summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb85
1 files changed, 32 insertions, 53 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 9470cbe4a8..a5d8e3210c 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -97,70 +97,49 @@ def initialize_db(c):
97 VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ 97 VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
98 VERSION_END TEXT, OPERATOR_END TEXT)") 98 VERSION_END TEXT, OPERATOR_END TEXT)")
99 99
100def insert_elt(c, db_values):
101 query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
102 c.execute(query, db_values)
103
104def parse_node_and_insert(c, node, cveId): 100def parse_node_and_insert(c, node, cveId):
105 # Parse children node if needed 101 # Parse children node if needed
106 try: 102 for child in node.get('children', ()):
107 for child in node['children']: 103 parse_node_and_insert(c, child, cveId)
108 parse_node_and_insert(c, child, cveId) 104
109 except: 105 def cpe_generator():
110 pass 106 for cpe in node.get('cpe_match', ()):
111 107 if not cpe['vulnerable']:
112 # Exit if the cpe_match node does not exists 108 return
113 try: 109 cpe23 = cpe['cpe23Uri'].split(':')
114 cpe_match = node['cpe_match'] 110 vendor = cpe23[3]
115 except: 111 product = cpe23[4]
116 return 112 version = cpe23[5]
117 113
118 for cpe in cpe_match: 114 if version != '*':
119 if not cpe['vulnerable']: 115 # Version is defined, this is a '=' match
120 return 116 yield [cveId, vendor, product, version, '=', '', '']
121 cpe23 = cpe['cpe23Uri'].split(':') 117 else:
122 vendor = cpe23[3] 118 # Parse start version, end version and operators
123 product = cpe23[4] 119 op_start = ''
124 version = cpe23[5] 120 op_end = ''
125 121 v_start = ''
126 if version != '*': 122 v_end = ''
127 # Version is defined, this is a '=' match 123
128 db_values = [cveId, vendor, product, version, '=', '', ''] 124 if 'versionStartIncluding' in cpe:
129 insert_elt(c, db_values)
130 else:
131 # Parse start version, end version and operators
132 op_start = ''
133 op_end = ''
134 v_start = ''
135 v_end = ''
136
137 try:
138 if cpe['versionStartIncluding']:
139 op_start = '>=' 125 op_start = '>='
140 v_start = cpe['versionStartIncluding'] 126 v_start = cpe['versionStartIncluding']
141 except: 127
142 pass 128 if 'versionStartExcluding' in cpe:
143 try:
144 if cpe['versionStartExcluding']:
145 op_start = '>' 129 op_start = '>'
146 v_start = cpe['versionStartExcluding'] 130 v_start = cpe['versionStartExcluding']
147 except: 131
148 pass 132 if 'versionEndIncluding' in cpe:
149 try:
150 if cpe['versionEndIncluding']:
151 op_end = '<=' 133 op_end = '<='
152 v_end = cpe['versionEndIncluding'] 134 v_end = cpe['versionEndIncluding']
153 except: 135
154 pass 136 if 'versionEndExcluding' in cpe:
155 try:
156 if cpe['versionEndExcluding']:
157 op_end = '<' 137 op_end = '<'
158 v_end = cpe['versionEndExcluding'] 138 v_end = cpe['versionEndExcluding']
159 except:
160 pass
161 139
162 db_values = [cveId, vendor, product, v_start, op_start, v_end, op_end] 140 yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
163 insert_elt(c, db_values) 141
142 c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
164 143
165def update_db(c, json_filename): 144def update_db(c, json_filename):
166 import json 145 import json
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 21:02:08 +0000