diff options
| -rw-r--r-- | meta/classes/cve-check.bbclass | 5 | ||||
| -rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 11 |
2 files changed, 12 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index f554150d94..b47c61da63 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" | |||
| 26 | CVE_VERSION ??= "${PV}" | 26 | CVE_VERSION ??= "${PV}" |
| 27 | 27 | ||
| 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" | 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" |
| 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" | 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db" |
| 30 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" | 30 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" |
| 31 | 31 | ||
| 32 | CVE_CHECK_LOG ?= "${T}/cve.log" | 32 | CVE_CHECK_LOG ?= "${T}/cve.log" |
| @@ -399,6 +399,7 @@ def get_cve_info(d, cves): | |||
| 399 | cve_data[row[0]]["scorev3"] = row[3] | 399 | cve_data[row[0]]["scorev3"] = row[3] |
| 400 | cve_data[row[0]]["modified"] = row[4] | 400 | cve_data[row[0]]["modified"] = row[4] |
| 401 | cve_data[row[0]]["vector"] = row[5] | 401 | cve_data[row[0]]["vector"] = row[5] |
| 402 | cve_data[row[0]]["vectorString"] = row[6] | ||
| 402 | cursor.close() | 403 | cursor.close() |
| 403 | conn.close() | 404 | conn.close() |
| 404 | return cve_data | 405 | return cve_data |
| @@ -455,6 +456,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): | |||
| 455 | write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] | 456 | write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] |
| 456 | write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] | 457 | write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] |
| 457 | write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] | 458 | write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] |
| 459 | write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"] | ||
| 458 | write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) | 460 | write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) |
| 459 | 461 | ||
| 460 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": | 462 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": |
| @@ -569,6 +571,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): | |||
| 569 | "scorev2" : cve_data[cve]["scorev2"], | 571 | "scorev2" : cve_data[cve]["scorev2"], |
| 570 | "scorev3" : cve_data[cve]["scorev3"], | 572 | "scorev3" : cve_data[cve]["scorev3"], |
| 571 | "vector" : cve_data[cve]["vector"], | 573 | "vector" : cve_data[cve]["vector"], |
| 574 | "vectorString" : cve_data[cve]["vectorString"], | ||
| 572 | "status" : status, | 575 | "status" : status, |
| 573 | "link": issue_link | 576 | "link": issue_link |
| 574 | } | 577 | } |
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 1a3eeba6d0..060545b1e3 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
| @@ -247,7 +247,7 @@ def initialize_db(conn): | |||
| 247 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | 247 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") |
| 248 | 248 | ||
| 249 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ | 249 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ |
| 250 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") | 250 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") |
| 251 | 251 | ||
| 252 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ | 252 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ |
| 253 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ | 253 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ |
| @@ -321,6 +321,7 @@ def update_db(conn, elt): | |||
| 321 | """ | 321 | """ |
| 322 | 322 | ||
| 323 | accessVector = None | 323 | accessVector = None |
| 324 | vectorString = None | ||
| 324 | cveId = elt['cve']['id'] | 325 | cveId = elt['cve']['id'] |
| 325 | if elt['cve']['vulnStatus'] == "Rejected": | 326 | if elt['cve']['vulnStatus'] == "Rejected": |
| 326 | c = conn.cursor() | 327 | c = conn.cursor() |
| @@ -335,25 +336,29 @@ def update_db(conn, elt): | |||
| 335 | date = elt['cve']['lastModified'] | 336 | date = elt['cve']['lastModified'] |
| 336 | try: | 337 | try: |
| 337 | accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector'] | 338 | accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector'] |
| 339 | vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString'] | ||
| 338 | cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore'] | 340 | cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore'] |
| 339 | except KeyError: | 341 | except KeyError: |
| 340 | cvssv2 = 0.0 | 342 | cvssv2 = 0.0 |
| 341 | cvssv3 = None | 343 | cvssv3 = None |
| 342 | try: | 344 | try: |
| 343 | accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] | 345 | accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] |
| 346 | vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString'] | ||
| 344 | cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore'] | 347 | cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore'] |
| 345 | except KeyError: | 348 | except KeyError: |
| 346 | pass | 349 | pass |
| 347 | try: | 350 | try: |
| 348 | accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] | 351 | accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] |
| 352 | vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString'] | ||
| 349 | cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] | 353 | cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] |
| 350 | except KeyError: | 354 | except KeyError: |
| 351 | pass | 355 | pass |
| 352 | accessVector = accessVector or "UNKNOWN" | 356 | accessVector = accessVector or "UNKNOWN" |
| 357 | vectorString = vectorString or "UNKNOWN" | ||
| 353 | cvssv3 = cvssv3 or 0.0 | 358 | cvssv3 = cvssv3 or 0.0 |
| 354 | 359 | ||
| 355 | conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", | 360 | conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)", |
| 356 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() | 361 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() |
| 357 | 362 | ||
| 358 | try: | 363 | try: |
| 359 | # Remove any pre-existing CVE configuration. Even for partial database | 364 | # Remove any pre-existing CVE configuration. Even for partial database |