Re: [OE-core] [PATCH] cve-update-db-native: skip on empty cpe23Uri

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Ralph Siemsen" <ralph.siemsen@linaro.org>
To: Konrad Weihmann <kweihmann@outlook.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] cve-update-db-native: skip on empty cpe23Uri
Date: Thu, 22 Apr 2021 11:30:00 -0400	[thread overview]
Message-ID: <20210422153000.GA16506@maple.netwinder.org> (raw)
In-Reply-To: <AM9PR09MB46420BB6685CA903F63B2575A8469@AM9PR09MB4642.eurprd09.prod.outlook.com>

Hi Konrad,

On Thu, Apr 22, 2021 at 08:51:43AM +0200, Konrad Weihmann wrote:

>Recently an entry in the NVD DB appeared that looks like that
>{'vulnerable': True, 'cpe_name': []}.
>As besides all the vulnerable flag no data is present we would get
>a KeyError exception on acccess.
>Use get method on dictionary and return if no meta data is present

Thank you for this fix. With it applied, I am getting error:

Exception: AttributeError: 'NoneType' object has no attribute 'split'

I was able to make it work by adjusting the patch slightly, see below.
Note that I am a python rookie, so this may not be the proper solution.

Regards,
Ralph

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
--

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index f27ade40db..c38f16afac 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -130,7 +130,10 @@ def parse_node_and_insert(c, node, cveId):
         for cpe in node.get('cpe_match', ()):
             if not cpe['vulnerable']:
                 return
-            cpe23 = cpe['cpe23Uri'].split(':')
+            cpe23 = cpe.get('cpe23Uri')
+            if not cpe23:
+                return
+            cpe23 = cpe23.split(':')
             vendor = cpe23[3]
             product = cpe23[4]
             version = cpe23[5]
--
2.17.1

     prev parent reply	other threads:[~2021-04-22 15:30 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-22  6:51 [PATCH] cve-update-db-native: skip on empty cpe23Uri Konrad Weihmann
2021-04-22 15:30 ` Ralph Siemsen [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f27ade40d dfblob:c38f16afa )
 OR (
bs:"Re: [OE-core] [PATCH] cve-update-db-native: skip on empty cpe23Uri" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210422153000.GA16506@maple.netwinder.org \
    --to=ralph.siemsen@linaro.org \
    --cc=kweihmann@outlook.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.