mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 17:19:20 +00:00
Code Issues Projects Releases Wiki Activity

cve-update-db-native: skip on empty cpe23Uri

Browse Source 
Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present
Also quit if the length of the array after splitting is less than 6

(From OE-Core rev: 00ce2796d97de2bc376b038d0ea7969088791d34)

Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Konrad Weihmann
2021-04-22 18:48:27 +02:00
committed by Richard Purdie
parent d5eb86b3aa
commit df2a1f37f7
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/meta/cve-update-db-native.bb
+6 -1
View File
@@ -139,7 +139,12 @@ def parse_node_and_insert(c, node, cveId):
for cpe in node.get('cpe_match', ()): for cpe in node.get('cpe_match', ()):
if not cpe['vulnerable']: if not cpe['vulnerable']:
return return
cpe23 = cpe['cpe23Uri'].split(':') cpe23 = cpe.get('cpe23Uri')
if not cpe23:
return
cpe23 = cpe23.split(':')
if len(cpe23) < 6:
return
vendor = cpe23[3] vendor = cpe23[3]
product = cpe23[4] product = cpe23[4]
version = cpe23[5] version = cpe23[5]