cve-update: handle baseMetricV2 as optional

author Konrad Weihmann <kweihmann@outlook.com>

Sun, 6 Sep 2020 10:40:45 +0000 (12:40 +0200)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Tue, 8 Sep 2020 09:20:10 +0000 (10:20 +0100)
author Konrad Weihmann <kweihmann@outlook.com>
Sun, 6 Sep 2020 10:40:45 +0000 (12:40 +0200)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Tue, 8 Sep 2020 09:20:10 +0000 (10:20 +0100)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb

index 1b4f31692ba168325136c2f1222e872ad9f58711..c64dd768c85ffb6994e35dc75cbcc31189c9f83e 100644 (file)
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -160,15 +160,20 @@ def update_db(c, jsondata):
          if not elt['impact']:
              continue
  
+        accessVector = None
          cveId = elt['cve']['CVE_data_meta']['ID']
          cveDesc = elt['cve']['description']['description_data'][0]['value']
          date = elt['lastModifiedDate']
-        accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
-        cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
-
          try:
+            accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+            cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+        except KeyError:
+            cvssv2 = 0.0
+        try:
+            accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
              cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
-        except:
+        except KeyError:
+            accessVector = accessVector or "UNKNOWN"
              cvssv3 = 0.0
  
          c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
author	Konrad Weihmann <kweihmann@outlook.com>
	Sun, 6 Sep 2020 10:40:45 +0000 (12:40 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 8 Sep 2020 09:20:10 +0000 (10:20 +0100)