summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-09-06 12:40:45 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-16 13:35:10 +0100
commitbc319fd044a7b53b3e726b333a55fb6b2a5f5425 (patch)
treec849f5750252e8319c52152efd309657b48d1c78
parent0d061fc545d09b5234b8a8fae73ce69a17fa1609 (diff)
downloadpoky-bc319fd044a7b53b3e726b333a55fb6b2a5f5425.tar.gz
poky-bc319fd044a7b53b3e726b333a55fb6b2a5f5425.tar.bz2
poky-bc319fd044a7b53b3e726b333a55fb6b2a5f5425.zip
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c) (From OE-Core rev: 4cee5c4bc74edde48fe19ec11c78f6c598cf08b6) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index db1d69a28e..e9a023e9bd 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
if not elt['impact']:
continue
+ accessVector = None
cveId = elt['cve']['CVE_data_meta']['ID']
cveDesc = elt['cve']['description']['description_data'][0]['value']
date = elt['lastModifiedDate']
- accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
- cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
-
try:
+ accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+ cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+ except KeyError:
+ cvssv2 = 0.0
+ try:
+ accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
- except:
+ except KeyError:
+ accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",