summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2019-07-19 21:33:19 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-22 17:31:03 +0100
commit82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc (patch)
treecd39c66f3483078a90956e3d92b59a0b184a337d /meta/recipes-core
parent297605eec0077c82ee7405c0172643e3cec85c3a (diff)
downloadpoky-82b5ed6acf2c1755eadc7901c0aa2952d7f9adbc.tar.gz
cve-update-db-native: clean up JSON fetching
Currently the code fetches the compressed JSON, writes it to a temporary file, uncompresses that with gzip and passes the fake file object to update_db(). Instead, uncompress the gzip'd data in memory and pass the JSON directly to update_db(). (From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb29
1 files changed, 12 insertions, 17 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 41a2aa8f20..9c083bdc99 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -67,25 +67,20 @@ python do_populate_cve_db() {
67 meta = c.fetchone() 67 meta = c.fetchone()
68 if not meta or meta[0] != last_modified: 68 if not meta or meta[0] != last_modified:
69 # Clear products table entries corresponding to current year 69 # Clear products table entries corresponding to current year
70 cve_year = 'CVE-' + str(year) + '%' 70 c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
71 c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
72 71
73 # Update db with current year json file 72 # Update db with current year json file
74 req = urllib.request.Request(json_url)
75 if proxy:
76 req.set_proxy(proxy, 'https')
77 try: 73 try:
78 with urllib.request.urlopen(req, timeout=1) as r, \ 74 req = urllib.request.Request(json_url)
79 open(json_tmpfile, 'wb') as tmpfile: 75 if proxy:
80 shutil.copyfileobj(r, tmpfile) 76 req.set_proxy(proxy, 'https')
81 except: 77 with urllib.request.urlopen(req) as r:
78 update_db(c, gzip.decompress(r.read()))
79 c.execute("insert or replace into META values (?, ?)", [year, last_modified])
80 except urllib.error.URLError as e:
82 cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') 81 cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
83 break 82 bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
84 83 return
85 with gzip.open(json_tmpfile, 'rt') as jsonfile:
86 update_db(c, jsonfile)
87 c.execute("insert or replace into META values (?, ?)",
88 [year, last_modified])
89 84
90 # Update success, set the date to cve_check file. 85 # Update success, set the date to cve_check file.
91 if year == date.today().year: 86 if year == date.today().year:
@@ -148,9 +143,9 @@ def parse_node_and_insert(c, node, cveId):
148 143
149 c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) 144 c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
150 145
151def update_db(c, json_filename): 146def update_db(c, jsondata):
152 import json 147 import json
153 root = json.load(json_filename) 148 root = json.loads(jsondata)
154 149
155 for elt in root['CVE_Items']: 150 for elt in root['CVE_Items']:
156 if not elt['impact']: 151 if not elt['impact']: