diff options
| -rw-r--r-- | meta/classes/cve-check.bbclass | 10 | ||||
| -rw-r--r-- | meta/classes/vex.bbclass | 1 | ||||
| -rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 14 | ||||
| -rwxr-xr-x | scripts/cve-json-to-text.py | 2 |
4 files changed, 19 insertions, 8 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 6245594dd7..0c92b87f52 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -31,7 +31,7 @@ | |||
| 31 | CVE_PRODUCT ??= "${BPN}" | 31 | CVE_PRODUCT ??= "${BPN}" |
| 32 | CVE_VERSION ??= "${PV}" | 32 | CVE_VERSION ??= "${PV}" |
| 33 | 33 | ||
| 34 | CVE_CHECK_DB_FILENAME ?= "nvdcve_2-1.db" | 34 | CVE_CHECK_DB_FILENAME ?= "nvdcve_2-2.db" |
| 35 | CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK" | 35 | CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK" |
| 36 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}" | 36 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}" |
| 37 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" | 37 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" |
| @@ -445,9 +445,10 @@ def get_cve_info(d, cve_data): | |||
| 445 | cve_data[row[0]]["NVD-summary"] = row[1] | 445 | cve_data[row[0]]["NVD-summary"] = row[1] |
| 446 | cve_data[row[0]]["NVD-scorev2"] = row[2] | 446 | cve_data[row[0]]["NVD-scorev2"] = row[2] |
| 447 | cve_data[row[0]]["NVD-scorev3"] = row[3] | 447 | cve_data[row[0]]["NVD-scorev3"] = row[3] |
| 448 | cve_data[row[0]]["NVD-modified"] = row[4] | 448 | cve_data[row[0]]["NVD-scorev4"] = row[4] |
| 449 | cve_data[row[0]]["NVD-vector"] = row[5] | 449 | cve_data[row[0]]["NVD-modified"] = row[5] |
| 450 | cve_data[row[0]]["NVD-vectorString"] = row[6] | 450 | cve_data[row[0]]["NVD-vector"] = row[6] |
| 451 | cve_data[row[0]]["NVD-vectorString"] = row[7] | ||
| 451 | cursor.close() | 452 | cursor.close() |
| 452 | conn.close() | 453 | conn.close() |
| 453 | 454 | ||
| @@ -534,6 +535,7 @@ def cve_write_data_json(d, cve_data, cve_status): | |||
| 534 | cve_item["summary"] = cve_data[cve]["NVD-summary"] | 535 | cve_item["summary"] = cve_data[cve]["NVD-summary"] |
| 535 | cve_item["scorev2"] = cve_data[cve]["NVD-scorev2"] | 536 | cve_item["scorev2"] = cve_data[cve]["NVD-scorev2"] |
| 536 | cve_item["scorev3"] = cve_data[cve]["NVD-scorev3"] | 537 | cve_item["scorev3"] = cve_data[cve]["NVD-scorev3"] |
| 538 | cve_item["scorev4"] = cve_data[cve]["NVD-scorev4"] | ||
| 537 | cve_item["modified"] = cve_data[cve]["NVD-modified"] | 539 | cve_item["modified"] = cve_data[cve]["NVD-modified"] |
| 538 | cve_item["vector"] = cve_data[cve]["NVD-vector"] | 540 | cve_item["vector"] = cve_data[cve]["NVD-vector"] |
| 539 | cve_item["vectorString"] = cve_data[cve]["NVD-vectorString"] | 541 | cve_item["vectorString"] = cve_data[cve]["NVD-vectorString"] |
diff --git a/meta/classes/vex.bbclass b/meta/classes/vex.bbclass index bb16e2a529..01d4e52051 100644 --- a/meta/classes/vex.bbclass +++ b/meta/classes/vex.bbclass | |||
| @@ -282,6 +282,7 @@ def cve_write_data_json(d, cve_data, cve_status): | |||
| 282 | cve_item["summary"] = cve_data[cve]["NVD-summary"] | 282 | cve_item["summary"] = cve_data[cve]["NVD-summary"] |
| 283 | cve_item["scorev2"] = cve_data[cve]["NVD-scorev2"] | 283 | cve_item["scorev2"] = cve_data[cve]["NVD-scorev2"] |
| 284 | cve_item["scorev3"] = cve_data[cve]["NVD-scorev3"] | 284 | cve_item["scorev3"] = cve_data[cve]["NVD-scorev3"] |
| 285 | cve_item["scorev4"] = cve_data[cve]["NVD-scorev4"] | ||
