diff options
| author | Ross Burton <ross.burton@intel.com> | 2019-11-06 17:37:41 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-11-07 19:47:27 +0000 |
| commit | f252a1286a5ac6a79202ab6c7ef44328d5a153c3 (patch) | |
| tree | ca0c60a32d176ba38f05d8020af5ca17bae426f1 | |
| parent | 9473adda8f09f8d4cfb474b4a579672edff72b7a (diff) | |
| download | poky-f252a1286a5ac6a79202ab6c7ef44328d5a153c3.tar.gz | |
cve-update-db-native: clean up JSON fetching
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
(From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb)
(From OE-Core rev: 1d34aec479156a7dadf7867bbf0d53f12d21ef3e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 6907197044..a06b74a0fc 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -62,25 +62,20 @@ python do_populate_cve_db() { | |||
| 62 | meta = c.fetchone() | 62 | meta = c.fetchone() |
| 63 | if not meta or meta[0] != last_modified: | 63 | if not meta or meta[0] != last_modified: |
| 64 | # Clear products table entries corresponding to current year | 64 | # Clear products table entries corresponding to current year |
| 65 | cve_year = 'CVE-' + str(year) + '%' | 65 | c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)) |
| 66 | c.execute("delete from PRODUCTS where ID like ?", (cve_year,)) | ||
| 67 | 66 | ||
| 68 | # Update db with current year json file | 67 | # Update db with current year json file |
| 69 | req = urllib.request.Request(json_url) | ||
| 70 | if proxy: | ||
| 71 | req.set_proxy(proxy, 'https') | ||
| 72 | try: | 68 | try: |
| 73 | with urllib.request.urlopen(req, timeout=1) as r, \ | 69 | req = urllib.request.Request(json_url) |
| 74 | open(json_tmpfile, 'wb') as tmpfile: | 70 | if proxy: |
| 75 | shutil.copyfileobj(r, tmpfile) | 71 | req.set_proxy(proxy, 'https') |
| 76 | except: | 72 | with urllib.request.urlopen(req) as r: |
| 73 | update_db(c, gzip.decompress(r.read())) | ||
| 74 | c.execute("insert or replace into META values (?, ?)", [year, last_modified]) | ||
| 75 | except urllib.error.URLError as e: | ||
| 77 | cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') | 76 | cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') |
| 78 | break | 77 | bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) |
| 79 | 78 | return | |
| 80 | with gzip.open(json_tmpfile, 'rt') as jsonfile: | ||
| 81 | update_db(c, jsonfile) | ||
| 82 | c.execute("insert or replace into META values (?, ?)", | ||
| 83 | [year, last_modified]) | ||
| 84 | 79 | ||
| 85 | # Update success, set the date to cve_check file. | 80 | # Update success, set the date to cve_check file. |
| 86 | if year == date.today().year: | 81 | if year == date.today().year: |
| @@ -143,9 +138,9 @@ def parse_node_and_insert(c, node, cveId): | |||
| 143 | 138 | ||
| 144 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) | 139 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) |
| 145 | 140 | ||
| 146 | def update_db(c, json_filename): | 141 | def update_db(c, jsondata): |
| 147 | import json | 142 | import json |
| 148 | root = json.load(json_filename) | 143 | root = json.loads(jsondata) |
| 149 | 144 | ||
| 150 | for elt in root['CVE_Items']: | 145 | for elt in root['CVE_Items']: |
| 151 | if not elt['impact']: | 146 | if not elt['impact']: |