diff options
Diffstat (limited to 'meta/recipes-core/meta/cve-update-db-native.bb')
-rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 51 |
1 files changed, 28 insertions, 23 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index a49f446a53..85874ead01 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
@@ -65,9 +65,7 @@ python do_fetch() { | |||
65 | 65 | ||
66 | # Connect to database | 66 | # Connect to database |
67 | conn = sqlite3.connect(db_file) | 67 | conn = sqlite3.connect(db_file) |
68 | c = conn.cursor() | 68 | initialize_db(conn) |
69 | |||
70 | initialize_db(c) | ||
71 | 69 | ||
72 | with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: | 70 | with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: |
73 | total_years = date.today().year + 1 - YEAR_START | 71 | total_years = date.today().year + 1 - YEAR_START |
@@ -96,18 +94,20 @@ python do_fetch() { | |||
96 | return | 94 | return |
97 | 95 | ||
98 | # Compare with current db last modified date | 96 | # Compare with current db last modified date |
99 | c.execute("select DATE from META where YEAR = ?", (year,)) | 97 | cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) |
100 | meta = c.fetchone() | 98 | meta = cursor.fetchone() |
99 | cursor.close() | ||
100 | |||
101 | if not meta or meta[0] != last_modified: | 101 | if not meta or meta[0] != last_modified: |
102 | # Clear products table entries corresponding to current year | 102 | # Clear products table entries corresponding to current year |
103 | c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)) | 103 | conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close() |
104 | 104 | ||
105 | # Update db with current year json file | 105 | # Update db with current year json file |
106 | try: | 106 | try: |
107 | response = urllib.request.urlopen(json_url) | 107 | response = urllib.request.urlopen(json_url) |
108 | if response: | 108 | if response: |
109 | update_db(c, gzip.decompress(response.read()).decode('utf-8')) | 109 | update_db(conn, gzip.decompress(response.read()).decode('utf-8')) |
110 | c.execute("insert or replace into META values (?, ?)", [year, last_modified]) | 110 | conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() |
111 | except urllib.error.URLError as e: | 111 | except urllib.error.URLError as e: |
112 | cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') | 112 | cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') |
113 | bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) | 113 | bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) |
@@ -125,21 +125,26 @@ do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" | |||
125 | do_fetch[file-checksums] = "" | 125 | do_fetch[file-checksums] = "" |
126 | do_fetch[vardeps] = "" | 126 | do_fetch[vardeps] = "" |
127 | 127 | ||
128 | def initialize_db(c): | 128 | def initialize_db(conn): |
129 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | 129 | with conn: |
130 | c = conn.cursor() | ||
131 | |||
132 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | ||
133 | |||
134 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ | ||
135 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") | ||
130 | 136 | ||
131 | c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ | 137 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ |
132 | SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") | 138 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ |
139 | VERSION_END TEXT, OPERATOR_END TEXT)") | ||
140 | c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") | ||
133 | 141 | ||
134 | c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ | 142 | c.close() |
135 | VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ | ||
136 | VERSION_END TEXT, OPERATOR_END TEXT)") | ||
137 | c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") | ||
138 | 143 | ||
139 | def parse_node_and_insert(c, node, cveId): | 144 | def parse_node_and_insert(conn, node, cveId): |
140 | # Parse children node if needed | 145 | # Parse children node if needed |
141 | for child in node.get('children', ()): | 146 | for child in node.get('children', ()): |
142 | parse_node_and_insert(c, child, cveId) | 147 | parse_node_and_insert(conn, child, cveId) |
143 | 148 | ||
144 | def cpe_generator(): | 149 | def cpe_generator(): |
145 | for cpe in node.get('cpe_match', ()): | 150 | for cpe in node.get('cpe_match', ()): |
@@ -196,9 +201,9 @@ def parse_node_and_insert(c, node, cveId): | |||
196 | # Save processing by representing as -. | 201 | # Save processing by representing as -. |
197 | yield [cveId, vendor, product, '-', '', '', ''] | 202 | yield [cveId, vendor, product, '-', '', '', ''] |
198 | 203 | ||
199 | c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) | 204 | conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close() |
200 | 205 | ||
201 | def update_db(c, jsondata): | 206 | def update_db(conn, jsondata): |
202 | import json | 207 | import json |
203 | root = json.loads(jsondata) | 208 | root = json.loads(jsondata) |
204 | 209 | ||
@@ -222,12 +227,12 @@ def update_db(c, jsondata): | |||
222 | accessVector = accessVector or "UNKNOWN" | 227 | accessVector = accessVector or "UNKNOWN" |
223 | cvssv3 = 0.0 | 228 | cvssv3 = 0.0 |
224 | 229 | ||
225 | c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", | 230 | conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", |
226 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]) | 231 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() |
227 | 232 | ||
228 | configurations = elt['configurations']['nodes'] | 233 | configurations = elt['configurations']['nodes'] |
229 | for config in configurations: | 234 | for config in configurations: |
230 | parse_node_and_insert(c, config, cveId) | 235 | parse_node_and_insert(conn, config, cveId) |
231 | 236 | ||
232 | 237 | ||
233 | do_fetch[nostamp] = "1" | 238 | do_fetch[nostamp] = "1" |