1 files changed, 12 insertions, 11 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 8a48e3ddc3..2f7dad7e82 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -17,6 +17,10 @@ deltask do_populate_sysroot
 NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0"
+# If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key)
+# then setting this to get higher rate limits.
+NVDCVE_API_KEY ?= ""
 # CVE database update interval, in seconds. By default: once a day (24*60*60).
 # Use 0 to force the update
 # Use a negative value to skip the update
@@ -121,19 +125,14 @@ def nvd_request_next(url, api_key, args):
    import http
    import time
-    headers = {}
+    request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args))
    if api_key:
-        headers['apiKey'] = api_key
+        request.add_header("apiKey", api_key)
+    bb.note("Requesting %s" % request.full_url)
-    bb.note("Requesting %s" % str(args))
-    data = urllib.parse.urlencode(args)
-    full_request = url + '?' + data
    for attempt in range(5):
        try:
-            r = urllib.request.urlopen(full_request)
+            r = urllib.request.urlopen(request)
            if (r.headers['content-encoding'] == 'gzip'):
                buf = r.read()
@@ -144,7 +143,7 @@ def nvd_request_next(url, api_key, args):
            r.close()
        except Exception as e:
-            bb.note("CVE database: received error (%s), retrying (request: %s)" % (e, full_request))
+            bb.note("CVE database: received error (%s), retrying" % (e))
            time.sleep(6)
            pass
        else:
@@ -186,9 +185,11 @@ def update_db_file(db_tmp_file, d, database_time):
        bb.note("Updating entries")
        index = 0
        url = d.getVar("NVDCVE_URL")
+        api_key = d.getVar("NVDCVE_API_KEY") or None
        while True:
            req_args['startIndex'] = index
-            raw_data = nvd_request_next(url, None, req_args)
+            raw_data = nvd_request_next(url, api_key, req_args)
            if raw_data is None:
                # We haven't managed to download data
                return False

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 8a48e3ddc3..2f7dad7e82 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -17,6 +17,10 @@ deltask do_populate_sysroot
17		17
18	NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0"	18	NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0"
19		19
		20	# If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key)
		21	# then setting this to get higher rate limits.
		22	NVDCVE_API_KEY ?= ""
		23
20	# CVE database update interval, in seconds. By default: once a day (246060).	24	# CVE database update interval, in seconds. By default: once a day (246060).
21	# Use 0 to force the update	25	# Use 0 to force the update
22	# Use a negative value to skip the update	26	# Use a negative value to skip the update
@@ -121,19 +125,14 @@ def nvd_request_next(url, api_key, args):
121	import http	125	import http
122	import time	126	import time
123		127
124	headers = {}	128	request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args))
125	if api_key:	129	if api_key:
126	headers['apiKey'] = api_key	130	request.add_header("apiKey", api_key)
127		131	bb.note("Requesting %s" % request.full_url)
128	bb.note("Requesting %s" % str(args))
129
130	data = urllib.parse.urlencode(args)
131
132	full_request = url + '?' + data
133		132
134	for attempt in range(5):	133	for attempt in range(5):
135	try:	134	try:
136	r = urllib.request.urlopen(full_request)	135	r = urllib.request.urlopen(request)
137		136
138	if (r.headers['content-encoding'] == 'gzip'):	137	if (r.headers['content-encoding'] == 'gzip'):
139	buf = r.read()	138	buf = r.read()
@@ -144,7 +143,7 @@ def nvd_request_next(url, api_key, args):
144	r.close()	143	r.close()
145		144
146	except Exception as e:	145	except Exception as e:
147	bb.note("CVE database: received error (%s), retrying (request: %s)" % (e, full_request))	146	bb.note("CVE database: received error (%s), retrying" % (e))
148	time.sleep(6)	147	time.sleep(6)
149	pass	148	pass
150	else:	149	else:
@@ -186,9 +185,11 @@ def update_db_file(db_tmp_file, d, database_time):
186	bb.note("Updating entries")	185	bb.note("Updating entries")
187	index = 0	186	index = 0
188	url = d.getVar("NVDCVE_URL")	187	url = d.getVar("NVDCVE_URL")
		188	api_key = d.getVar("NVDCVE_API_KEY") or None
		189
189	while True:	190	while True:
190	req_args['startIndex'] = index	191	req_args['startIndex'] = index
191	raw_data = nvd_request_next(url, None, req_args)	192	raw_data = nvd_request_next(url, api_key, req_args)
192	if raw_data is None:	193	if raw_data is None:
193	# We haven't managed to download data	194	# We haven't managed to download data
194	return False	195	return False