From patchwork Wed Jul 17 10:45:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 169109 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp798283ilk; Wed, 17 Jul 2019 03:45:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqxSVoj1efR/tdd/fhj2lO9I/w7CdOo42XqMbZynzYPByZ/ZQFKHTIlrBANmhB2RtY0QpPnj X-Received: by 2002:a17:902:54d:: with SMTP id 71mr41387440plf.140.1563360351809; Wed, 17 Jul 2019 03:45:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563360351; cv=none; d=google.com; s=arc-20160816; b=v6tiP0USML1rqLoMX2WcDzaVJgXjkerqIAya+s2pl345cBAnwFWWapfWBgm/EoFToG 67AOnImU1vDgxYek5yBjFqIoBQyBxSKFMUrWlfuvuO5usvZUMokgF/edo5xWGPu7tD29 sh4sK4AGz76kvggBbhMspHmtNwrZPWTHPrJzevqTqZ0Z2dNPktSm5wz+8u1AujTku0qP XQXwbu5O4gEpQtpfPsEAV9NHy5ljPIrwTB+vMXCs9NrNYE3bemfjdP71YilgZwtrStlq LedZcIsI67YQEUt8YZl9/whVxSoegRNr8PTnSE8fIK+TWNRHNiLEz8F3DOWm3oX2rw+h ktdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:delivered-to; bh=mIme21rM1QrwI/am5emnx9e7Sg70NoddpW/GYB82phk=; b=nYNSdVXFrG2r2K9w2P4yeSo7yhzxdar4XzEjf2d/2bvcdD8+Mn6lSzI7lW+6In3uXD cvE0Q1kEuMg4G+0q4liSu2IkoWj4HONLN/Eghp056R7FzdFWVeAooIMrfsav2bkIJKls JR8M9ke4sI/AExVt5fg9Nr5TJpeDk88cLLouCLdvMzI9AhOlnLGFeh2uzkG+B/M/VIhe gncI0TFz3YXEzN3f8WdtB+vtFM/g4wrVZs3F2rNrD4mSCmuDLMJVw2SuYmqud8bBvqZ3 u1J+LOV4hqoV/Pa1s7GmduxZff/WZpWR3diTxi+nsQko6lMHQbngxQnxUFMLCHPTlioh UDEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b="khJyOY/0"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id w16si23644695pfi.31.2019.07.17.03.45.51; Wed, 17 Jul 2019 03:45:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b="khJyOY/0"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 755CB7ED36; Wed, 17 Jul 2019 10:45:47 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mail.openembedded.org (Postfix) with ESMTP id 3F0A27ECE5 for ; Wed, 17 Jul 2019 10:45:46 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id 207so21664466wma.1 for ; Wed, 17 Jul 2019 03:45:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=lfPFoX4HvJR9R/nnGjGvAmUDiw6rIPnEWENxuw+SRmE=; b=khJyOY/0zzNmf8lXSoBpEbP9w0Ez0hBqk14yCtvnm9m0KMoUYtesGFGeTn9TRpqSQU +cSlCIKkgavyJ0U0gEmhPZM1HwkqvJwAsW0GVpGX2hwr9zaDUq1lnGdpoFm2I/W+Ptbw cB0DN/xM3AFH8bdhWA9gLxNa1RiSqbUI04p+OSwudfz8wJXDPYX7nZOGBCpBeZEv5YqY J5yOTWYavaK/8mvRhyCn365MDSL0wciM4cSc60ZljeOVRPur0RJtup+vXTHpu8wMDP+B yDvjHC/zGxcTlWr/cL9M/UanusHuuhd+9YUF4jq8/DYIpRVdg3G5GnW0H1YctrNGfSZB /QEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=lfPFoX4HvJR9R/nnGjGvAmUDiw6rIPnEWENxuw+SRmE=; b=kPuf5eDx2Tz02k11nVGp4jsam25OB7BzYNESRacsSGejhyCvvu3iZRcaTfciimrzdt EdFyXFiAgdFPI3U6J29mCPxwsSAa1Ag8c/0xYR0ZhGIWakOlWG/HqT1KZJ8qTHj7x6pI 7gwGOS+Cyd4u1Gwi6/ZnTaiUgb4faKCqxJlqBeqFMfJCmkY/kvOLfXAQcY94NpuokVtX edzKTiRwYIa8yFrWCYwMwzJKLS2Au1pV8oEYgPvijYaBElaworj5UemojTnrDVREVijv a8mzMYHjTUyddSPUDA8Fj2IHcVk+Tnmiqy/+ldMrYhSNfxKYSbodBTN80tKX6aMC6DCz qFXw== X-Gm-Message-State: APjAAAWs2N/tAU7iej0AtCTIdAibrtY8vuxmZfycRYpZv0gHGYPO4cqV 1nWYlG+oJtiAKwaaEiCVdcTJwdJ6koc= X-Received: by 2002:a1c:c14b:: with SMTP id r72mr20444555wmf.166.1563360346667; Wed, 17 Jul 2019 03:45:46 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id o11sm22822097wmh.37.2019.07.17.03.45.44 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 17 Jul 2019 03:45:44 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Wed, 17 Jul 2019 11:45:36 +0100 Message-Id: <20190717104538.20990-1-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [OE-core] [PATCH 1/3] cve-check: allow comparison of Vendor as well as Product X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Some product names are too vague to be searched without also matching the vendor, for example Flex could be the parser compiler we ship, or Adobe Flex, or Apache Flex, or IBM Flex. If entries in CVE_PRODUCT contain a colon then split it as vendor:product to improve the search. Also don't use .format() to construct SQL as that can lead to security issues. Instead, use ? placeholders and lets sqlite3 handle the escaping. Signed-off-by: Ross Burton --- meta/classes/cve-check.bbclass | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 2a1381604ad..e8668b25663 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -190,12 +190,16 @@ def check_cves(d, patched_cves): import sqlite3 db_file = d.getVar("CVE_CHECK_DB_FILE") conn = sqlite3.connect(db_file) - c = conn.cursor() - - query = "SELECT * FROM PRODUCTS WHERE PRODUCT IS '{0}';" for product in products: - for row in c.execute(query.format(product, pv)): + c = conn.cursor() + if ":" in product: + vendor, product = product.split(":", 1) + c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR IS ?", (product, vendor)) + else: + c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) + + for row in c: cve = row[1] version_start = row[4] operator_start = row[5] From patchwork Wed Jul 17 10:45:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 169110 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp798911ilk; Wed, 17 Jul 2019 03:46:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJNGzRl8o2AAc1/VUW2pRKRTMe+IqrY0HLfd1LjFqRgRWojuaYpWEcXc2InDYUoPa+6FO8 X-Received: by 2002:a65:52c5:: with SMTP id z5mr25958303pgp.118.1563360393899; Wed, 17 Jul 2019 03:46:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563360393; cv=none; d=google.com; s=arc-20160816; b=c4XK4/bXZ5HMwJrUQR7v/gC0X8hv8cnPaxS9H5NGYSSqt7kSGtygTr7QG72LS4dWmf 0J3Jd2DDBMcUxY+grDOM8lYyOgtMAcHhHRetYmdLa2Mi3Qhdsw5fkJPPWD+7Q1CJDBiE NFy7hIiyTIbw0rXJ40+n4CQmkP2OOle/u0o9lghubelld3VprINEvmCs1RXmevSXCW7/ 4R2yWVWfsHda3/BnulDZCUNXsK/qlwWyTLIXnnXZE6zZfbx0ImCwH8cPevJJ6sI2qSyO tpm3zPO4mPcHbclAw1+JSBcznlGW2Kk74i/y6paXcEF2XgSAYYCnDPODan86StpXPZo+ yuHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=cbYdNbh2IDvdDTc3rByEWRa6U0QxNZSfThf2hwJ2Pq8=; b=HLkGdXZugKOh7XSe474pnSNPquxAjJEhsGCvjWpDsRRq2Lej0tn/TcHK5flfurb2X6 80CJQ1BYTJVJo7Xg6YxL1IoFX0dOouAxOB2gqddRTGn/3UsCkxZToxOwMR8VHkgoCBm/ Fsg+cT0/kkAZ6GF3vnsQ/TlwLd6VEH4ZbQA+nDvk205bdkYxVTOXAokS3rV5S1z26pGq 1xOOhuTMBbPCC/KvUHZ8tubgbxk1cW1UXTb4m21B8BMawafBYPTfoB15gnbBuDVibX8m NdjokpXwMXrGNdgmpzithseGE2q+Zc1DOmA0TFeKhl95Wttl3sKA8etB9RExla2ZROKR wiBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=UCVPmmXp; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id t19si21535168pjr.68.2019.07.17.03.46.33; Wed, 17 Jul 2019 03:46:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=UCVPmmXp; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id CB32B7ED15; Wed, 17 Jul 2019 10:46:31 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mail.openembedded.org (Postfix) with ESMTP id 2C6F97ED17 for ; Wed, 17 Jul 2019 10:45:47 +0000 (UTC) Received: by mail-wm1-f65.google.com with SMTP id