[OE-core] [PATCH 3/3] cve-update-db-native: clean up JSON fetching
Ross Burton
ross.burton at intel.com
Fri Jul 19 20:33:19 UTC 2019
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
.../recipes-core/meta/cve-update-db-native.bb | 29 ++++++++-----------
1 file changed, 12 insertions(+), 17 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 41a2aa8f207..9c083bdc991 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -67,25 +67,20 @@ python do_populate_cve_db() {
meta = c.fetchone()
if not meta or meta[0] != last_modified:
# Clear products table entries corresponding to current year
- cve_year = 'CVE-' + str(year) + '%'
- c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
+ c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
# Update db with current year json file
- req = urllib.request.Request(json_url)
- if proxy:
- req.set_proxy(proxy, 'https')
try:
- with urllib.request.urlopen(req, timeout=1) as r, \
- open(json_tmpfile, 'wb') as tmpfile:
- shutil.copyfileobj(r, tmpfile)
- except:
+ req = urllib.request.Request(json_url)
+ if proxy:
+ req.set_proxy(proxy, 'https')
+ with urllib.request.urlopen(req) as r:
+ update_db(c, gzip.decompress(r.read()))
+ c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+ except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
- break
-
- with gzip.open(json_tmpfile, 'rt') as jsonfile:
- update_db(c, jsonfile)
- c.execute("insert or replace into META values (?, ?)",
- [year, last_modified])
+ bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+ return
# Update success, set the date to cve_check file.
if year == date.today().year:
@@ -148,9 +143,9 @@ def parse_node_and_insert(c, node, cveId):
c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
-def update_db(c, json_filename):
+def update_db(c, jsondata):
import json
- root = json.load(json_filename)
+ root = json.loads(jsondata)
for elt in root['CVE_Items']:
if not elt['impact']:
--
2.20.1
More information about the Openembedded-core
mailing list