diff options
| -rw-r--r-- | meta/classes/cve-check.bbclass | 12 | ||||
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 21 |
2 files changed, 13 insertions, 20 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 512d4c7302..c00d2910be 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" @@ -200,11 +200,11 @@ def check_cves(d, patched_cves): c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) for row in c: - cve = row[1] - version_start = row[4] - operator_start = row[5] - version_end = row[6] - operator_end = row[7] + cve = row[0] + version_start = row[3] + operator_start = row[4] + version_end = row[5] + operator_end = row[6] if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 72d1f48835..3519beae5f 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -30,7 +30,7 @@ python do_populate_cve_db() { YEAR_START = 2002 db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' - db_file = db_dir + '/nvdcve.db' + db_file = db_dir + '/nvdcve_1.0.db' json_tmpfile = db_dir + '/nvd.json.gz' proxy = d.getVar("https_proxy") cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a') @@ -65,6 +65,10 @@ python do_populate_cve_db() { c.execute("select DATE from META where YEAR = ?", (year,)) meta = c.fetchone() if not meta or meta[0] != last_modified: + # Clear products table entries corresponding to current year + cve_year = 'CVE-' + str(year) + '%' + c.execute("delete from PRODUCTS where ID like ?", (cve_year,)) + # Update db with current year json file req = urllib.request.Request(json_url) if proxy: @@ -91,27 +95,16 @@ python do_populate_cve_db() { conn.close() } -# DJB2 hash algorithm -def hash_djb2(s): - hash = 5381 - for x in s: - hash = (( hash << 5) + hash) + ord(x) - - return hash & 0xFFFFFFFF - def initialize_db(c): c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \ + c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ VERSION_END TEXT, OPERATOR_END TEXT)") def insert_elt(c, db_values): - product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3] - hashstr = hash_djb2(product_str) - db_values.insert(0, hashstr) - query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)" + query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)" c.execute(query, db_values) def parse_node_and_insert(c, node, cveId): |