[Buildroot] [PATCH 07/10] support/scripts/pkg-stats: check CPE existence in CPE dictionnary
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Jan 31 12:55:57 UTC 2021
On Thu, 7 Jan 2021 13:37:59 -0600
Matthew Weber via buildroot <buildroot at busybox.net> wrote:
> > +def check_package_cpes(nvd_path, packages):
> > + cpedb = CPEDB(nvd_path)
> > + cpedb.get_xml_dict()
> > + for p in packages:
> > + if not p.cpeid:
> > + continue
> > + if cpedb.find(p.cpeid):
> > + p.status['cpe'] = ("ok", "verified CPE identifier")
> > + else:
> > + p.status['cpe'] = ("error", "CPE identifier unknown in CPE database")
>
> I noticed in the pkgstats output that busybox which has an exact match
> was coming up as the following.
>
> cpe:2.3:a:busybox:busybox:1.32.0:*:*:*:*:*:*:*
> CPE identifier unknown in CPE database
As discussed on IRC, I think this was due to the .pkl being empty to
due XML parsing issue with an older Python version. Grégory has worked
on this, and solved the problem. This will be in the v2 of the patch
series.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list