summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChin Huat Ang <chin.huat.ang@intel.com>2019-07-25 10:01:20 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-26 08:41:39 +0100
commitfa1a3f5328d2ee6d96e01f55e7c194a0e09c95da (patch)
tree0e16712883832cc5e9d30fe0fcf326e2c043b6c6
parentb8cbefb3fdb4b62a8a536c717359fd6314335cb7 (diff)
downloadpoky-fa1a3f5328d2ee6d96e01f55e7c194a0e09c95da.tar.gz
cve-update-db-native: fix https proxy issues
When https_proxy is set, use proxy opener to open CVE metadata and database URLs, otherwise fallback to the urllib.request.urlopen. Also fix a minor issue where the json database which has been gzip decompressed as byte object should be decoded as utf-8 string as expected by update_db. (From OE-Core rev: 95438d52b732bec217301fbfc2fb019bbc3707c8) Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb41
1 files changed, 30 insertions, 11 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 9c083bdc99..2c427a5884 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -22,7 +22,7 @@ python do_populate_cve_db() {
22 Update NVD database with json data feed 22 Update NVD database with json data feed
23 """ 23 """
24 24
25 import sqlite3, urllib, shutil, gzip 25 import sqlite3, urllib, urllib.parse, shutil, gzip
26 from datetime import date 26 from datetime import date
27 27
28 BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" 28 BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
@@ -32,6 +32,16 @@ python do_populate_cve_db() {
32 db_file = os.path.join(db_dir, 'nvdcve_1.0.db') 32 db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
33 json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') 33 json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
34 proxy = d.getVar("https_proxy") 34 proxy = d.getVar("https_proxy")
35
36 if proxy:
37 # instantiate an opener but do not install it as the global
38 # opener unless if we're really sure it's applicable for all
39 # urllib requests
40 proxy_handler = urllib.request.ProxyHandler({'https': proxy})
41 proxy_opener = urllib.request.build_opener(proxy_handler)
42 else:
43 proxy_opener = None
44
35 cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') 45 cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
36 46
37 if not os.path.isdir(db_dir): 47 if not os.path.isdir(db_dir):
@@ -49,11 +59,17 @@ python do_populate_cve_db() {
49 json_url = year_url + ".json.gz" 59 json_url = year_url + ".json.gz"
50 60
51 # Retrieve meta last modified date 61 # Retrieve meta last modified date
52 req = urllib.request.Request(meta_url) 62
53 if proxy: 63 response = None
54 req.set_proxy(proxy, 'https') 64
55 with urllib.request.urlopen(req) as r: 65 if proxy_opener:
56 for l in r.read().decode("utf-8").splitlines(): 66 response = proxy_opener.open(meta_url)
67 else:
68 req = urllib.request.Request(meta_url)
69 response = urllib.request.urlopen(req)
70
71 if response:
72 for l in response.read().decode("utf-8").splitlines():
57 key, value = l.split(":", 1) 73 key, value = l.split(":", 1)
58 if key == "lastModifiedDate": 74 if key == "lastModifiedDate":
59 last_modified = value 75 last_modified = value
@@ -71,11 +87,14 @@ python do_populate_cve_db() {
71 87
72 # Update db with current year json file 88 # Update db with current year json file
73 try: 89 try:
74 req = urllib.request.Request(json_url) 90 if proxy_opener:
75 if proxy: 91 response = proxy_opener.open(json_url)
76 req.set_proxy(proxy, 'https') 92 else:
77 with urllib.request.urlopen(req) as r: 93 req = urllib.request.Request(json_url)
78 update_db(c, gzip.decompress(r.read())) 94 response = urllib.request.urlopen(req)
95
96 if response:
97 update_db(c, gzip.decompress(response.read()).decode('utf-8'))
79 c.execute("insert or replace into META values (?, ?)", [year, last_modified]) 98 c.execute("insert or replace into META values (?, ?)", [year, last_modified])
80 except urllib.error.URLError as e: 99 except urllib.error.URLError as e:
81 cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') 100 cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')