cve-update-db-native: handle all-wildcard versions

If a CPE version field is just *:*:*:* it should be handled the same as
-:*:*:*, that is 'all versions'.  To ease handling, transform this case
to use -.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 04a9bc4ca5294fe6834513669c7746a824d12b04)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index cf2b251e21a48eb5a69b559cfdb403edb21ad1a2..cf62e1e32c7a2a8209e88eaf07f7a6966d57947d 100644 (file)
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -172,7 +172,12 @@ def parse_node_and_insert(c, node, cveId):
                     op_end = '<'
                     v_end = cpe['versionEndExcluding']
 
-                yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
+                if op_start or op_end or v_start or v_end:
+                    yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
+                else:
+                    # This is no version information, expressed differently.
+                    # Save processing by representing as -.
+                    yield [cveId, vendor, product, '-', '', '', '']
 
     c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())