p74so21636130wme.4 for ; Wed, 17 Jul 2019 03:45:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=12mPXWn0Ux+VFa5LbGA24ztLa4OMjFK16phSl/qgNHU=; b=UCVPmmXpg4fq9oSYWh0lYisN6QWbv97g9cfLXsrDcpS5KIpbSDf9KBKbzifEckstpc GZIxuk5cf0ymLE2JaHFq7iZeP+8wwHL99foD07dt7aUs5nmVm7Kkzzvvi+GK6bkcdI1Y va/fnyuGJ/foSrD2Io15v0K5Dv47fLSO/09C3WlXrTzIw7qLdEIj7X/jnQwBLGqrO9Dq RTijL+Gcn01Bx19lZh4AtPwPZEimaRsDcXhQ0G0rRUcMuLdfCsjYzxDuXYYawVDIjs6Q auR2le8QzKb4vdV4Xm1rAyAay/D5nM4MLbOyQRTEAWq//ew+HCsZoNAbaSsV+tDl8hmB PbaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=12mPXWn0Ux+VFa5LbGA24ztLa4OMjFK16phSl/qgNHU=; b=IIeBqwNHSJkrYZn3LlW8EfnMEBcLuV0nTgXXDT315cyLd+Dn3qsLrmeR+qnSBToDzU DEq1DvdyADeRMuEOLdNxUUUrR2tx5ZYkqkBEjqGojVgb2c5oiCHnz8yFybzOvMIuWtHn UU8krFVxlJgALZPLoDxCoWR0AR7fcc6mgTylpHxJ8nXYlFj2KpnJ1sH/ANz9aSIO6loz HvaPTPVqzt4Msk/Wqv74kYATSC36bo2hZETuFBlvfkAZ9pffarhcV1PfHHq5QlYqFPLT Po3OUHmEBNVvX4duUxUNthL+foMe6xsClUUoY/yoGmCQe66nqShv6O4f9fcckmFf2Fy9 AiEw== X-Gm-Message-State: APjAAAXoc9psUijZrrhHrUo+20toxjn/XlO1rudvXnp8arETeid2tkko p19AbcL9SJ+FvSy3S0BsSdJYjpa47CU= X-Received: by 2002:a7b:c00b:: with SMTP id c11mr36802040wmb.46.1563360347721; Wed, 17 Jul 2019 03:45:47 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id o11sm22822097wmh.37.2019.07.17.03.45.46 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 17 Jul 2019 03:45:47 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Wed, 17 Jul 2019 11:45:37 +0100 Message-Id: <20190717104538.20990-2-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190717104538.20990-1-ross.burton@intel.com> References: <20190717104538.20990-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 2/3] flex: set CVE_PRODUCT to include vendor X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org There are many projects called Flex and they have CVEs, so also set the vendor to remove these false positives. Signed-off-by: Ross Burton Signed-off-by: Ross Burton --- meta/recipes-devtools/flex/flex_2.6.0.bb | 3 +++ 1 file changed, 3 insertions(+) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb b/meta/recipes-devtools/flex/flex_2.6.0.bb index b477cd8c7f2..12ce0cb461e 100644 --- a/meta/recipes-devtools/flex/flex_2.6.0.bb +++ b/meta/recipes-devtools/flex/flex_2.6.0.bb @@ -68,3 +68,6 @@ do_install_ptest() { -e 's/^builddir = \(.*\)/builddir = ./' -e 's/^top_builddir = \(.*\)/top_builddir = ./' \ -i ${D}${PTEST_PATH}/Makefile } + +# Not Apache Flex, or Adobe Flex, or IBM Flex. +CVE_PRODUCT = "flex_project:flex" From patchwork Wed Jul 17 10:45:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 169111 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp798979ilk; Wed, 17 Jul 2019 03:46:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqw3VJ+2PcQ7iOWIwyCT00Vnw99hhmXCaywe6Ke5/N9RdprZKksOSdlvxXBIt6qgXXMmcql5 X-Received: by 2002:a65:6294:: with SMTP id f20mr41351369pgv.349.1563360398152; Wed, 17 Jul 2019 03:46:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563360398; cv=none; d=google.com; s=arc-20160816; b=mvOwnnRkmic6iRjpN9AAhe4d3TLoOfILiydCZcpVsEfmAkTtYwl7GsinIwMTO3UT2S mXjn+nPdjKewPuaYfCq2t556RRIlCsz1KQI4kyUPnsQujX72Y/r94tU/vSDfmHUxdD41 9to6zLzm3zDYuUDi1NFyOaWyeZtncC1pXsHgh5rKegY/FB5OAjv/AcgE/1Yv4gZPc5ko or602YGBF3CdhcGJuTx7T5J7PqchZAat9xp2zUEKItjTaSvTCUg85Kg51++hKN1jZgGy fn6RcY3fWXXzySyda1DRzOVtCd5VrYHGsaNwTBok1qnReYOKeAyR8Z8kQC+HrZVmh5dA 6ERQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=BAAfuLOP1ZR/i0OM8RivhybYVjgvGOVxXMmPUuko0Sw=; b=JHNUN2ZKKruX2en6nyyDoaPKLpPW1izDdQ8RUBeYd2Jb6iYuOq8VJiE/+3YP1F+cJT atszGp03FyuErW3LNpNSdAuJaMTwXR6BX9Ef/JvViGDD74aHYb/6C4cFepVAQobfAC7l zWtTC1yuRXTcD1L6JkNBgyoXoJ+3dAoPXQkKaC8gea9KfhkTAw/8Gr9v+dkuAH0nBTIB zQ+riyi2LRzKq4JUYk1gvBudFF4SDf4c5eNYQOhSLuptJseFgn6SRlH7a92awdU6jDw3 J41v5lml/HpsE7kz8Ly38fxW2l3kYkUiAghugWKrEu3zMdcVuR+/m/FHY5R9ptpvr7Tg mjpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=Qq2TiALm; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id e16si16726787pgt.2.2019.07.17.03.46.37; Wed, 17 Jul 2019 03:46:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=Qq2TiALm; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 1BCA97ED48; Wed, 17 Jul 2019 10:46:33 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mail.openembedded.org (Postfix) with ESMTP id 31D787ED15 for ; Wed, 17 Jul 2019 10:45:48 +0000 (UTC) Received: by mail-wm1-f47.google.com with SMTP id p74so21636178wme.4 for ; Wed, 17 Jul 2019 03:45:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9lbR4I4+UUHgZVeaqH+baS/K1cDsjqlxsC88Fr0UKIs=; b=Qq2TiALmuMzLsf1q10Hzn7V7PMl/IrQOS/PKllKzE352RY+mjd0KFuj3SRwl+A2Jfw wVgG1579H6ZR/m6jlTmR5ePTbN1rhkcWStA0jK0KrErOR8JihId+TrHOZ0ImKg3ZkV5Q rLqYaqTurpcq6P0ZIw1/9/jyRNo2HKEo2OhKO+s3wQU0eRazPiBw1KqJS7q+1YZyYrK0 qSvlcQrKv8aZ3iE5QHN0WnKIT8nHIioryL2c0zyF7SJgklF62xuFlqMFTuIvw5DMa6GW GJVMiWzf2i/b4J+XjO4/PxT3Swql2LUEZEAeSgR3hvQAEOpW01ao0ybBYmLgs2JJ6VaA N2lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9lbR4I4+UUHgZVeaqH+baS/K1cDsjqlxsC88Fr0UKIs=; b=bJo0H5Me2WiyJRpZNATMiJXPYRGed/Bf9GzuZOGSgVgLXisgb41cRcTKPHSNGm5xJD 5Ub+qOXDEQpmM2FYDuLh4SoFPx6cWk6dgiyf6S5Dgl9QOKWwZZlS5xYUIfBmCQVNcTiu +ZDC5Pyzekej28i6ZkqWE5gxSzJYbqgYAk2VOa1m8svA6bXDloMPwyxscXCRvbmfwGGS xsMNVtDhaB3a3meI3ymTd12S51kArqRL/maSEWZlOzL5tRJa5lLZzAFn2AUQKZhkY4ub vUc/np8l8ypf2WhUUE9kSBOV6zky1Yg9LmJJaoDT0da0V9T7NAFwZDW2LjJMg8BOkvTG OW8Q== X-Gm-Message-State: APjAAAUCqJDBeque60gmTve2zJXx9RJRU5WiPkVNlwHYhXNmTiS8bWM+ 1M5emZzIO1THFQSCDeMC7Bz6aVcaCD0= X-Received: by 2002:a1c:7304:: with SMTP id d4mr35564177wmb.39.1563360348744; Wed, 17 Jul 2019 03:45:48 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id o11sm22822097wmh.37.2019.07.17.03.45.47 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 17 Jul 2019 03:45:48 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Wed, 17 Jul 2019 11:45:38 +0100 Message-Id: <20190717104538.20990-3-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190717104538.20990-1-ross.burton@intel.com> References: <20190717104538.20990-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 3/3] cve-update-db-native: use SQL placeholders instead of format strings X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Ross Burton --- meta/recipes-core/meta/cve-update-db-native.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index e16c41a72fd..72d1f48835b 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -62,7 +62,7 @@ python do_populate_cve_db() { break # Compare with current db last modified date - c.execute("select DATE from META where YEAR = '%d'" % year) + c.execute("select DATE from META where YEAR = ?", (year,)) meta = c.fetchone() if not meta or meta[0] != last_modified: # Update db with current year json file