diff options
| author | Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> | 2019-11-06 17:37:23 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-11-07 19:47:26 +0000 |
| commit | 9555ef7122c23b1455f73f75f311b5b711d102f4 (patch) | |
| tree | 503ce7760f24aecc4952d74c7c521030d269a5ed | |
| parent | 768ae8076eef93ce3b72720aa0682cdd5f2a4ba5 (diff) | |
| download | poky-9555ef7122c23b1455f73f75f311b5b711d102f4.tar.gz | |
cve-update-db: Manage proxy if needed.
If https_proxy environment variable is defined, manage proxy to be able
to download meta and json data feeds from https://nvd.nist.gov
(From OE-Core rev: 09be21f4d1793b1e26e78391f51bfc0a27b76deb)
(From OE-Core rev: 3af4399ea35b5c4b87d656f09dd2afed11791f0a)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db.bb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-core/meta/cve-update-db.bb index 1f48820cc6..4c896dc880 100644 --- a/meta/recipes-core/meta/cve-update-db.bb +++ b/meta/recipes-core/meta/cve-update-db.bb | |||
| @@ -25,6 +25,7 @@ python do_populate_cve_db() { | |||
| 25 | BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" | 25 | BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" |
| 26 | YEAR_START = 2002 | 26 | YEAR_START = 2002 |
| 27 | JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz' | 27 | JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz' |
| 28 | proxy = d.getVar("https_proxy") | ||
| 28 | 29 | ||
| 29 | # Connect to database | 30 | # Connect to database |
| 30 | db_file = d.getVar("CVE_CHECK_DB_FILE") | 31 | db_file = d.getVar("CVE_CHECK_DB_FILE") |
| @@ -39,7 +40,10 @@ python do_populate_cve_db() { | |||
| 39 | json_url = year_url + ".json.gz" | 40 | json_url = year_url + ".json.gz" |
| 40 | 41 | ||
| 41 | # Retrieve meta last modified date | 42 | # Retrieve meta last modified date |
| 42 | with urllib.request.urlopen(meta_url) as r: | 43 | req = urllib.request.Request(meta_url) |
| 44 | if proxy: | ||
| 45 | req.set_proxy(proxy, 'https') | ||
| 46 | with urllib.request.urlopen(req) as r: | ||
| 43 | date_line = str(r.read().splitlines()[0]) | 47 | date_line = str(r.read().splitlines()[0]) |
| 44 | last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1) | 48 | last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1) |
| 45 | 49 | ||
| @@ -48,7 +52,10 @@ python do_populate_cve_db() { | |||
| 48 | meta = c.fetchone() | 52 | meta = c.fetchone() |
| 49 | if not meta or meta[0] != last_modified: | 53 | if not meta or meta[0] != last_modified: |
| 50 | # Update db with current year json file | 54 | # Update db with current year json file |
| 51 | with urllib.request.urlopen(json_url) as r, open(JSON_TMPFILE, 'wb') as tmpfile: | 55 | req = urllib.request.Request(json_url) |
| 56 | if proxy: | ||
| 57 | req.set_proxy(proxy, 'https') | ||
| 58 | with urllib.request.urlopen(req) as r, open(JSON_TMPFILE, 'wb') as tmpfile: | ||
| 52 | shutil.copyfileobj(r, tmpfile) | 59 | shutil.copyfileobj(r, tmpfile) |
| 53 | with gzip.open(JSON_TMPFILE, 'rt') as jsonfile: | 60 | with gzip.open(JSON_TMPFILE, 'rt') as jsonfile: |
| 54 | update_db(c, jsonfile) | 61 | update_db(c, jsonfile) |