cve-update-db-native: use executemany() to optimise CPE insertion

Instead of calling execute() repeatedly, rewrite the function to be a generator and use executemany() for performance. (From OE-Core rev: b309840b6aa3423b909a43499356e929c8761318) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2019-07-19 21:33:17 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-22 17:31:03 +0100
commit: 8ec4cd3e2addcfa29cfe8b5a2777d9b7e305e43e (patch)
tree: 0090e30748d1f64ef5cdae04d915237f03d0563c
parent: ffcf23f5f27fd20eabd5a10f3861f7a18c34158c (diff)
download: poky-8ec4cd3e2addcfa29cfe8b5a2777d9b7e305e43e.tar.gz
1 files changed, 32 insertions, 53 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index cabbde5066..09e19c0aae 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -102,70 +102,49 @@ def initialize_db(c):
        VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
        VERSION_END TEXT, OPERATOR_END TEXT)")
-def insert_elt(c, db_values):
-    query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
-    c.execute(query, db_values)
 def parse_node_and_insert(c, node, cveId):
    # Parse children node if needed
-    try:
+    for child in node.get('children', ()):
-        for child in node['children']:
+        parse_node_and_insert(c, child, cveId)
-            parse_node_and_insert(c, child, cveId)
-    except:
+    def cpe_generator():
-        pass
+        for cpe in node.get('cpe_match', ()):
+            if not cpe['vulnerable']:
-    # Exit if the cpe_match node does not exists
+                return
-    try:
+            cpe23 = cpe['cpe23Uri'].split(':')
-        cpe_match = node['cpe_match']
+            vendor = cpe23[3]
-    except:
+            product = cpe23[4]
-        return
+            version = cpe23[5]
-    for cpe in cpe_match:
+            if version != '*':
-        if not cpe['vulnerable']:
+                # Version is defined, this is a '=' match
-            return
+                yield [cveId, vendor, product, version, '=', '', '']
-        cpe23 = cpe['cpe23Uri'].split(':')
+            else:
-        vendor = cpe23[3]
+                # Parse start version, end version and operators
-        product = cpe23[4]
+                op_start = ''
-        version = cpe23[5]
+                op_end = ''
+                v_start = ''
-        if version != '*':
+                v_end = ''
-            # Version is defined, this is a '=' match
-            db_values = [cveId, vendor, product, version, '=', '', '']
+                if 'versionStartIncluding' in cpe:
-            insert_elt(c, db_values)
-        else:
-            # Parse start version, end version and operators
-            op_start = ''
-            op_end = ''
-            v_start = ''
-            v_end = ''
-            try:
-                if cpe['versionStartIncluding']:
                    op_start = '>='
                    v_start = cpe['versionStartIncluding']
-            except:
-                pass
+                if 'versionStartExcluding' in cpe:
-            try:
-                if cpe['versionStartExcluding']:
                    op_start = '>'
                    v_start = cpe['versionStartExcluding']
-            except:
-                pass
+                if 'versionEndIncluding' in cpe:
-            try:
-                if cpe['versionEndIncluding']:
                    op_end = '<='
                    v_end = cpe['versionEndIncluding']
-            except:
-                pass
+                if 'versionEndExcluding' in cpe:
-            try:
-                if cpe['versionEndExcluding']:
                    op_end = '<'
                    v_end = cpe['versionEndExcluding']
-            except:
-                pass
-            db_values = [cveId, vendor, product, v_start, op_start, v_end, op_end]
+                yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
-            insert_elt(c, db_values)
+    c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
 def update_db(c, json_filename):
    import json
author	Ross Burton <ross.burton@intel.com>	2019-07-19 21:33:17 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-22 17:31:03 +0100
commit	8ec4cd3e2addcfa29cfe8b5a2777d9b7e305e43e (patch)
tree	0090e30748d1f64ef5cdae04d915237f03d0563c
parent	ffcf23f5f27fd20eabd5a10f3861f7a18c34158c (diff)
download	poky-8ec4cd3e2addcfa29cfe8b5a2777d9b7e305e43e.tar.gz

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index cabbde5066..09e19c0aae 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -102,70 +102,49 @@ def initialize_db(c):
102	VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \	102	VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
103	VERSION_END TEXT, OPERATOR_END TEXT)")	103	VERSION_END TEXT, OPERATOR_END TEXT)")
104		104
105	def insert_elt(c, db_values):
106	query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
107	c.execute(query, db_values)
108
109	def parse_node_and_insert(c, node, cveId):	105	def parse_node_and_insert(c, node, cveId):
110	# Parse children node if needed	106	# Parse children node if needed
111	try:	107	for child in node.get('children', ()):
112	for child in node['children']:	108	parse_node_and_insert(c, child, cveId)
113	parse_node_and_insert(c, child, cveId)	109
114	except:	110	def cpe_generator():
115	pass	111	for cpe in node.get('cpe_match', ()):
116		112	if not cpe['vulnerable']:
117	# Exit if the cpe_match node does not exists	113	return
118	try:	114	cpe23 = cpe['cpe23Uri'].split(':')
119	cpe_match = node['cpe_match']	115	vendor = cpe23[3]
120	except:	116	product = cpe23[4]
121	return	117	version = cpe23[5]
122		118
123	for cpe in cpe_match:	119	if version != '*':
124	if not cpe['vulnerable']:	120	# Version is defined, this is a '=' match
125	return	121	yield [cveId, vendor, product, version, '=', '', '']
126	cpe23 = cpe['cpe23Uri'].split(':')	122	else:
127	vendor = cpe23[3]	123	# Parse start version, end version and operators
128	product = cpe23[4]	124	op_start = ''
129	version = cpe23[5]	125	op_end = ''
130		126	v_start = ''
131	if version != '*':	127	v_end = ''
132	# Version is defined, this is a '=' match	128
133	db_values = [cveId, vendor, product, version, '=', '', '']	129	if 'versionStartIncluding' in cpe:
134	insert_elt(c, db_values)
135	else:
136	# Parse start version, end version and operators
137	op_start = ''
138	op_end = ''
139	v_start = ''
140	v_end = ''
141
142	try:
143	if cpe['versionStartIncluding']:
144	op_start = '>='	130	op_start = '>='
145	v_start = cpe['versionStartIncluding']	131	v_start = cpe['versionStartIncluding']
146	except:	132
147	pass	133	if 'versionStartExcluding' in cpe:
148	try:
149	if cpe['versionStartExcluding']:
150	op_start = '>'	134	op_start = '>'
151	v_start = cpe['versionStartExcluding']	135	v_start = cpe['versionStartExcluding']
152	except:	136
153	pass	137	if 'versionEndIncluding' in cpe:
154	try:
155	if cpe['versionEndIncluding']:
156	op_end = '<='	138	op_end = '<='
157	v_end = cpe['versionEndIncluding']	139	v_end = cpe['versionEndIncluding']
158	except:	140
159	pass	141	if 'versionEndExcluding' in cpe:
160	try:
161	if cpe['versionEndExcluding']:
162	op_end = '<'	142	op_end = '<'
163	v_end = cpe['versionEndExcluding']	143	v_end = cpe['versionEndExcluding']
164	except:
165	pass
166		144
167	db_values = [cveId, vendor, product, v_start, op_start, v_end, op_end]	145	yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
168	insert_elt(c, db_values)	146
		147	c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
169		148
170	def update_db(c, json_filename):	149	def update_db(c, json_filename):
171	import json	150	import json