diff options
author | Ross Burton <ross.burton@arm.com> | 2023-07-11 12:54:47 +0100 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-07-13 07:03:17 -1000 |
commit | 87f16e1f3be3e482eabfcf6f3af838e5c8165728 (patch) | |
tree | 1d626821d9a992e59d5c212a3c477fe4c20feaa4 /meta | |
parent | 579797adaba3f3b57d662e6b71280af458940cb3 (diff) | |
download | poky-87f16e1f3be3e482eabfcf6f3af838e5c8165728.tar.gz |
cve-update-nvd2-native: actually use API keys
There were vestigal remains of API key support which could be removed,
but as using an API key - in theory - gives the user larger rate limits
it's probably wise to expose it.
If the user has an API key, then set NVDCVE_API_KEY.
(From OE-Core rev: b3fc8ef9aba822b3d485242c8ebd0e0bff0ebfc8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a542de684282bfec79f24ae2f1a2027ffde319d8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 8a48e3ddc3..2f7dad7e82 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
@@ -17,6 +17,10 @@ deltask do_populate_sysroot | |||
17 | 17 | ||
18 | NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0" | 18 | NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0" |
19 | 19 | ||
20 | # If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key) | ||
21 | # then setting this to get higher rate limits. | ||
22 | NVDCVE_API_KEY ?= "" | ||
23 | |||
20 | # CVE database update interval, in seconds. By default: once a day (24*60*60). | 24 | # CVE database update interval, in seconds. By default: once a day (24*60*60). |
21 | # Use 0 to force the update | 25 | # Use 0 to force the update |
22 | # Use a negative value to skip the update | 26 | # Use a negative value to skip the update |
@@ -121,19 +125,14 @@ def nvd_request_next(url, api_key, args): | |||
121 | import http | 125 | import http |
122 | import time | 126 | import time |
123 | 127 | ||
124 | headers = {} | 128 | request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args)) |
125 | if api_key: | 129 | if api_key: |
126 | headers['apiKey'] = api_key | 130 | request.add_header("apiKey", api_key) |
127 | 131 | bb.note("Requesting %s" % request.full_url) | |
128 | bb.note("Requesting %s" % str(args)) | ||
129 | |||
130 | data = urllib.parse.urlencode(args) | ||
131 | |||
132 | full_request = url + '?' + data | ||
133 | 132 | ||
134 | for attempt in range(5): | 133 | for attempt in range(5): |
135 | try: | 134 | try: |
136 | r = urllib.request.urlopen(full_request) | 135 | r = urllib.request.urlopen(request) |
137 | 136 | ||
138 | if (r.headers['content-encoding'] == 'gzip'): | 137 | if (r.headers['content-encoding'] == 'gzip'): |
139 | buf = r.read() | 138 | buf = r.read() |
@@ -144,7 +143,7 @@ def nvd_request_next(url, api_key, args): | |||
144 | r.close() | 143 | r.close() |
145 | 144 | ||
146 | except Exception as e: | 145 | except Exception as e: |
147 | bb.note("CVE database: received error (%s), retrying (request: %s)" % (e, full_request)) | 146 | bb.note("CVE database: received error (%s), retrying" % (e)) |
148 | time.sleep(6) | 147 | time.sleep(6) |
149 | pass | 148 | pass |
150 | else: | 149 | else: |
@@ -186,9 +185,11 @@ def update_db_file(db_tmp_file, d, database_time): | |||
186 | bb.note("Updating entries") | 185 | bb.note("Updating entries") |
187 | index = 0 | 186 | index = 0 |
188 | url = d.getVar("NVDCVE_URL") | 187 | url = d.getVar("NVDCVE_URL") |
188 | api_key = d.getVar("NVDCVE_API_KEY") or None | ||
189 | |||
189 | while True: | 190 | while True: |
190 | req_args['startIndex'] = index | 191 | req_args['startIndex'] = index |
191 | raw_data = nvd_request_next(url, None, req_args) | 192 | raw_data = nvd_request_next(url, api_key, req_args) |
192 | if raw_data is None: | 193 | if raw_data is None: |
193 | # We haven't managed to download data | 194 | # We haven't managed to download data |
194 | return False | 195 | return False |