| 285 | cve_item["vector"] = cve_data[cve]["NVD-vector"] | 286 | cve_item["vector"] = cve_data[cve]["NVD-vector"] |
| 286 | cve_item["vectorString"] = cve_data[cve]["NVD-vectorString"] | 287 | cve_item["vectorString"] = cve_data[cve]["NVD-vectorString"] |
| 287 | if 'status' in cve_data[cve]: | 288 | if 'status' in cve_data[cve]: |
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index a7e568e307..93d1fa1de6 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
| @@ -255,7 +255,7 @@ def initialize_db(conn): | |||
| 255 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | 255 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") |
| 256 | 256 | ||
| 257 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ | 257 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ |
| 258 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") | 258 | SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") |
| 259 | 259 | ||
| 260 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ | 260 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ |
| 261 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ | 261 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ |
| @@ -361,12 +361,18 @@ def update_db(conn, elt): | |||
| 361 | cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] | 361 | cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] |
| 362 | except KeyError: | 362 | except KeyError: |
| 363 | pass | 363 | pass |
| 364 | cvssv3 = cvssv3 or 0.0 | ||
| 365 | try: | ||
| 366 | accessVector = accessVector or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector'] | ||
| 367 | vectorString = vectorString or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString'] | ||
| 368 | cvssv4 = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['baseScore'] | ||
| 369 | except KeyError: | ||
| 370 | cvssv4 = 0.0 | ||
| 364 | accessVector = accessVector or "UNKNOWN" | 371 | accessVector = accessVector or "UNKNOWN" |
| 365 | vectorString = vectorString or "UNKNOWN" | 372 | vectorString = vectorString or "UNKNOWN" |
| 366 | cvssv3 = cvssv3 or 0.0 | ||
| 367 | 373 | ||
| 368 | conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)", | 374 | conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)", |
| 369 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() | 375 | [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close() |
| 370 | 376 | ||
| 371 | try: | 377 | try: |
| 372 | # Remove any pre-existing CVE configuration. Even for partial database | 378 | # Remove any pre-existing CVE configuration. Even for partial database |
diff --git a/scripts/cve-json-to-text.py b/scripts/cve-json-to-text.py index 5531ee5eb6..87a5669987 100755 --- a/scripts/cve-json-to-text.py +++ b/scripts/cve-json-to-text.py | |||
| @@ -125,6 +125,8 @@ def process_data(filename, data): | |||
| 125 | lines += "CVSS v2 BASE SCORE: %s\n" % issue["scorev2"] | 125 | lines += "CVSS v2 BASE SCORE: %s\n" % issue["scorev2"] |
| 126 | if "scorev3" in issue: | 126 | if "scorev3" in issue: |
| 127 | lines += "CVSS v3 BASE SCORE: %s\n" % issue["scorev3"] | 127 | lines += "CVSS v3 BASE SCORE: %s\n" % issue["scorev3"] |
| 128 | if "scorev4" in issue: | ||
| 129 | lines += "CVSS v4 BASE SCORE: %s\n" % issue["scorev4"] | ||
| 128 | if "vector" in issue: | 130 | if "vector" in issue: |
| 129 | lines += "VECTOR: %s\n" % issue["vector"] | 131 | lines += "VECTOR: %s\n" % issue["vector"] |
| 130 | if "vectorString" in issue: | 132 | if "vectorString" in issue: |