[oe-commits] [openembedded-core] 28/49: cve-update-db-native: clean up JSON fetching
git at git.openembedded.org
git at git.openembedded.org
Wed Nov 6 20:45:15 UTC 2019
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch sumo-next
in repository openembedded-core.
commit 1d34aec479156a7dadf7867bbf0d53f12d21ef3e
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Wed Nov 6 17:37:41 2019 +0200
cve-update-db-native: clean up JSON fetching
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
(From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/recipes-core/meta/cve-update-db-native.bb | 29 +++++++++++---------------
1 file changed, 12 insertions(+), 17 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 6907197..a06b74a 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -62,25 +62,20 @@ python do_populate_cve_db() {
meta = c.fetchone()
if not meta or meta[0] != last_modified:
# Clear products table entries corresponding to current year
- cve_year = 'CVE-' + str(year) + '%'
- c.execute("delete from PRODUCTS where ID like ?", (cve_year,))
+ c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
# Update db with current year json file
- req = urllib.request.Request(json_url)
- if proxy:
- req.set_proxy(proxy, 'https')
try:
- with urllib.request.urlopen(req, timeout=1) as r, \
- open(json_tmpfile, 'wb') as tmpfile:
- shutil.copyfileobj(r, tmpfile)
- except:
+ req = urllib.request.Request(json_url)
+ if proxy:
+ req.set_proxy(proxy, 'https')
+ with urllib.request.urlopen(req) as r:
+ update_db(c, gzip.decompress(r.read()))
+ c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+ except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
- break
-
- with gzip.open(json_tmpfile, 'rt') as jsonfile:
- update_db(c, jsonfile)
- c.execute("insert or replace into META values (?, ?)",
- [year, last_modified])
+ bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+ return
# Update success, set the date to cve_check file.
if year == date.today().year:
@@ -143,9 +138,9 @@ def parse_node_and_insert(c, node, cveId):
c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
-def update_db(c, json_filename):
+def update_db(c, jsondata):
import json
- root = json.load(json_filename)
+ root = json.loads(jsondata)
for elt in root['CVE_Items']:
if not elt['impact']:
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list