diff options
| author | Ross Burton <ross.burton@intel.com> | 2019-07-19 21:33:19 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-22 17:31:03 +0100 |
| commit | 82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc (patch) | |
| tree | cd39c66f3483078a90956e3d92b59a0b184a337d /meta/recipes-core | |
| parent | 297605eec0077c82ee7405c0172643e3cec85c3a (diff) | |
| download | poky-82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc.tar.gz | |
cve-update-db-native: clean up JSON fetching
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
(From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 41a2aa8f20..9c083bdc99 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -67,25 +67,20 @@ python do_populate_cve_db() { | |||
| 67 | meta = c.fetchone() | 67 | meta = c.fetchone() |
| 68 | if not meta or meta[0] != last_modified: | 68 | if not meta or meta[0] != last_modified: |
| 69 | # Clear products table entries corresponding to current year | 69 | # Clear products table entries corresponding to current year |
| 70 | cve_year = 'CVE-' + str(year) + '%' | 70 | c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)) |
| 71 | c.execute("delete from PRODUCTS where ID like ?", (cve_year,)) | ||
| 72 | 71 | ||
| 73 | # Update db with current year json file | 72 | # Update db with current year json file |
| 74 | req = urllib.request.Request(json_url) | ||
| 75 | if proxy: | ||
| 76 | req.set_proxy(proxy, 'https') | ||
| 77 | try: | 73 | try: |
| 78 | with urllib.request.urlopen(req, timeout=1) as r, \ | 74 | req = urllib.request.Request(json_url) |
| 79 | open(json_tmpfile, 'wb') as tmpfile: | 75 | if proxy: |
| 80 | shutil.copyfileobj(r, tmpfile) | 76 | req.set_proxy(proxy, 'https') |
| 81 | except: | 77 | with urllib.request.urlopen(req) as r: |
| 78 | update_db(c, gzip.decompress(r.read())) | ||
| 79 | c.execute("insert or replace into META values (?, ?)", [year, last_modified]) | ||
| 80 | except urllib.error.URLError as e: | ||
| 82 | cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') | 81 | cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') |
| 83 | break | 82 | bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) |
| 84 | 83 | return | |
| 85 | with gzip.open(json_tmpfile, 'rt') as jsonfile: | ||
| 86 | update_db(c, jsonfile) | ||
| 87 | c.execute("insert or replace into META values (?, ?)", | ||
| 88 | [year, last_modified]) | ||
| 89 | 84 | ||
| 90 | # Update success, set the date to cve_check file. | 85 | # Update success, set the date to cve_check file. |
| 91 | if year == date.today().year: | 86 | if year == date.today().year: |
| @@ -148,9 +143,9 @@ def parse_node_and_insert(c, node, cveId): | |||
| 148 | 143 | ||
| 149 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) | 144 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) |
| 150 | 145 | ||
| 151 | def update_db(c, json_filename): | 146 | def update_db(c, jsondata): |
| 152 | import json | 147 | import json |
| 153 | root = json.load(json_filename) | 148 | root = json.loads(jsondata) |
| 154 | 149 | ||
| 155 | for elt in root['CVE_Items']: | 150 | for elt in root['CVE_Items']: |
| 156 | if not elt['impact']: | 151 | if not elt['impact']: |