Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support/scripts/cve.py: handle CVEs with 'configurations' but no 'nodes' inside

Browse Source 
The each_cpe() method is careful that some CVEs have no
"configurations", but some CVEs such as
https://nvd.nist.gov/vuln/detail/CVE-2025-32915 apparently have a
"configurations" node, but no "nodes" inside the "configurations",
causing an exception:

Traceback (most recent call last):
  File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 1382, in <module>
    __main__()
  File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 1371, in __main__
    check_package_cves(args.nvd_path, packages)
  File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 679, in check_package_cves
    check_package_cve_affects(cve, cpe_product_pkgs)
  File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 638, in check_package_cve_affects
    for product in cve.affected_products:
                   ^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildroot/buildroot-stats/support/scripts/cve.py", line 185, in affected_products
    return set(cpe_product(p['id']) for p in self.each_cpe())
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildroot/buildroot-stats/support/scripts/cve.py", line 185, in <genexpr>
    return set(cpe_product(p['id']) for p in self.each_cpe())
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildroot/buildroot-stats/support/scripts/cve.py", line 173, in each_cpe
    for node in nodes['nodes']:
                ~~~~~^^^^^^^^^
KeyError: 'nodes'

Fixes:
  54f8d97c91 ("support/scripts/pkg-stats: adapt to NVD v2 json format")

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Romain:
  - add reference to buildroot commit introducing the issue
  - a similar patch was sent by Daniel Lang (thanks!)
  - needed on 2025.02.x to fix "Daily results" email]
(cherry picked from commit 67422b9d9c)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
This commit is contained in:
Thomas Petazzoni
2025-08-23 16:38:42 +02:00
committed by Romain Naour
parent 74c0db84cb
commit b4d919a0cd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
support/scripts/cve.py
View File

@@ -170,7 +170,7 @@ class CVE:
def each_cpe(self):
for nodes in self.nvd_cve.get('configurations', []):
for node in nodes['nodes']:
for node in nodes.get('nodes', []):
for cpe in self.parse_node(node):
yield cpe