From 2bd56b2474c6180338d2ad1b485352c88e84a250 Mon Sep 17 00:00:00 2001
From: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Date: Wed, 6 Nov 2019 17:37:25 +0200
Subject: cve-update-db: Catch request.urlopen errors.

If the NVD url is not accessible, print a warning on top of the CVE
report, and continue. The database will not be fully updated, but
cve_check can still run on the previous database.

(From OE-Core rev: 0325dd72714f0b447558084f481b77f0ec850eed)

(From OE-Core rev: ae743789d893e950583014f38f0ad246aa4fe034)

Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/meta/cve-update-db.bb | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

(limited to 'meta/recipes-core/meta')

diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-core/meta/cve-update-db.bb
index 3e5bae8b1d..ae8f1a958b 100644
--- a/meta/recipes-core/meta/cve-update-db.bb
+++ b/meta/recipes-core/meta/cve-update-db.bb
@@ -28,6 +28,7 @@ python do_populate_cve_db() {
     db_file = db_dir + '/nvd-json.db'
     json_tmpfile = db_dir + '/nvd.json.gz'
     proxy = d.getVar("https_proxy")
+    cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a')
 
     if not os.path.isdir(db_dir):
         os.mkdir(db_dir)
@@ -47,9 +48,13 @@ python do_populate_cve_db() {
         req = urllib.request.Request(meta_url)
         if proxy:
             req.set_proxy(proxy, 'https')
-        with urllib.request.urlopen(req) as r:
-            date_line = str(r.read().splitlines()[0])
-            last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1)
+        try:
+            with urllib.request.urlopen(req, timeout=1) as r:
+                date_line = str(r.read().splitlines()[0])
+                last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1)
+        except:
+            cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
+            break
 
         # Compare with current db last modified date
         c.execute("select DATE from META where YEAR = '%d'" % year)
@@ -59,19 +64,26 @@ python do_populate_cve_db() {
             req = urllib.request.Request(json_url)
             if proxy:
                 req.set_proxy(proxy, 'https')
-            with urllib.request.urlopen(req) as r, open(json_tmpfile, 'wb') as tmpfile:
-                shutil.copyfileobj(r, tmpfile)
+            try:
+                with urllib.request.urlopen(req, timeout=1) as r, \
+                     open(json_tmpfile, 'wb') as tmpfile:
+                    shutil.copyfileobj(r, tmpfile)
+            except:
+                cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
+                break
+
             with gzip.open(json_tmpfile, 'rt') as jsonfile:
                 update_db(c, jsonfile)
             c.execute("insert or replace into META values (?, ?)",
                     [year, last_modified])
 
+        # Update success, set the date to cve_check file.
+        if year == date.today().year:
+            cve_f.write('CVE database update : %s\n\n' % date.today())
+
+    cve_f.close()
     conn.commit()
     conn.close()
-
-    cve_check_tmp_file =  d.getVar("TMPDIR") + '/cve_check'
-    with open(cve_check_tmp_file, 'a'):
-        os.utime(cve_check_tmp_file, None)
 }
 
 # DJB2 hash algorithm
-- 
cgit v1.2.3-54-g00ecf