cve-check: fetch CVE data once at a time instead of in a single call - linux/poky.git

diff options

author	Ross Burton <ross.burton@intel.com>	2019-11-24 15:50:15 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +0000
commit	c1cbb6fd15b28adda0f743d390930bf5221842d7 (patch)
tree	523d6eafc568bd23f350f03271258d8dcd4bb0d7 /meta/recipes-support
parent	1f4750c47fe2f2612f835b4808df72d8df3cd000 (diff)
download	poky-c1cbb6fd15b28adda0f743d390930bf5221842d7.tar.gz

cve-check: fetch CVE data once at a time instead of in a single call

This code used to construct a single SQL statement that fetched the NVD data for every CVE requested. For recipes such as the kernel where there are over 2000 CVEs to report this can hit the variable count limit and the query fails with "sqlite3.OperationalError: too many SQL variables". The default limit is 999 variables, but some distributions such as Debian set the default to 250000. As the NVD table has an index on the ID column, whilst requesting the data CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time different is insignificant: 0.05s verses 0.01s on my machine. (From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99) (From OE-Core rev: 3ded9a64c95ae02df7562fc69e2af08c150d2452) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-support')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: