diff mbox series

[7/7] cve-update-db-native: FKIE CVE parsing: Use Secondary metric

Message ID 20250824145745.1099373-7-peter.marko@siemens.com
State New
Headers show
Series [1/7] cve-update-db-native: Use a local copy of the database during builds | expand

Commit Message

Peter Marko Aug. 24, 2025, 2:57 p.m. UTC 
From: Jonathan Schnitzler <jonathan.schnitzler@faro.com>

If there is no primary metric use the Secondary one.

Signed-off-by: Jonathan Schnitzler <jonathan.schnitzler@faro.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../recipes-core/meta/cve-update-db-native.bb | 53 ++++++++++++-------
 1 file changed, 33 insertions(+), 20 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 87e5a3edaa..0c7bc5f415 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -322,6 +322,15 @@  def update_db_nvdjson(conn, jsondata):
         for config in configurations:
             parse_node_and_insert(conn, config, cveId, True)
 
+def get_metric_entry(metric):
+    primaries = [c for c in metric if c['type'] == "Primary"]
+    secondaries = [c for c in metric if c['type'] == "Secondary"]
+    if len(primaries) > 0:
+        return primaries[0]
+    elif len(secondaries)>0:
+        return secondaries[0]
+    return None
+
 def update_db_fkie(conn, jsondata):
     import json
     root = json.loads(jsondata)
@@ -342,37 +351,41 @@  def update_db_fkie(conn, jsondata):
         cveDesc = elt['descriptions'][0]['value']
         date = elt['lastModified']
         try:
-            for m in elt['metrics']['cvssMetricV2']:
-                if m['type'] == 'Primary':
-                    accessVector = m['cvssData']['accessVector']
-                    vectorString = m['cvssData']['vectorString']
-                    cvssv2 = m['cvssData']['baseScore']
+            if 'cvssMetricV2' in elt['metrics']:
+                entry = get_metric_entry(elt['metrics']['cvssMetricV2'])
+                if entry:
+                    accessVector = entry['cvssData']['accessVector']
+                    vectorString = entry['cvssData']['vectorString']
+                    cvssv2 = entry['cvssData']['baseScore']
         except KeyError:
             cvssv2 = 0.0
         try:
-            for m in elt['metrics']['cvssMetricV30']:
-                if m['type'] == 'Primary':
-                    accessVector = m['cvssData']['attackVector']
-                    vectorString = m['cvssData']['vectorString']
-                    cvssv3 = m['cvssData']['baseScore']
+            if 'cvssMetricV30' in elt['metrics']:
+                entry = get_metric_entry(elt['metrics']['cvssMetricV30'])
+                if entry:
+                    accessVector = entry['cvssData']['attackVector']
+                    vectorString = entry['cvssData']['vectorString']
+                    cvssv3 = entry['cvssData']['baseScore']
         except KeyError:
             accessVector = accessVector or "UNKNOWN"
             cvssv3 = 0.0
         try:
-            for m in elt['metrics']['cvssMetricV31']:
-                if m['type'] == 'Primary':
-                    accessVector = m['cvssData']['attackVector']
-                    vectorString = m['cvssData']['vectorString']
-                    cvssv3 = m['cvssData']['baseScore']
+            if 'cvssMetricV31' in elt['metrics']:
+                entry = get_metric_entry(elt['metrics']['cvssMetricV31'])
+                if entry:
+                    accessVector = entry['cvssData']['attackVector']
+                    vectorString = entry['cvssData']['vectorString']
+                    cvssv3 = entry['cvssData']['baseScore']
         except KeyError:
             accessVector = accessVector or "UNKNOWN"
             cvssv3 = 0.0
         try:
-            for m in elt['metrics']['cvssMetricV40']:
-                if m['type'] == 'Primary':
-                    accessVector = m['cvssData']['attackVector']
-                    vectorString = m['cvssData']['vectorString']
-                    cvssv4 = m['cvssData']['baseScore']
+            if 'cvssMetricV40' in elt['metrics']:
+                entry = get_metric_entry(elt['metrics']['cvssMetricV40'])
+                if entry:
+                    accessVector = entry['cvssData']['attackVector']
+                    vectorString = entry['cvssData']['vectorString']
+                    cvssv4 = entry['cvssData']['baseScore']
         except KeyError:
             accessVector = accessVector or "UNKNOWN"
             cvssv4 = 0.0