16 @@ python do_fetch() { | |||
| 72 | os.remove(db_tmp_file) | 74 | os.remove(db_tmp_file) |
| 73 | } | 75 | } |
| 74 | 76 | ||
| 75 | do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" | 77 | do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}" |
| 76 | do_fetch[file-checksums] = "" | 78 | do_fetch[file-checksums] = "" |
| 77 | do_fetch[vardeps] = "" | 79 | do_fetch[vardeps] = "" |
| 78 | 80 | ||
| 81 | python do_unpack() { | ||
| 82 | import shutil | ||
| 83 | shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE")) | ||
| 84 | } | ||
| 85 | do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}" | ||
| 86 | |||
| 79 | def cleanup_db_download(db_file, db_tmp_file): | 87 | def cleanup_db_download(db_file, db_tmp_file): |
| 80 | """ | 88 | """ |
| 81 | Cleanup the download space from possible failed downloads | 89 | Cleanup the download space from possible failed downloads |
| @@ -183,7 +191,7 @@ def initialize_db(conn): | |||
| 183 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | 191 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") |
| 184 | 192 | ||
| 185 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ | 193 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ |
| 186 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") | 194 | SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") |
| 187 | 195 | ||
| 188 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ | 196 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ |
| 189 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ | 197 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ |
| @@ -263,23 +271,29 @@ def update_db(conn, jsondata): | |||
| 263 | continue | 271 | continue |
| 264 | 272 | ||
| 265 | accessVector = None | 273 | accessVector = None |
| 274 | vectorString = None | ||
| 275 | cvssv2 = 0.0 | ||
| 276 | cvssv3 = 0.0 | ||
| 277 | cvssv4 = 0.0 | ||
| 266 | cveId = elt['cve']['CVE_data_meta']['ID'] | 278 | cveId = elt['cve']['CVE_data_meta']['ID'] |
| 267 | cveDesc = elt['cve']['description']['description_data'][0]['value'] | 279 | cveDesc = elt['cve']['description']['description_data'][0]['value'] |
| 268 | date = elt['lastModifiedDate'] | 280 | date = elt['lastModifiedDate'] |
| 269 | try: | 281 | try: |
| 270 | accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] | 282 | accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] |
| 283 | vectorString = elt['impact']['baseMetricV2']['cvssV2']['vectorString'] | ||
| 271 | cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] | 284 | cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] |
| 272 | except KeyError: | 285 | except KeyError: |
| 273 | cvssv2 = 0.0 | 286 | cvssv2 = 0.0 |
| 274 | try: | 287 | try: |
| 275 | accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] | 288 | accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] |
| 289 | vectorString = vectorString or elt['impact']['baseMetricV3']['cvssV3']['vectorString'] | ||
| 276 | cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] | 290 | cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] |
| 277 | except KeyError: | 291 | except KeyError: |
| 278 | accessVector = accessVector or "UNKNOWN" | 292 | accessVector = accessVector or "UNKNOWN" |
| 279 | cvssv3 = 0.0 | 293 | cvssv3 = 0.0 |
| 280 | 294 | ||
| 281 | conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", | 295 | conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)", |
| 282 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() | 296 | [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close() |
| 283 | 297 | ||
| 284 | configurations = elt['configurations']['nodes'] | 298 | configurations = elt['configurations']['nodes'] |
| 285 | for config in configurations: | 299 | for config in configurations: |