Commit d61aff9e authored Nov 18, 2019 by Ross Burton Committed by Richard Purdie Nov 21, 2019

cve-check: rewrite look to fix false negatives

A previous optimisation was premature and resulted in false-negatives in the report.

Rewrite the checking algorithm to first get the list of potential CVEs by
vendor:product, then iterate through every matching CPE for that CVE to
determine if the bounds match or not. By doing this in two stages we can know
if we've checked every CPE, instead of accidentally breaking out of the scan too
early.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

parent 6b730046

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 0f42a1d4
· Nov 27, 2019

mentioned in commit 0f42a1d4

mentioned in commit 0f42a1d4dbb74ab39e81449cf222302bcc04f7db

Toggle commit list
mirror @mirror
mentioned in commit 541dc24d
· Dec 18, 2019

mentioned in commit 541dc24d

mentioned in commit 541dc24d974d3e22c45a650c34298eebc45121e8

Toggle commit list
mirror @mirror
mentioned in commit 9948dd86
· Jan 18, 2020

mentioned in commit 9948dd86

mentioned in commit 9948dd86d100bec56e22e6c0bbf4759925a4b306

Toggle commit list

Please register or to comment