diff options
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 9b6e746add..af21989d58 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
@@ -26,6 +26,12 @@ NVDCVE_API_KEY ?= "" | |||
26 | # Use a negative value to skip the update | 26 | # Use a negative value to skip the update |
27 | CVE_DB_UPDATE_INTERVAL ?= "86400" | 27 | CVE_DB_UPDATE_INTERVAL ?= "86400" |
28 | 28 | ||
29 | # CVE database incremental update age threshold, in seconds. If the database is | ||
30 | # older than this threshold, do a full re-download, else, do an incremental | ||
31 | # update. By default: the maximum allowed value from NVD: 120 days (120*24*60*60) | ||
32 | # Use 0 to force a full download. | ||
33 | CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000" | ||
34 | |||
29 | # Number of attempts for each http query to nvd server before giving up | 35 | # Number of attempts for each http query to nvd server before giving up |
30 | CVE_DB_UPDATE_ATTEMPTS ?= "5" | 36 | CVE_DB_UPDATE_ATTEMPTS ?= "5" |
31 | 37 | ||
@@ -172,18 +178,24 @@ def update_db_file(db_tmp_file, d, database_time): | |||
172 | 178 | ||
173 | req_args = {'startIndex' : 0} | 179 | req_args = {'startIndex' : 0} |
174 | 180 | ||
175 | # The maximum range for time is 120 days | 181 | incr_update_threshold = int(d.getVar("CVE_DB_INCR_UPDATE_AGE_THRES")) |
176 | # Force a complete update if our range is longer | 182 | if database_time != 0: |
177 | if (database_time != 0): | ||
178 | database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc) | 183 | database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc) |
179 | today_date = datetime.datetime.now(tz=datetime.timezone.utc) | 184 | today_date = datetime.datetime.now(tz=datetime.timezone.utc) |
180 | delta = today_date - database_date | 185 | delta = today_date - database_date |
181 | if delta.days < 120: | 186 | if incr_update_threshold == 0: |
187 | bb.note("CVE database: forced full update") | ||
188 | elif delta < datetime.timedelta(seconds=incr_update_threshold): | ||
182 | bb.note("CVE database: performing partial update") | 189 | bb.note("CVE database: performing partial update") |
190 | # The maximum range for time is 120 days | ||
191 | if delta > datetime.timedelta(days=120): | ||
192 | bb.error("CVE database: Trying to do an incremental update on a larger than supported range") | ||
183 | req_args['lastModStartDate'] = database_date.isoformat() | 193 | req_args['lastModStartDate'] = database_date.isoformat() |
184 | req_args['lastModEndDate'] = today_date.isoformat() | 194 | req_args['lastModEndDate'] = today_date.isoformat() |
185 | else: | 195 | else: |
186 | bb.note("CVE database: file too old, forcing a full update") | 196 | bb.note("CVE database: file too old, forcing a full update") |
197 | else: | ||
198 | bb.note("CVE database: no preexisting database, do a full download") | ||
187 | 199 | ||
188 | with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: | 200 | with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: |
189 | 201 | ||