summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-07-26 16:10:06 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-08-04 23:17:38 +0100
commitcb791c2755d238305707281c3b9b0c8c34022952 (patch)
treeeead1fafe4afe33a2a6377c403b85d879ec92e18
parentc65ad03f2bd06223dc833009724533dde38cddc5 (diff)
downloadpoky-cb791c2755d238305707281c3b9b0c8c34022952.tar.gz
poky-cb791c2755d238305707281c3b9b0c8c34022952.tar.bz2
poky-cb791c2755d238305707281c3b9b0c8c34022952.zip
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: e1c507da9fa5fd12dd42037d0476d94fe3aac730) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fdcbf3f28289188c5a97664d1421d4a5c4991eda) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index d69d79cb31..0577a5ccac 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -167,15 +167,20 @@ def update_db(c, jsondata):
if not elt['impact']:
continue
+ accessVector = None
cveId = elt['cve']['CVE_data_meta']['ID']
cveDesc = elt['cve']['description']['description_data'][0]['value']
date = elt['lastModifiedDate']
- accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
- cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
-
try:
+ accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+ cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+ except KeyError:
+ cvssv2 = 0.0
+ try:
+ accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
- except:
+ except KeyError:
+ accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",