[PATCH 1/2] cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST

[PATCH 1/2] cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST

[Pierre Le Magourou]

From: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>

CVE_CHECK_WHITELIST does not contain version anymore, as it was not
used. This variable should be set per recipe.

Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
---
 meta/classes/cve-check.bbclass | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index e8668b2566..512d4c7302 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -39,15 +39,12 @@ CVE_CHECK_CREATE_MANIFEST ??= "1"
 # Whitelist for packages (PN)
 CVE_CHECK_PN_WHITELIST ?= ""
 
-# Whitelist for CVE and version of package. If a CVE is found then the PV is
-# compared with the version list, and if found the CVE is considered
-# patched.
-#
-# The value should be valid Python in this format:
-# {
-#   'CVE-2014-2524': ('6.3','5.2')
-# }
-CVE_CHECK_CVE_WHITELIST ?= "{}"
+# Whitelist for CVE. If a CVE is found, then it is considered patched.
+# The value is a string containing space separated CVE values:
+# 
+# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
+# 
+CVE_CHECK_WHITELIST ?= ""
 
 python do_cve_check () {
     """
@@ -185,7 +182,10 @@ def check_cves(d, patched_cves):
         bb.note("Recipe has been whitelisted, skipping check")
         return ([], [])
 
-    cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))
+    old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
+    if old_cve_whitelist:
+        bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
+    cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
 
     import sqlite3
     db_file = d.getVar("CVE_CHECK_DB_FILE")
@@ -206,7 +206,7 @@ def check_cves(d, patched_cves):
             version_end = row[6]
             operator_end = row[7]
 
-            if pv in cve_whitelist.get(cve, []):
+            if cve in cve_whitelist:
                 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
             elif cve in patched_cves:
                 bb.note("%s has been patched" % (cve))
-- 
2.11.0

[PATCH 2/2] cve-update-db-native: Remove hash column from database.

[Pierre Le Magourou]

From: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>

djb2 hash algorithm was found to do collisions, so the database was
sometime missing data. Remove this hash mechanism, clear and populate
elements from scratch in PRODUCTS table if the current year needs an
update.

Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
---
 meta/classes/cve-check.bbclass                 | 12 ++++++------
 meta/recipes-core/meta/cve-update-db-native.bb | 21 +++++++--------------
 2 files changed, 13 insertions(+), 20 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 512d4c7302..c00d2910be 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
             c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
 
         for row in c:
-            cve = row[1]
-            version_start = row[4]
-            operator_start = row[5]
-            version_end = row[6]
-            operator_end = row[7]
+            cve = row[0]
+            version_start = row[3]
+            operator_start = row[4]
+            version_end = row[5]
+            operator_end = row[6]
 
             if cve in cve_whitelist:
                 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 72d1f48835..3519beae5f 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -30,7 +30,7 @@ python do_populate_cve_db() {
     YEAR_START = 2002
 
     db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
-    db_file = db_dir + '/nvdcve.db'
+    db_file = db_dir + '/nvdcve_1.0.db'
     json_tmpfile = db_dir + '/nvd.json.gz'
     proxy = d.getVar("https_proxy")
     cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a')
@@ -65,6 +65,10 @@ python do_populate_cve_db() {
         c.execute("select DATE from META where YEAR = ?", (year,))
         meta = c.fetchone()
         if not meta or meta[0] != last_modified:
+            # Clear products table entries corresponding to current year
+            cve_year = 'CVE-' + str(year) + '%'
+            c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
+
             # Update db with current year json file
             req = urllib.request.Request(json_url)
             if proxy:
@@ -91,27 +95,16 @@ python do_populate_cve_db() {
     conn.close()
 }
 
-# DJB2 hash algorithm
-def hash_djb2(s):
-    hash = 5381
-    for x in s:
-        hash = (( hash << 5) + hash) + ord(x)
-
-    return hash & 0xFFFFFFFF
-
 def initialize_db(c):
     c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
     c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
         SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
-    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \
+    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
         VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
         VERSION_END TEXT, OPERATOR_END TEXT)")
 
 def insert_elt(c, db_values):
-    product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3]
-    hashstr = hash_djb2(product_str)
-    db_values.insert(0, hashstr)
-    query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)"
+    query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
     c.execute(query, db_values)
 
 def parse_node_and_insert(c, node, cveId):
-- 
2.11.0

Re: [PATCH 2/2] cve-update-db-native: Remove hash column from database.

