This allows building detailed vulnerability analysis tools without relying on external resources.
Signed-off-by: Antoine Lubineau <antoine.lubin...@easymile.com> --- meta/classes/cve-check.bbclass | 5 ++++- meta/recipes-core/meta/cve-update-nvd2-native.bb | 11 ++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 55ae298024..b55f4299da 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db" CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" CVE_CHECK_LOG ?= "${T}/cve.log" @@ -442,6 +442,7 @@ def get_cve_info(d, cves): cve_data[row[0]]["scorev3"] = row[3] cve_data[row[0]]["modified"] = row[4] cve_data[row[0]]["vector"] = row[5] + cve_data[row[0]]["vectorString"] = row[6] cursor.close() conn.close() return cve_data @@ -507,6 +508,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] + write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"] write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": @@ -623,6 +625,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): "scorev2" : cve_data[cve]["scorev2"], "scorev3" : cve_data[cve]["scorev3"], "vector" : cve_data[cve]["vector"], + "vectorString" : cve_data[cve]["vectorString"], "status" : status, "link": issue_link } diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 2f7dad7e82..d0321f1bb5 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -225,7 +225,7 @@ def initialize_db(conn): c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") + SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ @@ -299,6 +299,7 @@ def update_db(conn, elt): """ accessVector = None + vectorString = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": return @@ -309,25 +310,29 @@ def update_db(conn, elt): date = elt['cve']['lastModified'] try: accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector'] + vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString'] cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore'] except KeyError: cvssv2 = 0.0 cvssv3 = None try: accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] + vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString'] cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore'] except KeyError: pass try: accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] + vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString'] cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] except KeyError: pass accessVector = accessVector or "UNKNOWN" + vectorString = vectorString or "UNKNOWN" cvssv3 = cvssv3 or 0.0 - conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() + conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)", + [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() try: for config in elt['cve']['configurations']: -- 2.39.2 -- *This email and any attachment contains EasyMile's confidential information, and must not be modified or circulated without EasyMile's prior written consent. It is intended exclusively for their recipient.s. If you received this message by mistake, please notify us promptly and immediately delete this email and any of its attachments.* *As data controller, EasyMile processes personal data, in compliance with the European GDPR (EU) 2016/679 of 27 April 2016. To exercise your rights, you can contact EasyMile at priv...@easymile.com, and if necessary, you may contact the local competent supervisory authority."* *Cet e-mail et toute pièce jointe contiennent des informations confidentielles d'EasyMile et ne doivent pas être modifiés ou diffusés sans le consentement écrit préalable d'EasyMile. Ils sont destinés exclusivement à leur destinataire.s. Si vous avez reçu ce message par erreur, veuillez nous en informer rapidement et supprimer immédiatement cet e-mail et toutes ses pièces jointes. * *En tant que responsable de traitement, EasyMile traite des données personnelles, conformément au RGPD européen (UE) 2016/679 du 27 avril 2016. Pour exercer vos droits, vous pouvez contacter EasyMile à priv...@easymile.com <mailto:priv...@easymile.com>, et si nécessaire, vous pouvez contacter l'autorité de contrôle locale compétente.*
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187980): https://lists.openembedded.org/g/openembedded-core/message/187980 Mute This Topic: https://lists.openembedded.org/mt/101496057/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-