diff options
author | Ross Burton <ross.burton@arm.com> | 2023-07-11 12:54:47 +0100 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-07-13 06:39:45 -1000 |
commit | 200c2783b3f8546f561382fff6bd5268680d403a (patch) | |
tree | 2d7c2c84dad2e303c8bad413e1dbd49044decb43 | |
parent | be409f17e64dac2c6fa2cafba73c2084c68c59bf (diff) | |
download | openembedded-core-contrib-200c2783b3f8546f561382fff6bd5268680d403a.tar.gz |
cve-update-nvd2-native: actually use API keys
There were vestigal remains of API key support which could be removed,
but as using an API key - in theory - gives the user larger rate limits
it's probably wise to expose it.
If the user has an API key, then set NVDCVE_API_KEY.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a542de684282bfec79f24ae2f1a2027ffde319d8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 8a48e3ddc3..2f7dad7e82 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -17,6 +17,10 @@ deltask do_populate_sysroot NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0" +# If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key) +# then setting this to get higher rate limits. +NVDCVE_API_KEY ?= "" + # CVE database update interval, in seconds. By default: once a day (24*60*60). # Use 0 to force the update # Use a negative value to skip the update @@ -121,19 +125,14 @@ def nvd_request_next(url, api_key, args): import http import time - headers = {} + request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args)) if api_key: - headers['apiKey'] = api_key - - bb.note("Requesting %s" % str(args)) - - data = urllib.parse.urlencode(args) - - full_request = url + '?' + data + request.add_header("apiKey", api_key) + bb.note("Requesting %s" % request.full_url) for attempt in range(5): try: - r = urllib.request.urlopen(full_request) + r = urllib.request.urlopen(request) if (r.headers['content-encoding'] == 'gzip'): buf = r.read() @@ -144,7 +143,7 @@ def nvd_request_next(url, api_key, args): r.close() except Exception as e: - bb.note("CVE database: received error (%s), retrying (request: %s)" % (e, full_request)) + bb.note("CVE database: received error (%s), retrying" % (e)) time.sleep(6) pass else: @@ -186,9 +185,11 @@ def update_db_file(db_tmp_file, d, database_time): bb.note("Updating entries") index = 0 url = d.getVar("NVDCVE_URL") + api_key = d.getVar("NVDCVE_API_KEY") or None + while True: req_args['startIndex'] = index - raw_data = nvd_request_next(url, None, req_args) + raw_data = nvd_request_next(url, api_key, req_args) if raw_data is None: # We haven't managed to download data return False |