[Burton, Ross]

Can you rebase this on top of the patches I sent yesterday to change
the path construction to use os.path.join() please.

Ross

On Thu, 18 Jul 2019 at 13:41, Pierre Le Magourou <lemagoup@gmail.com> wrote:
>
> From: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
>
> djb2 hash algorithm was found to do collisions, so the database was
> sometime missing data. Remove this hash mechanism, clear and populate
> elements from scratch in PRODUCTS table if the current year needs an
> update.
>
> Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
> ---
>  meta/classes/cve-check.bbclass                 | 12 ++++++------
>  meta/recipes-core/meta/cve-update-db-native.bb | 21 +++++++--------------
>  2 files changed, 13 insertions(+), 20 deletions(-)
>
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index 512d4c7302..c00d2910be 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
>  CVE_VERSION ??= "${PV}"
>
>  CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
> -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
> +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
>
>  CVE_CHECK_LOG ?= "${T}/cve.log"
>  CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
> @@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
>              c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
>
>          for row in c:
> -            cve = row[1]
> -            version_start = row[4]
> -            operator_start = row[5]
> -            version_end = row[6]
> -            operator_end = row[7]
> +            cve = row[0]
> +            version_start = row[3]
> +            operator_start = row[4]
> +            version_end = row[5]
> +            operator_end = row[6]
>
>              if cve in cve_whitelist:
>                  bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
> diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
> index 72d1f48835..3519beae5f 100644
> --- a/meta/recipes-core/meta/cve-update-db-native.bb
> +++ b/meta/recipes-core/meta/cve-update-db-native.bb
> @@ -30,7 +30,7 @@ python do_populate_cve_db() {
>      YEAR_START = 2002
>
>      db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
> -    db_file = db_dir + '/nvdcve.db'
> +    db_file = db_dir + '/nvdcve_1.0.db'
>      json_tmpfile = db_dir + '/nvd.json.gz'
>      proxy = d.getVar("https_proxy")
>      cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a')
> @@ -65,6 +65,10 @@ python do_populate_cve_db() {
>          c.execute("select DATE from META where YEAR = ?", (year,))
>          meta = c.fetchone()
>          if not meta or meta[0] != last_modified:
> +            # Clear products table entries corresponding to current year
> +            cve_year = 'CVE-' + str(year) + '%'
> +            c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
> +
>              # Update db with current year json file
>              req = urllib.request.Request(json_url)
>              if proxy:
> @@ -91,27 +95,16 @@ python do_populate_cve_db() {
>      conn.close()
>  }
>
> -# DJB2 hash algorithm
> -def hash_djb2(s):
> -    hash = 5381
> -    for x in s:
> -        hash = (( hash << 5) + hash) + ord(x)
> -
> -    return hash & 0xFFFFFFFF
> -
>  def initialize_db(c):
>      c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
>      c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
>          SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
> -    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \
> +    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
>          VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
>          VERSION_END TEXT, OPERATOR_END TEXT)")
>
>  def insert_elt(c, db_values):
> -    product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3]
> -    hashstr = hash_djb2(product_str)
> -    db_values.insert(0, hashstr)
> -    query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)"
> +    query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
>      c.execute(query, db_values)
>
>  def parse_node_and_insert(c, node, cveId):
> --
> 2.11.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH 2/2] cve-update-db-native: Remove hash column from database.

[Pierre Le Magourou]

Hello Ross,

> Can you rebase this on top of the patches I sent yesterday to change
> the path construction to use os.path.join() please.

I can't find the patches your are referring to. My patches are rebased
on the last master, and I don't see a patch from you in master-next.

