cve-update-db-native: clean up JSON fetching

Currently the code fetches the compressed JSON, writes it to a temporary file, uncompresses that with gzip and passes the fake file object to update_db(). Instead, uncompress the gzip'd data in memory and pass the JSON directly to update_db(). (From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2019-07-19 21:33:19 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-22 17:31:03 +0100
commit: 82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc (patch)
tree: cd39c66f3483078a90956e3d92b59a0b184a337d
parent: 297605eec0077c82ee7405c0172643e3cec85c3a (diff)
download: poky-82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc.tar.gz
1 files changed, 12 insertions, 17 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 41a2aa8f20..9c083bdc99 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -67,25 +67,20 @@ python do_populate_cve_db() {
        meta = c.fetchone()
        if not meta or meta[0] != last_modified:
            # Clear products table entries corresponding to current year
-            cve_year = 'CVE-' + str(year) + '%'
+            c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
-            c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
            # Update db with current year json file
-            req = urllib.request.Request(json_url)
-            if proxy:
-                req.set_proxy(proxy, 'https')
            try:
-                with urllib.request.urlopen(req, timeout=1) as r, \
+                req = urllib.request.Request(json_url)
-                     open(json_tmpfile, 'wb') as tmpfile:
+                if proxy:
-                    shutil.copyfileobj(r, tmpfile)
+                    req.set_proxy(proxy, 'https')
-            except:
+                with urllib.request.urlopen(req) as r:
+                    update_db(c, gzip.decompress(r.read()))
+                c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+            except urllib.error.URLError as e:
                cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
-                break
+                bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+                return
-            with gzip.open(json_tmpfile, 'rt') as jsonfile:
-                update_db(c, jsonfile)
-            c.execute("insert or replace into META values (?, ?)",
-                    [year, last_modified])
        # Update success, set the date to cve_check file.
        if year == date.today().year:
@@ -148,9 +143,9 @@ def parse_node_and_insert(c, node, cveId):
    c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
-def update_db(c, json_filename):
+def update_db(c, jsondata):
    import json
-    root = json.load(json_filename)
+    root = json.loads(jsondata)
    for elt in root['CVE_Items']:
        if not elt['impact']:
author	Ross Burton <ross.burton@intel.com>	2019-07-19 21:33:19 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-22 17:31:03 +0100
commit	82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc (patch)
tree	cd39c66f3483078a90956e3d92b59a0b184a337d
parent	297605eec0077c82ee7405c0172643e3cec85c3a (diff)
download	poky-82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc.tar.gz

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 41a2aa8f20..9c083bdc99 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -67,25 +67,20 @@ python do_populate_cve_db() {
67	meta = c.fetchone()	67	meta = c.fetchone()
68	if not meta or meta[0] != last_modified:	68	if not meta or meta[0] != last_modified:
69	# Clear products table entries corresponding to current year	69	# Clear products table entries corresponding to current year
70	cve_year = 'CVE-' + str(year) + '%'	70	c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
71	c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
72		71
73	# Update db with current year json file	72	# Update db with current year json file
74	req = urllib.request.Request(json_url)
75	if proxy:
76	req.set_proxy(proxy, 'https')
77	try:	73	try:
78	with urllib.request.urlopen(req, timeout=1) as r, \	74	req = urllib.request.Request(json_url)
79	open(json_tmpfile, 'wb') as tmpfile:	75	if proxy:
80	shutil.copyfileobj(r, tmpfile)	76	req.set_proxy(proxy, 'https')
81	except:	77	with urllib.request.urlopen(req) as r:
		78	update_db(c, gzip.decompress(r.read()))
		79	c.execute("insert or replace into META values (?, ?)", [year, last_modified])
		80	except urllib.error.URLError as e:
82	cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')	81	cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
83	break	82	bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
84		83	return
85	with gzip.open(json_tmpfile, 'rt') as jsonfile:
86	update_db(c, jsonfile)
87	c.execute("insert or replace into META values (?, ?)",
88	[year, last_modified])
89		84
90	# Update success, set the date to cve_check file.	85	# Update success, set the date to cve_check file.
91	if year == date.today().year:	86	if year == date.today().year:
@@ -148,9 +143,9 @@ def parse_node_and_insert(c, node, cveId):
148		143
149	c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())	144	c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
150		145
151	def update_db(c, json_filename):	146	def update_db(c, jsondata):
152	import json	147	import json
153	root = json.load(json_filename)	148	root = json.loads(jsondata)
154		149
155	for elt in root['CVE_Items']:	150	for elt in root['CVE_Items']:
156	if not elt['impact']:	151	if not elt['impact']: