summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2020-09-06 12:40:45 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-08 10:20:10 +0100
commit77f119baf6f4b85194a9b26d8442ddc7fb3bb97c (patch)
treed7ea16cbb21e738f3a9ed2f9c86e2307c5d4729b
parentbe07d93a4f59d4563f2d064be1997b39f05e9f0e (diff)
downloadopenembedded-core-contrib-77f119baf6f4b85194a9b26d8442ddc7fb3bb97c.tar.gz
cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb13
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 1b4f31692b..c64dd768c8 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
if not elt['impact']:
continue
+ accessVector = None
cveId = elt['cve']['CVE_data_meta']['ID']
cveDesc = elt['cve']['description']['description_data'][0]['value']
date = elt['lastModifiedDate']
- accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
- cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
-
try:
+ accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+ cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+ except KeyError:
+ cvssv2 = 0.0
+ try:
+ accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
- except:
+ except KeyError:
+ accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",