diff options
author | Konrad Weihmann <kweihmann@outlook.com> | 2021-04-22 18:48:27 +0200 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2021-04-23 23:14:40 +0800 |
commit | e9776c55cf251fc884ac3ce4fd6c96769b1d17ff (patch) | |
tree | 4f7893b6955225ab06c6ff95c58009aa31c63d93 | |
parent | 147a08dced5e565f19f4987a3c199780dc00f878 (diff) | |
download | openembedded-core-contrib-e9776c55cf251fc884ac3ce4fd6c96769b1d17ff.tar.gz |
cve-update-db-native: skip on empty cpe23Uri
Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present
Also quit if the length of the array after splitting is less than 6
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00ce2796d97de2bc376b038d0ea7969088791d34)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index b3dc33734d..b073936298 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -138,7 +138,12 @@ def parse_node_and_insert(c, node, cveId): for cpe in node.get('cpe_match', ()): if not cpe['vulnerable']: return - cpe23 = cpe['cpe23Uri'].split(':') + cpe23 = cpe.get('cpe23Uri') + if not cpe23: + return + cpe23 = cpe23.split(':') + if len(cpe23) < 6: + return vendor = cpe23[3] product = cpe23[4] version = cpe23[5] |