summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChin Huat Ang <chin.huat.ang@intel.com>2019-11-06 17:37:42 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-11-07 19:47:27 +0000
commit2f7d98b67ef0575e80a8ab7cde21766eb9339c65 (patch)
treefb87aeae50e21f22e6c2c72e278b5d593e6c2068
parentf252a1286a5ac6a79202ab6c7ef44328d5a153c3 (diff)
downloadpoky-2f7d98b67ef0575e80a8ab7cde21766eb9339c65.tar.gz
cve-update-db-native: fix https proxy issues
When https_proxy is set, use proxy opener to open CVE metadata and database URLs, otherwise fallback to the urllib.request.urlopen. Also fix a minor issue where the json database which has been gzip decompressed as byte object should be decoded as utf-8 string as expected by update_db. (From OE-Core rev: 95438d52b732bec217301fbfc2fb019bbc3707c8) (From OE-Core rev: 6d3222fb7ecde524c4e033729318fb0fb80a444c) Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb41
1 files changed, 30 insertions, 11 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index a06b74a0fc..9fbe68696e 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -17,7 +17,7 @@ python do_populate_cve_db() {
17 Update NVD database with json data feed 17 Update NVD database with json data feed
18 """ 18 """
19 19
20 import sqlite3, urllib, shutil, gzip 20 import sqlite3, urllib, urllib.parse, shutil, gzip
21 from datetime import date 21 from datetime import date
22 22
23 BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" 23 BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
@@ -27,6 +27,16 @@ python do_populate_cve_db() {
27 db_file = os.path.join(db_dir, 'nvdcve_1.0.db') 27 db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
28 json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') 28 json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
29 proxy = d.getVar("https_proxy") 29 proxy = d.getVar("https_proxy")
30
31 if proxy:
32 # instantiate an opener but do not install it as the global
33 # opener unless if we're really sure it's applicable for all
34 # urllib requests
35 proxy_handler = urllib.request.ProxyHandler({'https': proxy})
36 proxy_opener = urllib.request.build_opener(proxy_handler)
37 else:
38 proxy_opener = None
39
30 cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') 40 cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
31 41
32 if not os.path.isdir(db_dir): 42 if not os.path.isdir(db_dir):
@@ -44,11 +54,17 @@ python do_populate_cve_db() {
44 json_url = year_url + ".json.gz" 54 json_url = year_url + ".json.gz"
45 55
46 # Retrieve meta last modified date 56 # Retrieve meta last modified date
47 req = urllib.request.Request(meta_url) 57
48 if proxy: 58 response = None
49 req.set_proxy(proxy, 'https') 59
50 with urllib.request.urlopen(req) as r: 60 if proxy_opener:
51 for l in r.read().decode("utf-8").splitlines(): 61 response = proxy_opener.open(meta_url)
62 else:
63 req = urllib.request.Request(meta_url)
64 response = urllib.request.urlopen(req)
65
66 if response:
67 for l in response.read().decode("utf-8").splitlines():
52 key, value = l.split(":", 1) 68 key, value = l.split(":", 1)
53 if key == "lastModifiedDate": 69 if key == "lastModifiedDate":
54 last_modified = value 70 last_modified = value
@@ -66,11 +82,14 @@ python do_populate_cve_db() {
66 82
67 # Update db with current year json file 83 # Update db with current year json file
68 try: 84 try:
69 req = urllib.request.Request(json_url) 85 if proxy_opener:
70 if proxy: 86 response = proxy_opener.open(json_url)
71 req.set_proxy(proxy, 'https') 87 else:
72 with urllib.request.urlopen(req) as r: 88 req = urllib.request.Request(json_url)
73 update_db(c, gzip.decompress(r.read())) 89 response = urllib.request.urlopen(req)
90
91 if response:
92 update_db(c, gzip.decompress(response.read()).decode('utf-8'))
74 c.execute("insert or replace into META values (?, ?)", [year, last_modified]) 93 c.execute("insert or replace into META values (?, ?)", [year, last_modified])
75 except urllib.error.URLError as e: 94 except urllib.error.URLError as e:
76 cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') 95 cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')