Re: [OE-core] [PATCH v2] cve-update: handle baseMetricV2 as optional

Mon, 27 Jul 2020 11:27:04 -0700 

Hi all,

please consider this patch to be backported to dunfell/zeus and warrior.
Master-rev: bbefe04a622e166d95093d5127c316de91b27d20

Thanks
Konrad

On 26.07.20 16:10, Konrad Weihmann wrote:

Currently in NVD DB an item popped up, which hasn't set baseMetricV2.
Let the parser handle it as an optional item.
In case use baseMetricV2 before baseMetricV3

Signed-off-by: Konrad Weihmann <kweihm...@outlook.com>
---
  meta/recipes-core/meta/cve-update-db-native.bb | 13 +++++++++----
  1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb 
b/meta/recipes-core/meta/cve-update-db-native.bb
index f27ade40db..32d6dbdffc 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -176,15 +176,20 @@ def update_db(c, jsondata):
          if not elt['impact']:
              continue
+ accessVector = None 
          cveId = elt['cve']['CVE_data_meta']['ID']
          cveDesc = elt['cve']['description']['description_data'][0]['value']
          date = elt['lastModifiedDate']
-        accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
-        cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
-
          try:
+            accessVector = 
elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+            cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+        except KeyError:
+            cvssv2 = 0.0
+        try:
+            accessVector = accessVector or 
elt['impact']['baseMetricV3']['cvssV3']['attackVector']
              cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
-        except:
+        except KeyError:
+            accessVector = accessVector or "UNKNOWN"
              cvssv3 = 0.0
c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141009): 
https://lists.openembedded.org/g/openembedded-core/message/141009
Mute This Topic: https://lists.openembedded.org/mt/75802993/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to