* [PATCH] cve-update-db-native: Check cpe object for validity
@ 2021-04-22 22:11 falital
0 siblings, 0 replies; only message in thread
From: falital @ 2021-04-22 22:11 UTC (permalink / raw)
To: openembedded-core; +Cc: Savvas Etairidis
In case the cpe object is missing required properties
it is not valid based on its json schema definition,
since it is not valid the routine will fail throwing
an exeption which will lead to a broken build.
To fix this we ingore this entry.
Signed-off-by: Savvas Etairidis <falital@hotmail.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 25ec6bac71..50ac62251e 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -137,6 +137,10 @@ def parse_node_and_insert(c, node, cveId):
def cpe_generator():
for cpe in node.get('cpe_match', ()):
+ # Check if cpe has all mandatory fields based on its schema
+ # https://csrc.nist.gov/schema/nvd/feed/1.1/nvd_cve_feed_json_1.1.schema
+ if 'cpe23Uri' not in cpe or 'vulnerable' not in cpe:
+ return
if not cpe['vulnerable']:
return
cpe23 = cpe['cpe23Uri'].split(':')
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-22 22:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22 22:11 [PATCH] cve-update-db-native: Check cpe object for validity falital
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.