diff options
author | Antoine Lubineau <antoine.lubineau@easymile.com> | 2023-09-21 10:23:52 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-28 12:33:48 +0100 |
commit | 048ff0ad927f4d37cc5547ebeba9e0c221687ea6 (patch) | |
tree | f9d40c359395ab51ab851c8159614f3efb8fe466 /meta/classes | |
parent | c2e059a036ac5c4d2cb3c7267be2403e0611dea5 (diff) | |
download | openembedded-core-048ff0ad927f4d37cc5547ebeba9e0c221687ea6.tar.gz |
cve-check: add CVSS vector string to CVE database and reports
This allows building detailed vulnerability analysis tools without
relying on external resources.
Signed-off-by: Antoine Lubineau <antoine.lubineau@easymile.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/cve-check.bbclass | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 55ae298024..b55f4299da 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db" CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" CVE_CHECK_LOG ?= "${T}/cve.log" @@ -442,6 +442,7 @@ def get_cve_info(d, cves): cve_data[row[0]]["scorev3"] = row[3] cve_data[row[0]]["modified"] = row[4] cve_data[row[0]]["vector"] = row[5] + cve_data[row[0]]["vectorString"] = row[6] cursor.close() conn.close() return cve_data @@ -507,6 +508,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] + write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"] write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": @@ -623,6 +625,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): "scorev2" : cve_data[cve]["scorev2"], "scorev3" : cve_data[cve]["scorev3"], "vector" : cve_data[cve]["vector"], + "vectorString" : cve_data[cve]["vectorString"], "status" : status, "link": issue_link } |