diff options
Diffstat (limited to 'poky/meta/recipes-core/meta/cve-update-db.bb')
-rw-r--r-- | poky/meta/recipes-core/meta/cve-update-db.bb | 121 |
1 files changed, 0 insertions, 121 deletions
diff --git a/poky/meta/recipes-core/meta/cve-update-db.bb b/poky/meta/recipes-core/meta/cve-update-db.bb deleted file mode 100644 index 522fd2380..000000000 --- a/poky/meta/recipes-core/meta/cve-update-db.bb +++ /dev/null @@ -1,121 +0,0 @@ -SUMMARY = "Updates the NVD CVE database" -LICENSE = "MIT" - -INHIBIT_DEFAULT_DEPS = "1" -PACKAGES = "" - -inherit nopackages - -deltask do_fetch -deltask do_unpack -deltask do_patch -deltask do_configure -deltask do_compile -deltask do_install -deltask do_populate_sysroot - -python do_populate_cve_db() { - """ - Update NVD database with json data feed - """ - - import sqlite3, urllib3, shutil, gzip, re - from datetime import date - - BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" - YEAR_START = 2002 - JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz' - - # Connect to database - db_file = d.getVar("CVE_CHECK_DB_FILE") - conn = sqlite3.connect(db_file) - c = conn.cursor() - - initialize_db(c) - - http = urllib3.PoolManager() - - for year in range(YEAR_START, date.today().year + 1): - year_url = BASE_URL + str(year) - meta_url = year_url + ".meta" - json_url = year_url + ".json.gz" - - # Retrieve meta last modified date - with http.request('GET', meta_url, preload_content=False) as r: - date_line = str(r.data.splitlines()[0]) - last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1) - - # Compare with current db last modified date - c.execute("select DATE from META where YEAR = '%d'" % year) - meta = c.fetchone() - if not meta or meta[0] != last_modified: - # Update db with current year json file - with http.request('GET', json_url, preload_content=False) as r, open(JSON_TMPFILE, 'wb') as tmpfile: - shutil.copyfileobj(r, tmpfile) - with gzip.open(JSON_TMPFILE, 'rt') as jsonfile: - update_db(c, jsonfile) - c.execute("insert or replace into META values (?, ?)", - [year, last_modified]) - - conn.commit() - conn.close() - - with open(d.getVar("CVE_CHECK_TMP_FILE"), 'a'): - os.utime(d.getVar("CVE_CHECK_TMP_FILE"), None) -} - -# DJB2 hash algorithm -def hash_djb2(s): - hash = 5381 - for x in s: - hash = (( hash << 5) + hash) + ord(x) - - return hash & 0xFFFFFFFF - -def initialize_db(c): - c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") - c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \ - VENDOR TEXT, PRODUCT TEXT, VERSION TEXT, OPERATOR TEXT)") - c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_IDX ON PRODUCTS \ - (PRODUCT, VERSION)") - -def update_db(c, json_filename): - import json - root = json.load(json_filename) - - for elt in root['CVE_Items']: - if not elt['impact']: - continue - - cveId = elt['cve']['CVE_data_meta']['ID'] - cveDesc = elt['cve']['description']['description_data'][0]['value'] - date = elt['lastModifiedDate'] - accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] - cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] - - try: - cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] - except: - cvssv3 = 0.0 - - c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]) - - for vendor in elt['cve']['affects']['vendor']['vendor_data']: - for product in vendor['product']['product_data']: - for version in product['version']['version_data']: - product_str = cveId+vendor['vendor_name']+product['product_name']+version['version_value'] - hashstr = hash_djb2(product_str) - c.execute("insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?)", - [ hashstr, cveId, vendor['vendor_name'], - product['product_name'], version['version_value'], - version['version_affected']]) - - - -addtask do_populate_cve_db before do_cve_check -do_populate_cve_db[nostamp] = "1" - -EXCLUDE_FROM_WORLD = "1" |