Pierre

Le jeu. 18 juil. 2019 à 15:10, Burton, Ross <ross.burton@intel.com> a écrit :
>

>
> Ross
>
> On Thu, 18 Jul 2019 at 13:41, Pierre Le Magourou <lemagoup@gmail.com> wrote:
> >
> > From: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
> >
> > djb2 hash algorithm was found to do collisions, so the database was
> > sometime missing data. Remove this hash mechanism, clear and populate
> > elements from scratch in PRODUCTS table if the current year needs an
> > update.
> >
> > Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
> > ---
> >  meta/classes/cve-check.bbclass                 | 12 ++++++------
> >  meta/recipes-core/meta/cve-update-db-native.bb | 21 +++++++--------------
> >  2 files changed, 13 insertions(+), 20 deletions(-)
> >
> > diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> > index 512d4c7302..c00d2910be 100644
> > --- a/meta/classes/cve-check.bbclass
> > +++ b/meta/classes/cve-check.bbclass
> > @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
> >  CVE_VERSION ??= "${PV}"
> >
> >  CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
> > -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
> > +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
> >
> >  CVE_CHECK_LOG ?= "${T}/cve.log"
> >  CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
> > @@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
> >              c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
> >
> >          for row in c:
> > -            cve = row[1]
> > -            version_start = row[4]
> > -            operator_start = row[5]
> > -            version_end = row[6]
> > -            operator_end = row[7]
> > +            cve = row[0]
> > +            version_start = row[3]
> > +            operator_start = row[4]
> > +            version_end = row[5]
> > +            operator_end = row[6]
> >
> >              if cve in cve_whitelist:
> >                  bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
> > diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
> > index 72d1f48835..3519beae5f 100644
> > --- a/meta/recipes-core/meta/cve-update-db-native.bb
> > +++ b/meta/recipes-core/meta/cve-update-db-native.bb
> > @@ -30,7 +30,7 @@ python do_populate_cve_db() {
> >      YEAR_START = 2002
> >
> >      db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
> > -    db_file = db_dir + '/nvdcve.db'
> > +    db_file = db_dir + '/nvdcve_1.0.db'
> >      json_tmpfile = db_dir + '/nvd.json.gz'
> >      proxy = d.getVar("https_proxy")
> >      cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a')
> > @@ -65,6 +65,10 @@ python do_populate_cve_db() {
> >          c.execute("select DATE from META where YEAR = ?", (year,))
> >          meta = c.fetchone()
> >          if not meta or meta[0] != last_modified:
> > +            # Clear products table entries corresponding to current year
> > +            cve_year = 'CVE-' + str(year) + '%'
> > +            c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
> > +
> >              # Update db with current year json file
> >              req = urllib.request.Request(json_url)
> >              if proxy:
> > @@ -91,27 +95,16 @@ python do_populate_cve_db() {
> >      conn.close()
> >  }
> >
> > -# DJB2 hash algorithm
> > -def hash_djb2(s):
> > -    hash = 5381
> > -    for x in s:
> > -        hash = (( hash << 5) + hash) + ord(x)
> > -
> > -    return hash & 0xFFFFFFFF
> > -
> >  def initialize_db(c):
> >      c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
> >      c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
> >          SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
> > -    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \
> > +    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
> >          VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
> >          VERSION_END TEXT, OPERATOR_END TEXT)")
> >
> >  def insert_elt(c, db_values):
> > -    product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3]
> > -    hashstr = hash_djb2(product_str)
> > -    db_values.insert(0, hashstr)
> > -    query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)"
> > +    query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
> >      c.execute(query, db_values)
> >
> >  def parse_node_and_insert(c, node, cveId):
> > --
> > 2.11.0
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH 2/2] cve-update-db-native: Remove hash column from database.

[Burton, Ross]

I must have failed to actually post them, and this is now in next.
I'll rebase and send instead!

