All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] cve-update-db-native: skip on empty cpe23Uri
@ 2021-04-22  6:51 Konrad Weihmann
  2021-04-22 15:30 ` [OE-core] " Ralph Siemsen
  0 siblings, 1 reply; 2+ messages in thread
From: Konrad Weihmann @ 2021-04-22  6:51 UTC (permalink / raw)
  To: openembedded-core; +Cc: Konrad Weihmann

Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present

Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
---
 meta/recipes-core/meta/cve-update-db-native.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 25ec6bac71..1599396c92 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -139,7 +139,9 @@ def parse_node_and_insert(c, node, cveId):
         for cpe in node.get('cpe_match', ()):
             if not cpe['vulnerable']:
                 return
-            cpe23 = cpe['cpe23Uri'].split(':')
+            cpe23 = cpe.get('cpe23Uri', '').split(':')
+            if not cpe23:
+                return
             vendor = cpe23[3]
             product = cpe23[4]
             version = cpe23[5]
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [OE-core] [PATCH] cve-update-db-native: skip on empty cpe23Uri
  2021-04-22  6:51 [PATCH] cve-update-db-native: skip on empty cpe23Uri Konrad Weihmann
@ 2021-04-22 15:30 ` Ralph Siemsen
  0 siblings, 0 replies; 2+ messages in thread
From: Ralph Siemsen @ 2021-04-22 15:30 UTC (permalink / raw)
  To: Konrad Weihmann; +Cc: openembedded-core

Hi Konrad,

On Thu, Apr 22, 2021 at 08:51:43AM +0200, Konrad Weihmann wrote:

>Recently an entry in the NVD DB appeared that looks like that
>{'vulnerable': True, 'cpe_name': []}.
>As besides all the vulnerable flag no data is present we would get
>a KeyError exception on acccess.
>Use get method on dictionary and return if no meta data is present

Thank you for this fix. With it applied, I am getting error:

Exception: AttributeError: 'NoneType' object has no attribute 'split'

I was able to make it work by adjusting the patch slightly, see below.
Note that I am a python rookie, so this may not be the proper solution.

Regards,
Ralph

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
--

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index f27ade40db..c38f16afac 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -130,7 +130,10 @@ def parse_node_and_insert(c, node, cveId):
         for cpe in node.get('cpe_match', ()):
             if not cpe['vulnerable']:
                 return
-            cpe23 = cpe['cpe23Uri'].split(':')
+            cpe23 = cpe.get('cpe23Uri')
+            if not cpe23:
+                return
+            cpe23 = cpe23.split(':')
             vendor = cpe23[3]
             product = cpe23[4]
             version = cpe23[5]
--
2.17.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-22 15:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22  6:51 [PATCH] cve-update-db-native: skip on empty cpe23Uri Konrad Weihmann
2021-04-22 15:30 ` [OE-core] " Ralph Siemsen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.