@@ -31,7 +31,11 @@
CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
-CVE_CHECK_DB_FILENAME ?= "nvdcve_2-2.db"
+# Possible database sources: NVD1, NVD2, FKIE
+NVD_DB_VERSION ?= "NVD2"
+
+CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdcve_1-3.db'}"
+CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}"
CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
@@ -114,6 +118,11 @@ python () {
d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
else:
bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
+
+ nvd_database_type = d.getVar("NVD_DB_VERSION")
+ if nvd_database_type not in ("NVD", "NVD2", "FKIE"):
+ d.setVar("NVD_DB_VERSION", "NVD2")
+ bb.warn("Malformed NVD_DB_VERSION, resetting to NVD2")
}
def generate_json_report(d, out_path, link_path):
@@ -182,7 +191,7 @@ python do_cve_check () {
}
addtask cve_check before do_build
-do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
+do_cve_check[depends] = "${CVE_CHECK_DB_FETCHER}:do_unpack"
do_cve_check[nostamp] = "1"
python cve_check_cleanup () {
Allow choice of one of three feeds and update task dependencies accordingly. All feeds contain data from NVD. Set the NVD_DB_VERSION variable to choose feed: NVD2 (default) - the NVD feed with API version 2 NVD1 - the NVD JSON feed (deprecated) FKIE - the FKIE-CAD feed reconstruction Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> --- meta/classes/cve-check.bbclass | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)