Ross

On Thu, 18 Jul 2019 at 14:56, Pierre Le Magourou <lemagoup@gmail.com> wrote:
>
> Hello Ross,
>
> > Can you rebase this on top of the patches I sent yesterday to change
> > the path construction to use os.path.join() please.
>
> I can't find the patches your are referring to. My patches are rebased
> on the last master, and I don't see a patch from you in master-next.
>
> Pierre
>
> Le jeu. 18 juil. 2019 à 15:10, Burton, Ross <ross.burton@intel.com> a écrit :
> >
>
> >
> > Ross
> >
> > On Thu, 18 Jul 2019 at 13:41, Pierre Le Magourou <lemagoup@gmail.com> wrote:
> > >
> > > From: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
> > >
> > > djb2 hash algorithm was found to do collisions, so the database was
> > > sometime missing data. Remove this hash mechanism, clear and populate
> > > elements from scratch in PRODUCTS table if the current year needs an
> > > update.
> > >
> > > Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
> > > ---
> > >  meta/classes/cve-check.bbclass                 | 12 ++++++------
> > >  meta/recipes-core/meta/cve-update-db-native.bb | 21 +++++++--------------
> > >  2 files changed, 13 insertions(+), 20 deletions(-)
> > >
> > > diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> > > index 512d4c7302..c00d2910be 100644
> > > --- a/meta/classes/cve-check.bbclass
> > > +++ b/meta/classes/cve-check.bbclass
> > > @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
> > >  CVE_VERSION ??= "${PV}"
> > >
> > >  CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
> > > -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
> > > +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
> > >
> > >  CVE_CHECK_LOG ?= "${T}/cve.log"
> > >  CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
> > > @@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
> > >              c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
> > >
> > >          for row in c:
> > > -            cve = row[1]
> > > -            version_start = row[4]
> > > -            operator_start = row[5]
> > > -            version_end = row[6]
> > > -            operator_end = row[7]
> > > +            cve = row[0]
> > > +            version_start = row[3]
> > > +            operator_start = row[4]
> > > +            version_end = row[5]
> > > +            operator_end = row[6]
> > >
> > >              if cve in cve_whitelist:
> > >                  bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
> > > diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
> > > index 72d1f48835..3519beae5f 100644
> > > --- a/meta/recipes-core/meta/cve-update-db-native.bb
> > > +++ b/meta/recipes-core/meta/cve-update-db-native.bb
> > > @@ -30,7 +30,7 @@ python do_populate_cve_db() {
> > >      YEAR_START = 2002
> > >
> > >      db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
> > > -    db_file = db_dir + '/nvdcve.db'
> > > +    db_file = db_dir + '/nvdcve_1.0.db'
> > >      json_tmpfile = db_dir + '/nvd.json.gz'
> > >      proxy = d.getVar("https_proxy")
> > >      cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a')
> > > @@ -65,6 +65,10 @@ python do_populate_cve_db() {
> > >          c.execute("select DATE from META where YEAR = ?", (year,))
> > >          meta = c.fetchone()
> > >          if not meta or meta[0] != last_modified:
> > > +            # Clear products table entries corresponding to current year
> > > +            cve_year = 'CVE-' + str(year) + '%'
> > > +            c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
> > > +
> > >              # Update db with current year json file
> > >              req = urllib.request.Request(json_url)
> > >              if proxy:
> > > @@ -91,27 +95,16 @@ python do_populate_cve_db() {
> > >      conn.close()
> > >  }
> > >
> > > -# DJB2 hash algorithm
> > > -def hash_djb2(s):
> > > -    hash = 5381
> > > -    for x in s:
> > > -        hash = (( hash << 5) + hash) + ord(x)
> > > -
> > > -    return hash & 0xFFFFFFFF
> > > -
> > >  def initialize_db(c):
> > >      c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
> > >      c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
> > >          SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
> > > -    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \
> > > +    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
> > >          VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
> > >          VERSION_END TEXT, OPERATOR_END TEXT)")
> > >
> > >  def insert_elt(c, db_values):
> > > -    product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3]
> > > -    hashstr = hash_djb2(product_str)
> > > -    db_values.insert(0, hashstr)
> > > -    query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)"
> > > +    query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
> > >      c.execute(query, db_values)
> > >
> > >  def parse_node_and_insert(c, node, cveId):
> > > --
> > > 2.11.0
> > >
> > > --
> > > _______________________________________________
> > > Openembedded-core mailing list
> > > Openembedded-core@lists.openembedded.org
> > > http://lists.openembedded.org/mailman/listinfo/openembedded-core