mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 12:29:55 +00:00
Code Issues Projects Releases Wiki Activity

cve-update-db-native: fix https proxy issues

Browse Source 
When https_proxy is set, use proxy opener to open CVE metadata and
database URLs, otherwise fallback to the urllib.request.urlopen.

Also fix a minor issue where the json database which has been gzip
decompressed as byte object should be decoded as utf-8 string as
expected by update_db.

(From OE-Core rev: 95438d52b732bec217301fbfc2fb019bbc3707c8)

Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Chin Huat Ang
2019-07-25 10:01:20 +08:00
committed by Richard Purdie
parent b8cbefb3fd
commit fa1a3f5328
1 changed files with 30 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/meta/cve-update-db-native.bb
+30 -11
View File
@@ -22,7 +22,7 @@ python do_populate_cve_db() {
Update NVD database with json data feed Update NVD database with json data feed
""" """
import sqlite3, urllib, shutil, gzip import sqlite3, urllib, urllib.parse, shutil, gzip
from datetime import date from datetime import date
BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
@@ -32,6 +32,16 @@ python do_populate_cve_db() {
db_file = os.path.join(db_dir, 'nvdcve_1.0.db') db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
proxy = d.getVar("https_proxy") proxy = d.getVar("https_proxy")
if proxy:
# instantiate an opener but do not install it as the global
# opener unless if we're really sure it's applicable for all
# urllib requests
proxy_handler = urllib.request.ProxyHandler({'https': proxy})
proxy_opener = urllib.request.build_opener(proxy_handler)
else:
proxy_opener = None
cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
if not os.path.isdir(db_dir): if not os.path.isdir(db_dir):
@@ -49,11 +59,17 @@ python do_populate_cve_db() {
json_url = year_url + ".json.gz" json_url = year_url + ".json.gz"
# Retrieve meta last modified date # Retrieve meta last modified date
req = urllib.request.Request(meta_url)
if proxy: response = None
req.set_proxy(proxy, 'https')
with urllib.request.urlopen(req) as r: if proxy_opener:
for l in r.read().decode("utf-8").splitlines(): response = proxy_opener.open(meta_url)
else:
req = urllib.request.Request(meta_url)
response = urllib.request.urlopen(req)
if response:
for l in response.read().decode("utf-8").splitlines():
key, value = l.split(":", 1) key, value = l.split(":", 1)
if key == "lastModifiedDate": if key == "lastModifiedDate":
last_modified = value last_modified = value
@@ -71,11 +87,14 @@ python do_populate_cve_db() {
# Update db with current year json file # Update db with current year json file
try: try:
req = urllib.request.Request(json_url) if proxy_opener:
if proxy: response = proxy_opener.open(json_url)
req.set_proxy(proxy, 'https') else:
with urllib.request.urlopen(req) as r: req = urllib.request.Request(json_url)
update_db(c, gzip.decompress(r.read())) response = urllib.request.urlopen(req)
if response:
update_db(c, gzip.decompress(response.read()).decode('utf-8'))
c.execute("insert or replace into META values (?, ?)", [year, last_modified]) c.execute("insert or replace into META values (?, ?)", [year, last_modified])
except urllib.error.URLError as e: except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')