diff options
author | Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> | 2019-07-03 11:35:06 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-05 12:00:15 +0100 |
commit | 0325dd72714f0b447558084f481b77f0ec850eed (patch) | |
tree | e5fb6f626f279d2cde4e710f009ac1f2f6abf0d8 /meta/recipes-core/meta | |
parent | 3c7b6dfecd22eae369bba54437cdff91fa8542df (diff) | |
download | openembedded-core-contrib-0325dd72714f0b447558084f481b77f0ec850eed.tar.gz |
cve-update-db: Catch request.urlopen errors.
If the NVD url is not accessible, print a warning on top of the CVE
report, and continue. The database will not be fully updated, but
cve_check can still run on the previous database.
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/meta')
-rw-r--r-- | meta/recipes-core/meta/cve-update-db.bb | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-core/meta/cve-update-db.bb index 3e5bae8b1d..ae8f1a958b 100644 --- a/meta/recipes-core/meta/cve-update-db.bb +++ b/meta/recipes-core/meta/cve-update-db.bb @@ -28,6 +28,7 @@ python do_populate_cve_db() { db_file = db_dir + '/nvd-json.db' json_tmpfile = db_dir + '/nvd.json.gz' proxy = d.getVar("https_proxy") + cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a') if not os.path.isdir(db_dir): os.mkdir(db_dir) @@ -47,9 +48,13 @@ python do_populate_cve_db() { req = urllib.request.Request(meta_url) if proxy: req.set_proxy(proxy, 'https') - with urllib.request.urlopen(req) as r: - date_line = str(r.read().splitlines()[0]) - last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1) + try: + with urllib.request.urlopen(req, timeout=1) as r: + date_line = str(r.read().splitlines()[0]) + last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1) + except: + cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') + break # Compare with current db last modified date c.execute("select DATE from META where YEAR = '%d'" % year) @@ -59,19 +64,26 @@ python do_populate_cve_db() { req = urllib.request.Request(json_url) if proxy: req.set_proxy(proxy, 'https') - with urllib.request.urlopen(req) as r, open(json_tmpfile, 'wb') as tmpfile: - shutil.copyfileobj(r, tmpfile) + try: + with urllib.request.urlopen(req, timeout=1) as r, \ + open(json_tmpfile, 'wb') as tmpfile: + shutil.copyfileobj(r, tmpfile) + except: + cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') + break + with gzip.open(json_tmpfile, 'rt') as jsonfile: update_db(c, jsonfile) c.execute("insert or replace into META values (?, ?)", [year, last_modified]) + # Update success, set the date to cve_check file. + if year == date.today().year: + cve_f.write('CVE database update : %s\n\n' % date.today()) + + cve_f.close() conn.commit() conn.close() - - cve_check_tmp_file = d.getVar("TMPDIR") + '/cve_check' - with open(cve_check_tmp_file, 'a'): - os.utime(cve_check_tmp_file, None) } # DJB2 hash algorithm |