* [PATCH] cve-update-db-native: skip on empty cpe23Uri
@ 2021-04-22 6:51 Konrad Weihmann
2021-04-22 15:30 ` [OE-core] " Ralph Siemsen
0 siblings, 1 reply; 2+ messages in thread
From: Konrad Weihmann @ 2021-04-22 6:51 UTC (permalink / raw)
To: openembedded-core; +Cc: Konrad Weihmann
Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 25ec6bac71..1599396c92 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -139,7 +139,9 @@ def parse_node_and_insert(c, node, cveId):
for cpe in node.get('cpe_match', ()):
if not cpe['vulnerable']:
return
- cpe23 = cpe['cpe23Uri'].split(':')
+ cpe23 = cpe.get('cpe23Uri', '').split(':')
+ if not cpe23:
+ return
vendor = cpe23[3]
product = cpe23[4]
version = cpe23[5]
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core] [PATCH] cve-update-db-native: skip on empty cpe23Uri
2021-04-22 6:51 [PATCH] cve-update-db-native: skip on empty cpe23Uri Konrad Weihmann
@ 2021-04-22 15:30 ` Ralph Siemsen
0 siblings, 0 replies; 2+ messages in thread
From: Ralph Siemsen @ 2021-04-22 15:30 UTC (permalink / raw)
To: Konrad Weihmann; +Cc: openembedded-core
Hi Konrad,
On Thu, Apr 22, 2021 at 08:51:43AM +0200, Konrad Weihmann wrote:
>Recently an entry in the NVD DB appeared that looks like that
>{'vulnerable': True, 'cpe_name': []}.
>As besides all the vulnerable flag no data is present we would get
>a KeyError exception on acccess.
>Use get method on dictionary and return if no meta data is present
Thank you for this fix. With it applied, I am getting error:
Exception: AttributeError: 'NoneType' object has no attribute 'split'
I was able to make it work by adjusting the patch slightly, see below.
Note that I am a python rookie, so this may not be the proper solution.
Regards,
Ralph
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
--
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index f27ade40db..c38f16afac 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -130,7 +130,10 @@ def parse_node_and_insert(c, node, cveId):
for cpe in node.get('cpe_match', ()):
if not cpe['vulnerable']:
return
- cpe23 = cpe['cpe23Uri'].split(':')
+ cpe23 = cpe.get('cpe23Uri')
+ if not cpe23:
+ return
+ cpe23 = cpe23.split(':')
vendor = cpe23[3]
product = cpe23[4]
version = cpe23[5]
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-22 15:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22 6:51 [PATCH] cve-update-db-native: skip on empty cpe23Uri Konrad Weihmann
2021-04-22 15:30 ` [OE-core] " Ralph Siemsen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.