From: Jonathan Schnitzler Date: Sun, 24 Aug 2025 14:57:45 +0000 (+0200) Subject: cve-update-db-native: FKIE CVE parsing: Use Secondary metric X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ad0516aba120d9eba5f10afa3a4de3d25fd31fc;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git cve-update-db-native: FKIE CVE parsing: Use Secondary metric If there is no primary metric use the Secondary one. Signed-off-by: Jonathan Schnitzler Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 87e5a3edaa..0c7bc5f415 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -322,6 +322,15 @@ def update_db_nvdjson(conn, jsondata): for config in configurations: parse_node_and_insert(conn, config, cveId, True) +def get_metric_entry(metric): + primaries = [c for c in metric if c['type'] == "Primary"] + secondaries = [c for c in metric if c['type'] == "Secondary"] + if len(primaries) > 0: + return primaries[0] + elif len(secondaries)>0: + return secondaries[0] + return None + def update_db_fkie(conn, jsondata): import json root = json.loads(jsondata) @@ -342,37 +351,41 @@ def update_db_fkie(conn, jsondata): cveDesc = elt['descriptions'][0]['value'] date = elt['lastModified'] try: - for m in elt['metrics']['cvssMetricV2']: - if m['type'] == 'Primary': - accessVector = m['cvssData']['accessVector'] - vectorString = m['cvssData']['vectorString'] - cvssv2 = m['cvssData']['baseScore'] + if 'cvssMetricV2' in elt['metrics']: + entry = get_metric_entry(elt['metrics']['cvssMetricV2']) + if entry: + accessVector = entry['cvssData']['accessVector'] + vectorString = entry['cvssData']['vectorString'] + cvssv2 = entry['cvssData']['baseScore'] except KeyError: cvssv2 = 0.0 try: - for m in elt['metrics']['cvssMetricV30']: - if m['type'] == 'Primary': - accessVector = m['cvssData']['attackVector'] - vectorString = m['cvssData']['vectorString'] - cvssv3 = m['cvssData']['baseScore'] + if 'cvssMetricV30' in elt['metrics']: + entry = get_metric_entry(elt['metrics']['cvssMetricV30']) + if entry: + accessVector = entry['cvssData']['attackVector'] + vectorString = entry['cvssData']['vectorString'] + cvssv3 = entry['cvssData']['baseScore'] except KeyError: accessVector = accessVector or "UNKNOWN" cvssv3 = 0.0 try: - for m in elt['metrics']['cvssMetricV31']: - if m['type'] == 'Primary': - accessVector = m['cvssData']['attackVector'] - vectorString = m['cvssData']['vectorString'] - cvssv3 = m['cvssData']['baseScore'] + if 'cvssMetricV31' in elt['metrics']: + entry = get_metric_entry(elt['metrics']['cvssMetricV31']) + if entry: + accessVector = entry['cvssData']['attackVector'] + vectorString = entry['cvssData']['vectorString'] + cvssv3 = entry['cvssData']['baseScore'] except KeyError: accessVector = accessVector or "UNKNOWN" cvssv3 = 0.0 try: - for m in elt['metrics']['cvssMetricV40']: - if m['type'] == 'Primary': - accessVector = m['cvssData']['attackVector'] - vectorString = m['cvssData']['vectorString'] - cvssv4 = m['cvssData']['baseScore'] + if 'cvssMetricV40' in elt['metrics']: + entry = get_metric_entry(elt['metrics']['cvssMetricV40']) + if entry: + accessVector = entry['cvssData']['attackVector'] + vectorString = entry['cvssData']['vectorString'] + cvssv4 = entry['cvssData']['baseScore'] except KeyError: accessVector = accessVector or "UNKNOWN" cvssv4 = 0.0