summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/classes/cve-check.bbclass18
1 files changed, 5 insertions, 13 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index c1cbdbd..e95716d 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -261,23 +261,15 @@ def check_cves(d, patched_cves):
261def get_cve_info(d, cves): 261def get_cve_info(d, cves):
262 """ 262 """
263 Get CVE information from the database. 263 Get CVE information from the database.
264
265 Unfortunately the only way to get CVE info is set the output to
266 html (hard to parse) or query directly the database.
267 """ 264 """
268 265
269 try: 266 import sqlite3
270 import sqlite3
271 except ImportError:
272 from pysqlite2 import dbapi2 as sqlite3
273 267
274 cve_data = {} 268 cve_data = {}
275 db_file = d.getVar("CVE_CHECK_DB_FILE") 269 conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE"))
276 placeholder = ",".join("?" * len(cves)) 270 placeholders = ",".join("?" * len(cves))
277 query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholder 271 query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholders
278 conn = sqlite3.connect(db_file) 272 for row in conn.execute(query, tuple(cves)):
279 cur = conn.cursor()
280 for row in cur.execute(query, tuple(cves)):
281 cve_data[row[0]] = {} 273 cve_data[row[0]] = {}
282 cve_data[row[0]]["summary"] = row[1] 274 cve_data[row[0]]["summary"] = row[1]
283 cve_data[row[0]]["scorev2"] = row[2] 275 cve_data[row[0]]["scorev2"] = row[2]