MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

cve-update-nvd2-native: handle missing vulnStatus

Browse Source 
There is a new CVE which is missing vulnStatus field:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2682

This leads to:
File: '<snip>/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 336, function: update_db
     0332:
     0333:    accessVector = None
     0334:    vectorString = None
     0335:    cveId = elt['cve']['id']
 *** 0336:    if elt['cve']['vulnStatus'] ==  "Rejected":
     0337:        c = conn.cursor()
     0338:        c.execute("delete from PRODUCTS where ID = ?;", [cveId])
     0339:        c.execute("delete from NVD where ID = ?;", [cveId])
     0340:        c.close()
Exception: KeyError: 'vulnStatus'

(From OE-Core rev: 2f242f2a269bb18aab703f685e27f9c3ba761db8)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko 2025-03-28 16:48:20 +01:00 committed by Steve Sakoman
parent fe7c269b02
commit 2af52d4819
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-core/meta/cve-update-nvd2-native.bb
View File

@ -338,7 +338,7 @@ def update_db(conn, elt):
accessVector = None accessVector = None
vectorString = None vectorString = None
cveId = elt['cve']['id'] cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected": if elt['cve'].get('vulnStatus') == "Rejected":
c = conn.cursor() c = conn.cursor()
c.execute("delete from PRODUCTS where ID = ?;", [cveId]) c.execute("delete from PRODUCTS where ID = ?;", [cveId])
c.execute("delete from NVD where ID = ?;", [cveId]) c.execute("delete from NVD where ID = ?;", [cveId])