From: "Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)" <hetpat@cisco.com>
To: openembedded-core@lists.openembedded.org
Cc: xe-linux-external@cisco.com, vchavda@cisco.com
Subject: [openembedded-core] [scarthgap] [PATCH v1 30/34] cve-update-db-native: FKIE CVE parsing: Use Secondary metric
Date: Thu, 19 Feb 2026 21:34:39 -0800 [thread overview]
Message-ID: <20260220053443.3006180-30-hetpat@cisco.com> (raw)
In-Reply-To: <20260220053443.3006180-1-hetpat@cisco.com>
From: Jonathan Schnitzler <jonathan.schnitzler@faro.com>
If there is no primary metric use the Secondary one.
Signed-off-by: Jonathan Schnitzler <jonathan.schnitzler@faro.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5ad0516aba120d9eba5f10afa3a4de3d25fd31fc)
Signed-off-by: Het Patel <hetpat@cisco.com>
---
.../recipes-core/meta/cve-update-db-native.bb | 53 ++++++++++++-------
1 file changed, 33 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 39a26a2481..9d21d10157 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -322,6 +322,15 @@ def update_db_nvdjson(conn, jsondata):
for config in configurations:
parse_node_and_insert(conn, config, cveId, True)
+def get_metric_entry(metric):
+ primaries = [c for c in metric if c['type'] == "Primary"]
+ secondaries = [c for c in metric if c['type'] == "Secondary"]
+ if len(primaries) > 0:
+ return primaries[0]
+ elif len(secondaries)>0:
+ return secondaries[0]
+ return None
+
def update_db_fkie(conn, jsondata):
import json
root = json.loads(jsondata)
@@ -342,37 +351,41 @@ def update_db_fkie(conn, jsondata):
cveDesc = elt['descriptions'][0]['value']
date = elt['lastModified']
try:
- for m in elt['metrics']['cvssMetricV2']:
- if m['type'] == 'Primary':
- accessVector = m['cvssData']['accessVector']
- vectorString = m['cvssData']['vectorString']
- cvssv2 = m['cvssData']['baseScore']
+ if 'cvssMetricV2' in elt['metrics']:
+ entry = get_metric_entry(elt['metrics']['cvssMetricV2'])
+ if entry:
+ accessVector = entry['cvssData']['accessVector']
+ vectorString = entry['cvssData']['vectorString']
+ cvssv2 = entry['cvssData']['baseScore']
except KeyError:
cvssv2 = 0.0
try:
- for m in elt['metrics']['cvssMetricV30']:
- if m['type'] == 'Primary':
- accessVector = m['cvssData']['attackVector']
- vectorString = m['cvssData']['vectorString']
- cvssv3 = m['cvssData']['baseScore']
+ if 'cvssMetricV30' in elt['metrics']:
+ entry = get_metric_entry(elt['metrics']['cvssMetricV30'])
+ if entry:
+ accessVector = entry['cvssData']['attackVector']
+ vectorString = entry['cvssData']['vectorString']
+ cvssv3 = entry['cvssData']['baseScore']
except KeyError:
accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
try:
- for m in elt['metrics']['cvssMetricV31']:
- if m['type'] == 'Primary':
- accessVector = m['cvssData']['attackVector']
- vectorString = m['cvssData']['vectorString']
- cvssv3 = m['cvssData']['baseScore']
+ if 'cvssMetricV31' in elt['metrics']:
+ entry = get_metric_entry(elt['metrics']['cvssMetricV31'])
+ if entry:
+ accessVector = entry['cvssData']['attackVector']
+ vectorString = entry['cvssData']['vectorString']
+ cvssv3 = entry['cvssData']['baseScore']
except KeyError:
accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
try:
- for m in elt['metrics']['cvssMetricV40']:
- if m['type'] == 'Primary':
- accessVector = m['cvssData']['attackVector']
- vectorString = m['cvssData']['vectorString']
- cvssv4 = m['cvssData']['baseScore']
+ if 'cvssMetricV40' in elt['metrics']:
+ entry = get_metric_entry(elt['metrics']['cvssMetricV40'])
+ if entry:
+ accessVector = entry['cvssData']['attackVector']
+ vectorString = entry['cvssData']['vectorString']
+ cvssv4 = entry['cvssData']['baseScore']
except KeyError:
accessVector = accessVector or "UNKNOWN"
cvssv4 = 0.0
next prev parent reply other threads:[~2026-02-20 5:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-20 5:34 [openembedded-core] [scarthgap] [PATCH v1 01/34] cve-check: encode affected product/vendor in CVE_STATUS Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 02/34] cve_check: Update selftest with new status detail Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 03/34] cve-check: annotate CVEs during analysis Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 04/34] cve-check-map: add new statuses Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 05/34] selftest: add test_product_match Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 06/34] cve-check: remove the TEXT format support Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 07/34] cve-check-update-nvd2-native: Incremement DL_DIR database location Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 08/34] cve-check: add field "modified" to JSON report Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 09/34] cve-check: do not skip cve status description after : Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 10/34] cve-check: fix malformed cve status description with : characters Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 11/34] cve-check: restore CVE_CHECK_SHOW_WARNINGS functionality Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 12/34] cve-check: fix cvesInRecord Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 13/34] cve-check: Fix errors in log lines Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 14/34] cve-check: Rework patch parsing Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 15/34] meta/lib/oe/cve_check.py: fix patched_cves not updated Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 16/34] cve-check: allow feed choice Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 17/34] cve-update-db-native: restore Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 18/34] cve-update-db-native: update structure Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 19/34] cve-update-db-native: add the fkie source Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 20/34] cve-check: change the default feed Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 21/34] cve-check: fix debug message Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 22/34] spdx30: Allow VEX Justification to be configurable Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 23/34] cve-update-db-native: fix fetcher for CVEs missing nodes Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 24/34] cve-update-db-native: Use a local copy of the database during builds Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 25/34] cve-update-db-native: Handle BB_NO_NETWORK and missing db Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 26/34] cve-update-db-native: log a little more Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 27/34] cve-update: decrease update interval to 23 hours Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 28/34] cve-update: remove cleanup of db_file in downloads Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 29/34] cve-update-db-native: Fix FKIE CVE accessVector parsing Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco) [this message]
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 31/34] cve-update: log timestamps and add force update for future time Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 32/34] cve-update-db-native: pycodestyle fixes Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 33/34] cve-update-nvd2-native: " Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 34/34] cve-update: Avoid NFS caching issues Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-23 9:46 ` [OE-core] [openembedded-core] [scarthgap] [PATCH v1 01/34] cve-check: encode affected product/vendor in CVE_STATUS Paul Barker
2026-02-23 12:31 ` Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-03 9:09 ` Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-05 13:13 ` Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260220053443.3006180-30-hetpat@cisco.com \
--to=hetpat@cisco.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=vchavda@cisco.com \
--cc=xe-linux-external@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox