[oe-commits] [openembedded-core] 23/49: cve-update-db-native: Remove hash column from database.

git at git.openembedded.org git at git.openembedded.org
Wed Nov 6 20:45:10 UTC 2019 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch sumo-next
in repository openembedded-core.

commit e6541c6add1714938a81cca394886893cf24cdb0
Author: Pierre Le Magourou <pierre.lemagourou at softbankrobotics.com>
AuthorDate: Wed Nov 6 17:37:36 2019 +0200

    cve-update-db-native: Remove hash column from database.
    
    djb2 hash algorithm was found to do collisions, so the database was
    sometime missing data. Remove this hash mechanism, clear and populate
    elements from scratch in PRODUCTS table if the current year needs an
    update.
    
    (From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19)
    
    Signed-off-by: Pierre Le Magourou <pierre.lemagourou at softbankrobotics.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 meta/classes/cve-check.bbclass                 | 12 ++++++------
 meta/recipes-core/meta/cve-update-db-native.bb | 21 +++++++--------------
 2 files changed, 13 insertions(+), 20 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 512d4c7..c00d291 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
             c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
 
         for row in c:
-            cve = row[1]
-            version_start = row[4]
-            operator_start = row[5]
-            version_end = row[6]
-            operator_end = row[7]
+            cve = row[0]
+            version_start = row[3]
+            operator_start = row[4]
+            version_end = row[5]
+            operator_end = row[6]
 
             if cve in cve_whitelist:
                 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index cd27044..af2946b 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -25,7 +25,7 @@ python do_populate_cve_db() {
     YEAR_START = 2002
 
     db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
-    db_file = db_dir + '/nvdcve.db'
+    db_file = db_dir + '/nvdcve_1.0.db'
     json_tmpfile = db_dir + '/nvd.json.gz'
     proxy = d.getVar("https_proxy")
     cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a')
@@ -60,6 +60,10 @@ python do_populate_cve_db() {
         c.execute("select DATE from META where YEAR = ?", (year,))
         meta = c.fetchone()
         if not meta or meta[0] != last_modified:
+            # Clear products table entries corresponding to current year
+            cve_year = 'CVE-' + str(year) + '%'
+            c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
+
             # Update db with current year json file
             req = urllib.request.Request(json_url)
             if proxy:
@@ -86,27 +90,16 @@ python do_populate_cve_db() {
     conn.close()
 }
 
-# DJB2 hash algorithm
-def hash_djb2(s):
-    hash = 5381
-    for x in s:
-        hash = (( hash << 5) + hash) + ord(x)
-
-    return hash & 0xFFFFFFFF
-
 def initialize_db(c):
     c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
     c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
         SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
-    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \
+    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
         VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
         VERSION_END TEXT, OPERATOR_END TEXT)")
 
 def insert_elt(c, db_values):
-    product_str = db_values[0] + db_values[1] + db_values[2] + db_values[3]
-    hashstr = hash_djb2(product_str)
-    db_values.insert(0, hashstr)
-    query = "insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?, ?, ?)"
+    query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
     c.execute(query, db_values)
 
 def parse_node_and_insert(c, node, cveId):

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list