I'm creating a local mirror of NVD hosted vulnerability files.

My code is currently connecting to the database, running a check to pull down the current files, then proceeding to cycle through those files to see if there is new CVE data inside the .json files daily.

I started receiving the following error this morning when my code was cycling through the update check of the individual CVE data.

_mysql_connector.MySQLInterfaceError: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE ID = 'CVE-2014-4611'' at line 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "c....2_add_cvestodb.py", line 134, in mycursor.execute(sql_update_query, val_update_query)

Below is the code block in question.

if newtimesplit > oldtimesplit : 
   print("It's newer!")
   sql_update_query = ("UPDATE vulns set Assigner = %s, Reference1 = %s, Reference2 = %s, Reference3 = %s, Description = %s, impactBaseScore = %s, LastModifiedDate = %s, baseSeverity = %s, cveTimeStamp = %s, WHERE ID = %s")
   val_update_query = (Assigner, Reference1, Reference2, Reference3, Description, impactBaseScore, LastModifiedDate, baseSeverity, cveTimeStamp, ID)

   mycursor.execute(sql_update_query, val_update_query)

   mydb.commit()
   updateCtr  =1

Snippet of .json key value that's being problematic:

{
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2014-4611",
        "ASSIGNER" : "[email protected]"
      },

Any suggestions would be greatly appreciated - I have scoured and cannot find a solution.

CodePudding user response：

This:

cveTimeStamp = %s, WHERE ID = %s

Should be:

cveTimeStamp = %s WHERE ID = %s

Remove the last comma before WHERE.