diff options
| -rw-r--r-- | meta/classes/cve-check.bbclass | 12 | ||||
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 21 |
2 files changed, 13 insertions, 20 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 512d4c7302..c00d2910be 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" | |||
| 26 | CVE_VERSION ??= "${PV}" | 26 | CVE_VERSION ??= "${PV}" |
| 27 | 27 | ||
| 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" | 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" |
| 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db" | 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" |
| 30 | 30 | ||
| 31 | CVE_CHECK_LOG ?= "${T}/cve.log" | 31 | CVE_CHECK_LOG ?= "${T}/cve.log" |
| 32 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" | 32 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" |
| @@ -200,11 +200,11 @@ def check_cves(d, patched_cves): | |||
| 200 | c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) | 200 | c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) |
| 201 | 201 | ||
| 202 | for row in c: | 202 | for row in c: |
| 203 | cve = row[1] | 203 | cve = row[0] |
| 204 | version_start = row[4] | 204 | version_start = row[3] |
| 205 | operator_start = row[5] | 205 | operator_start = row[4] |
| 206 | version_end = row[6] | 206 | version_end = row[5] |
| 207 | operator_end = row[7] | 207 | operator_end = row[6] |
| 208 | 208 | ||
| 209 | if cve in cve_whitelist: | 209 | if cve in cve_whitelist: |
| 210 | bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) | 210 | bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) |
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 72d1f48835..3519beae5f 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -30,7 +30,7 @@ python do_populate_cve_db() { | |||
| 30 | YEAR_START = 2002 | 30 | YEAR_START = 2002 |
| 31 | 31 | ||
| 32 | db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' | 32 | db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' |
| 33 | db_file = db_dir + '/nvdcve.db' | 33 | db_file = db_dir + '/nvdcve_1.0.db' |
| 34 | json_tmpfile = db_dir + '/nvd.json.gz' | 34 | json_tmpfile = db_dir + '/nvd.json.gz' |
| 35 | proxy = d.getVar("https_proxy") | 35 | proxy = d.getVar("https_proxy") |
| 36 | cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a') | 36 | cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a') |
| @@ -65,6 +65,10 @@ python do_populate_cve_db() { | |||
| 65 | c.execute("select DATE from META where YEAR = ?", (year,)) | 65 | c.execute("select DATE from META where YEAR = ?", (year,)) |
| 66 | meta = c.fetchone() | 66 | meta = c.fetchone() |
| 67 | if not meta or meta[0] != last_modified: | 67 | if not meta or meta[0] != last_modified: |
| 68 | # Clear products table entries corresponding to current year | ||
| 69 | cve_year = 'CVE-' + str(year) + '%' | ||
| 70 | c.execute("delete from PRODUCTS where ID like ?", (cve_year,)) | ||
| 71 | |||
| 68 | # Update db with current year json file | 72 | # Update db with current year json file |
| 69 | req = urllib.request.Request(json_url) | 73 | req = urllib.request.Request(json_url) |
| 70 | if proxy: | 74 | if proxy: |
| @@ -91,27 +95,16 @@ python do_populate_cve_db() { | |||
| 91 | conn.close() | 95 | conn.close() |
| 92 | } | 96 | } |
| 93 | 97 | ||
| 94 | # DJB2 hash algorithm | ||
| 95 | def hash_djb2(s): | ||
| 96 | hash = 5381 | ||
| 97 | for x in s: | ||
| 98 | hash = (( hash << 5) + hash) + ord(x) | ||
| 99 | |||
| 100 | return hash & 0xFFFFFFFF | ||
| 101 | |||
| 102 | def initialize_db(c): | 98 | def initialize_db(c): |
| 103 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | 99 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") |
| 104 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ | 100 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ |
| 105 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") | 101 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") |
| 106 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \ | 102 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ |
| 107 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ | 103 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ |
| 108 | VERSION_END TEXT, OPERATOR_END TEXT)") | 104 | VERSION_END TEXT, OPERATOR_END TEXT)") |
| 109 | 105 | ||
| 110 | def insert_elt(c, db_values): | 106 | def insert_elt(c, db_values): |
| 111 | product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3] | 107 | query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)" |
| 112 | hashstr = hash_djb2(product_str) | ||
| 113 | db_values.insert(0, hashstr) | ||
| 114 | query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)" | ||
| 115 | c.execute(query, db_values) | 108 | c.execute(query, db_values) |
| 116 | 109 | ||
| 117 | def parse_node_and_insert(c, node, cveId): | 110 | def parse_node_and_insert(c, node, cveId): |