MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

cve-update-nvd2-native: Remove rejected CVE from database

Browse Source 
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.

(From OE-Core rev: f276a980b8930b98e6c8f0e1a865d77dfcfe5085)

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Yoann Congal 2024-03-15 01:20:20 +01:00 committed by Richard Purdie
parent c698cf6723
commit 789b10030c
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
meta/recipes-core/meta/cve-update-nvd2-native.bb
View File

@ -324,6 +324,10 @@ def update_db(conn, elt):
vectorString = None vectorString = None
cveId = elt['cve']['id'] cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected": if elt['cve']['vulnStatus'] == "Rejected":
c = conn.cursor()
c.execute("delete from PRODUCTS where ID = ?;", [cveId])
c.execute("delete from NVD where ID = ?;", [cveId])
c.close()
return return
cveDesc = "" cveDesc = ""
for desc in elt['cve']['descriptions']: for desc in elt['cve']['descriptions']: