cve-update-db-native: use executemany() to optimise CPE insertion

Instead of calling execute() repeatedly, rewrite the function to be a generator and use executemany() for performance. (From OE-Core rev: b309840b6aa3423b909a43499356e929c8761318) (From OE-Core rev: d248ec9764d0439eb30fdb3605e9d05ee4219348) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2019-11-06 17:37:39 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-11-07 19:47:27 +0000
commit: a36130201b380db1a10935b92c90d99e4b553c73 (patch)
tree: 9a69f92456d2773c66a8f470fb654d6e9b7596e7
parent: c65db649004d9067332d337fe6c6759322387edf (diff)
download: poky-a36130201b380db1a10935b92c90d99e4b553c73.tar.gz
1 files changed, 32 insertions, 53 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 9470cbe4a8..a5d8e3210c 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -97,70 +97,49 @@ def initialize_db(c):
        VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
        VERSION_END TEXT, OPERATOR_END TEXT)")
-def insert_elt(c, db_values):
-    query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
-    c.execute(query, db_values)
 def parse_node_and_insert(c, node, cveId):
    # Parse children node if needed
-    try:
+    for child in node.get('children', ()):
-        for child in node['children']:
+        parse_node_and_insert(c, child, cveId)
-            parse_node_and_insert(c, child, cveId)
-    except:
+    def cpe_generator():
-        pass
+        for cpe in node.get('cpe_match', ()):
+            if not cpe['vulnerable']:
-    # Exit if the cpe_match node does not exists
+                return
-    try:
+            cpe23 = cpe['cpe23Uri'].split(':')
-        cpe_match = node['cpe_match']
+            vendor = cpe23[3]
-    except:
+            product = cpe23[4]
-        return
+            version = cpe23[5]
-    for cpe in cpe_match:
+            if version != '*':
-        if not cpe['vulnerable']:
+                # Version is defined, this is a '=' match
-            return
+                yield [cveId, vendor, product, version, '=', '', '']
-        cpe23 = cpe['cpe23Uri'].split(':')
+            else:
-        vendor = cpe23[3]
+                # Parse start version, end version and operators
-        product = cpe23[4]
+                op_start = ''
-        version = cpe23[5]
+                op_end = ''
+                v_start = ''
-        if version != '*':
+                v_end = ''
-            # Version is defined, this is a '=' match
-            db_values = [cveId, vendor, product, version, '=', '', '']
+                if 'versionStartIncluding' in cpe:
-            insert_elt(c, db_values)
-        else:
-            # Parse start version, end version and operators
-            op_start = ''
-            op_end = ''
-            v_start = ''
-            v_end = ''
-            try:
-                if cpe['versionStartIncluding']:
                    op_start = '>='
                    v_start = cpe['versionStartIncluding']
-            except:
-                pass
+                if 'versionStartExcluding' in cpe:
-            try:
-                if cpe['versionStartExcluding']:
                    op_start = '>'
                    v_start = cpe['versionStartExcluding']
-            except:
-                pass
+                if 'versionEndIncluding' in cpe:
-            try:
-                if cpe['versionEndIncluding']:
                    op_end = '<='
                    v_end = cpe['versionEndIncluding']
-            except:
-                pass
+                if 'versionEndExcluding' in cpe:
-            try:
-                if cpe['versionEndExcluding']:
                    op_end = '<'
                    v_end = cpe['versionEndExcluding']
-            except:
-                pass
-            db_values = [cveId, vendor, product, v_start, op_start, v_end, op_end]
+                yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
-            insert_elt(c, db_values)
+    c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
 def update_db(c, json_filename):
    import json
author	Ross Burton <ross.burton@intel.com>	2019-11-06 17:37:39 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-07 19:47:27 +0000
commit	a36130201b380db1a10935b92c90d99e4b553c73 (patch)
tree	9a69f92456d2773c66a8f470fb654d6e9b7596e7
parent	c65db649004d9067332d337fe6c6759322387edf (diff)
download	poky-a36130201b380db1a10935b92c90d99e4b553c73.tar.gz

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 9470cbe4a8..a5d8e3210c 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -97,70 +97,49 @@ def initialize_db(c):
97	VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \	97	VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
98	VERSION_END TEXT, OPERATOR_END TEXT)")	98	VERSION_END TEXT, OPERATOR_END TEXT)")
99		99
100	def insert_elt(c, db_values):
101	query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)"
102	c.execute(query, db_values)
103
104	def parse_node_and_insert(c, node, cveId):	100	def parse_node_and_insert(c, node, cveId):
105	# Parse children node if needed	101	# Parse children node if needed
106	try:	102	for child in node.get('children', ()):
107	for child in node['children']:	103	parse_node_and_insert(c, child, cveId)
108	parse_node_and_insert(c, child, cveId)	104
109	except:	105	def cpe_generator():
110	pass	106	for cpe in node.get('cpe_match', ()):
111		107	if not cpe['vulnerable']:
112	# Exit if the cpe_match node does not exists	108	return
113	try:	109	cpe23 = cpe['cpe23Uri'].split(':')
114	cpe_match = node['cpe_match']	110	vendor = cpe23[3]
115	except:	111	product = cpe23[4]
116	return	112	version = cpe23[5]
117		113
118	for cpe in cpe_match:	114	if version != '*':
119	if not cpe['vulnerable']:	115	# Version is defined, this is a '=' match
120	return	116	yield [cveId, vendor, product, version, '=', '', '']
121	cpe23 = cpe['cpe23Uri'].split(':')	117	else:
122	vendor = cpe23[3]	118	# Parse start version, end version and operators
123	product = cpe23[4]	119	op_start = ''
124	version = cpe23[5]	120	op_end = ''
125		121	v_start = ''
126	if version != '*':	122	v_end = ''
127	# Version is defined, this is a '=' match	123
128	db_values = [cveId, vendor, product, version, '=', '', '']	124	if 'versionStartIncluding' in cpe:
129	insert_elt(c, db_values)
130	else:
131	# Parse start version, end version and operators
132	op_start = ''
133	op_end = ''
134	v_start = ''
135	v_end = ''
136
137	try:
138	if cpe['versionStartIncluding']:
139	op_start = '>='	125	op_start = '>='
140	v_start = cpe['versionStartIncluding']	126	v_start = cpe['versionStartIncluding']
141	except:	127
142	pass	128	if 'versionStartExcluding' in cpe:
143	try:
144	if cpe['versionStartExcluding']:
145	op_start = '>'	129	op_start = '>'
146	v_start = cpe['versionStartExcluding']	130	v_start = cpe['versionStartExcluding']
147	except:	131
148	pass	132	if 'versionEndIncluding' in cpe:
149	try:
150	if cpe['versionEndIncluding']:
151	op_end = '<='	133	op_end = '<='
152	v_end = cpe['versionEndIncluding']	134	v_end = cpe['versionEndIncluding']
153	except:	135
154	pass	136	if 'versionEndExcluding' in cpe:
155	try:
156	if cpe['versionEndExcluding']:
157	op_end = '<'	137	op_end = '<'
158	v_end = cpe['versionEndExcluding']	138	v_end = cpe['versionEndExcluding']
159	except:
160	pass
161		139
162	db_values = [cveId, vendor, product, v_start, op_start, v_end, op_end]	140	yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
163	insert_elt(c, db_values)	141
		142	c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
164		143
165	def update_db(c, json_filename):	144	def update_db(c, json_filename):
166	import json	145	import json