mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 05:29:32 +00:00
Code Issues Projects Releases Wiki Activity

cve-update-db-native: update structure

Browse Source 
Update the database structure and tasks to fit the current YP master.
This means:
- add the unpack task
- update the database structure (CVSS, vector string)
- use the temporary database in the same directory as the download

However, the old feed does not include CVSS4

(From OE-Core rev: dd249921a5d6b8e472242b57415de3f210dc81f1)

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Marta Rybczynska
2025-02-13 06:57:51 +01:00
committed by Richard Purdie
parent ae7097e4c1
commit 7a3904c6a7
1 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/meta/cve-update-db-native.bb
+21 -7
View File
@@ -5,7 +5,6 @@ INHIBIT_DEFAULT_DEPS = "1"
inherit native
deltask do_unpack
deltask do_patch
deltask do_configure
deltask do_compile
@@ -21,7 +20,10 @@ CVE_DB_UPDATE_INTERVAL ?= "86400"
# Timeout for blocking socket operations, such as the connection attempt.
CVE_SOCKET_TIMEOUT ?= "60"
CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db"
CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK2/${CVE_CHECK_DB_FILENAME}"
CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock"
CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DLDIR_FILE}.tmp"
python () {
if not bb.data.inherits_class("cve-check", d):
@@ -38,7 +40,7 @@ python do_fetch() {
bb.utils.export_proxies(d)
db_file = d.getVar("CVE_CHECK_DB_FILE")
db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE")
db_dir = os.path.dirname(db_file)
db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
@@ -72,10 +74,16 @@ python do_fetch() {
os.remove(db_tmp_file)
}
do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}"
do_fetch[file-checksums] = ""
do_fetch[vardeps] = ""
python do_unpack() {
import shutil
shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE"))
}
do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}"
def cleanup_db_download(db_file, db_tmp_file):
"""
Cleanup the download space from possible failed downloads
@@ -183,7 +191,7 @@ def initialize_db(conn):
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -263,23 +271,29 @@ def update_db(conn, jsondata):
continue
accessVector = None
vectorString = None
cvssv2 = 0.0
cvssv3 = 0.0
cvssv4 = 0.0
cveId = elt['cve']['CVE_data_meta']['ID']
cveDesc = elt['cve']['description']['description_data'][0]['value']
date = elt['lastModifiedDate']
try:
accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
vectorString = elt['impact']['baseMetricV2']['cvssV2']['vectorString']
cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
except KeyError:
cvssv2 = 0.0
try:
accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
vectorString = vectorString or elt['impact']['baseMetricV3']['cvssV3']['vectorString']
cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
except KeyError:
accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
[cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)",
[cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
configurations = elt['configurations']['nodes']
for config in configurations: