@@ -5,7 +5,6 @@ INHIBIT_DEFAULT_DEPS = "1"
inherit native
-deltask do_unpack
deltask do_patch
deltask do_configure
deltask do_compile
@@ -21,6 +20,9 @@ CVE_DB_UPDATE_INTERVAL ?= "86400"
# Timeout for blocking socket operations, such as the connection attempt.
CVE_SOCKET_TIMEOUT ?= "60"
+CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK2/${CVE_CHECK_DB_FILENAME}"
+CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock"
+
CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db"
python () {
@@ -38,7 +40,7 @@ python do_fetch() {
bb.utils.export_proxies(d)
- db_file = d.getVar("CVE_CHECK_DB_FILE")
+ db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE")
db_dir = os.path.dirname(db_file)
db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
@@ -72,10 +74,16 @@ python do_fetch() {
os.remove(db_tmp_file)
}
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}"
do_fetch[file-checksums] = ""
do_fetch[vardeps] = ""
+python do_unpack() {
+ import shutil
+ shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE"))
+}
+do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}"
+
def cleanup_db_download(db_file, db_tmp_file):
"""
Cleanup the download space from possible failed downloads
@@ -183,7 +191,7 @@ def initialize_db(conn):
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
- SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+ SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -263,23 +271,29 @@ def update_db(conn, jsondata):
continue
accessVector = None
+ vectorString = None
+ cvssv2 = 0.0
+ cvssv3 = 0.0
+ cvssv4 = 0.0
cveId = elt['cve']['CVE_data_meta']['ID']
cveDesc = elt['cve']['description']['description_data'][0]['value']
date = elt['lastModifiedDate']
try:
accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+ vectorString = elt['impact']['baseMetricV2']['cvssV2']['vectorString']
cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
except KeyError:
cvssv2 = 0.0
try:
accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
+ vectorString = vectorString or elt['impact']['baseMetricV3']['cvssV3']['vectorString']
cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
except KeyError:
accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
- conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
- [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
+ conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)",
+ [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
configurations = elt['configurations']['nodes']
for config in configurations:
Update the database structure and tasks to fit the current YP master. This means: - add the unpack task - update the database structure (CVSS, vector string) However, the old feed does not include CVSS4 Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> --- .../recipes-core/meta/cve-update-db-native.bb | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-)