This allows building detailed vulnerability analysis tools without
relying on external resources.
Signed-off-by: Antoine Lubineau <antoine.lubin...@easymile.com>
---
meta/classes/cve-check.bbclass | 5 ++++-
meta/recipes-core/meta/cve-update-nvd2-native.bb | 11 ++++++++---
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 55ae298024..b55f4299da 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db"
CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -442,6 +442,7 @@ def get_cve_info(d, cves):
cve_data[row[0]]["scorev3"] = row[3]
cve_data[row[0]]["modified"] = row[4]
cve_data[row[0]]["vector"] = row[5]
+ cve_data[row[0]]["vectorString"] = row[6]
cursor.close()
conn.close()
return cve_data
@@ -507,6 +508,7 @@ def cve_write_data_text(d, patched, unpatched, ignored,
cve_data):
write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
+ write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
@@ -623,6 +625,7 @@ def cve_write_data_json(d, patched, unpatched, ignored,
cve_data, cve_status):
"scorev2" : cve_data[cve]["scorev2"],
"scorev3" : cve_data[cve]["scorev3"],
"vector" : cve_data[cve]["vector"],
+ "vectorString" : cve_data[cve]["vectorString"],
"status" : status,
"link": issue_link
}
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb
b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 2f7dad7e82..d0321f1bb5 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -225,7 +225,7 @@ def initialize_db(conn):
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE
TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY
TEXT, \
- SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT,
VECTORSTRING TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START
TEXT, \
@@ -299,6 +299,7 @@ def update_db(conn, elt):
"""
accessVector = None
+ vectorString = None
cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected":
return
@@ -309,25 +310,29 @@ def update_db(conn, elt):
date = elt['cve']['lastModified']
try:
accessVector =
elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector']
+ vectorString =
elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString']
cvssv2 =
elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore']
except KeyError:
cvssv2 = 0.0
cvssv3 = None
try:
accessVector = accessVector or
elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector']
+ vectorString = vectorString or
elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString']
cvssv3 =
elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore']
except KeyError:
pass
try:
accessVector = accessVector or
elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector']
+ vectorString = vectorString or
elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString']
cvssv3 = cvssv3 or
elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
except KeyError:
pass
accessVector = accessVector or "UNKNOWN"
+ vectorString = vectorString or "UNKNOWN"
cvssv3 = cvssv3 or 0.0
- conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
- [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
+ conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)",
+ [cveId, cveDesc, cvssv2, cvssv3, date, accessVector,
vectorString]).close()
try:
for config in elt['cve']['configurations']:
--
2.39.2
--
*This email and any attachment contains EasyMile's confidential
information, and must not be modified or circulated without EasyMile's
prior written consent. It is intended exclusively for their recipient.s. If
you received this message by mistake, please notify us promptly and
immediately delete this email and any of its attachments.*
*As data
controller, EasyMile processes personal data, in compliance with the
European GDPR (EU) 2016/679 of 27 April 2016. To exercise your rights, you
can contact EasyMile at priv...@easymile.com, and if necessary, you may
contact the local competent supervisory authority."*
*Cet e-mail et toute
pièce jointe contiennent des informations confidentielles d'EasyMile et ne
doivent pas être modifiés ou diffusés sans le consentement écrit préalable
d'EasyMile. Ils sont destinés exclusivement à leur destinataire.s. Si vous
avez reçu ce message par erreur, veuillez nous en informer rapidement et
supprimer immédiatement cet e-mail et toutes ses pièces jointes. *
*En
tant que responsable de traitement, EasyMile traite des données
personnelles, conformément au RGPD européen (UE) 2016/679 du 27 avril 2016.
Pour exercer vos droits, vous pouvez contacter EasyMile à
priv...@easymile.com <mailto:priv...@easymile.com>, et si nécessaire, vous
pouvez contacter l'autorité de contrôle locale compétente.*
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187980):
https://lists.openembedded.org/g/openembedded-core/message/187980
Mute This Topic: https://lists.openembedded.org/mt/101496057/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
