summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/classes/cve-check.bbclass11
-rw-r--r--meta/recipes-core/meta/cve-update-nvd2-native.bb14
2 files changed, 17 insertions, 8 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b47c61da63..dd9847f366 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
26CVE_VERSION ??= "${PV}" 26CVE_VERSION ??= "${PV}"
27 27
28CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" 28CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
29CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db" 29CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-2.db"
30CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" 30CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
31 31
32CVE_CHECK_LOG ?= "${T}/cve.log" 32CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -397,9 +397,10 @@ def get_cve_info(d, cves):
397 cve_data[row[0]]["summary"] = row[1] 397 cve_data[row[0]]["summary"] = row[1]
398 cve_data[row[0]]["scorev2"] = row[2] 398 cve_data[row[0]]["scorev2"] = row[2]
399 cve_data[row[0]]["scorev3"] = row[3] 399 cve_data[row[0]]["scorev3"] = row[3]
400 cve_data[row[0]]["modified"] = row[4] 400 cve_data[row[0]]["scorev4"] = row[4]
401 cve_data[row[0]]["vector"] = row[5] 401 cve_data[row[0]]["modified"] = row[5]
402 cve_data[row[0]]["vectorString"] = row[6] 402 cve_data[row[0]]["vector"] = row[6]
403 cve_data[row[0]]["vectorString"] = row[7]
403 cursor.close() 404 cursor.close()
404 conn.close() 405 conn.close()
405 return cve_data 406 return cve_data
@@ -455,6 +456,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
455 write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"] 456 write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
456 write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] 457 write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
457 write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] 458 write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
459 write_string += "CVSS v4 BASE SCORE: %s\n" % cve_data[cve]["scorev4"]
458 write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] 460 write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
459 write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"] 461 write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"]
460 write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) 462 write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
@@ -570,6 +572,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
570 "summary" : cve_data[cve]["summary"], 572 "summary" : cve_data[cve]["summary"],
571 "scorev2" : cve_data[cve]["scorev2"], 573 "scorev2" : cve_data[cve]["scorev2"],
572 "scorev3" : cve_data[cve]["scorev3"], 574 "scorev3" : cve_data[cve]["scorev3"],
575 "scorev4" : cve_data[cve]["scorev4"],
573 "vector" : cve_data[cve]["vector"], 576 "vector" : cve_data[cve]["vector"],
574 "vectorString" : cve_data[cve]["vectorString"], 577 "vectorString" : cve_data[cve]["vectorString"],
575 "status" : status, 578 "status" : status,
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 060545b1e3..b4c46ef756 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -247,7 +247,7 @@ def initialize_db(conn):
247 c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") 247 c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
248 248
249 c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ 249 c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
250 SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") 250 SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
251 251
252 c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ 252 c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
253 VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ 253 VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -353,12 +353,18 @@ def update_db(conn, elt):
353 cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] 353 cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
354 except KeyError: 354 except KeyError:
355 pass 355 pass
356 cvssv3 = cvssv3 or 0.0
357 try:
358 accessVector = accessVector or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector']
359 vectorString = vectorString or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString']
360 cvssv4 = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['baseScore']
361 except KeyError:
362 cvssv4 = 0.0
356 accessVector = accessVector or "UNKNOWN" 363 accessVector = accessVector or "UNKNOWN"
357 vectorString = vectorString or "UNKNOWN" 364 vectorString = vectorString or "UNKNOWN"
358 cvssv3 = cvssv3 or 0.0
359 365
360 conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)", 366 conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)",
361 [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() 367 [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
362 368
363 try: 369 try:
364 # Remove any pre-existing CVE configuration. Even for partial database 370 # Remove any pre-existing CVE configuration. Even for partial database
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-05 12:20:33 +0000