[3/3] cve-update-db: refresh once every 24 hours

Message ID	20190718200400.19750-3-ross.burton@intel.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; From: Ross Burton <ross.burton@intel.com> To: openembedded-core@lists.openembedded.org Date: Thu, 18 Jul 2019 21:04:00 +0100 Message-Id: <20190718200400.19750-3-ross.burton@intel.com> In-Reply-To: <20190718200400.19750-1-ross.burton@intel.com> References: <20190718200400.19750-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 3/3] cve-update-db: refresh once every 24 hours Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org
Series	[1/3] cve-update-db-native: use os.path.join instead of + \| expand [1/3] cve-update-db-native: use os.path.join instead of + [2/3] cve-update-db: actually inherit native [3/3] cve-update-db: refresh once every 24 hours

Message ID

20190718200400.19750-3-ross.burton@intel.com

State

New

Headers

Received-SPF: pass (google.com: best guess record for domain of
	openembedded-core-bounces@lists.openembedded.org designates
	140.211.169.62 as permitted sender) client-ip=140.211.169.62; 
From: Ross Burton <ross.burton@intel.com>
To: openembedded-core@lists.openembedded.org
Date: Thu, 18 Jul 2019 21:04:00 +0100
Message-Id: <20190718200400.19750-3-ross.burton@intel.com>
In-Reply-To: <20190718200400.19750-1-ross.burton@intel.com>
References: <20190718200400.19750-1-ross.burton@intel.com>
MIME-Version: 1.0
Subject: [OE-core] [PATCH 3/3] cve-update-db: refresh once every 24 hours
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: openembedded-core-bounces@lists.openembedded.org
Errors-To: openembedded-core-bounces@lists.openembedded.org

Series

[1/3] cve-update-db-native: use os.path.join instead of + | expand

Commit Message

Ross Burton July 18, 2019, 8:04 p.m. UTC

Check the mtime of the database before updating, and if it's less than 24 hours
ago don't refresh.  This saves the HTTP fetches to determine if the data has
been updated.

Signed-off-by: Ross Burton <ross.burton@intel.com>

---
 meta/recipes-core/meta/cve-update-db-native.bb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

-- 
2.20.1

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Comments

Armin Kuster July 18, 2019, 10:31 p.m. UTC | #1

On 7/18/19 1:04 PM, Ross Burton wrote:
> Check the mtime of the database before updating, and if it's less than 24 hours

> ago don't refresh.  This saves the HTTP fetches to determine if the data has

> been updated.

>

> Signed-off-by: Ross Burton <ross.burton@intel.com>

> ---

>  meta/recipes-core/meta/cve-update-db-native.bb | 7 ++++++-

>  1 file changed, 6 insertions(+), 1 deletion(-)

>

> diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb

> index cabbde5066c..2afca94fc6b 100644

> --- a/meta/recipes-core/meta/cve-update-db-native.bb

> +++ b/meta/recipes-core/meta/cve-update-db-native.bb

> @@ -22,7 +22,7 @@ python do_populate_cve_db() {

>      Update NVD database with json data feed

>      """

>  

> -    import sqlite3, urllib, shutil, gzip, re

> +    import sqlite3, urllib, shutil, gzip, re, time

>      from datetime import date

>  

>      BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"

> @@ -37,6 +37,11 @@ python do_populate_cve_db() {

>      if not os.path.isdir(db_dir):

>          os.mkdir(db_dir)

>  

> +    expiry = time.time() - (60*60*24) # This time yesterday

> +    if os.path.exists(db_file) and expiry < os.path.getmtime(db_file):

> +        bb.note("CVE data updated less than 24 hours ago, not refreshing. Delete %s to force update." % db_file)

> +        return


Any reason this can't be configurable?

- armin
> +

>      # Connect to database

>      conn = sqlite3.connect(db_file)

>      c = conn.cursor()


-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Ross Burton July 18, 2019, 10:37 p.m. UTC | #2

On Thu, 18 Jul 2019 at 23:31, akuster808 <akuster808@gmail.com> wrote:
> Any reason this can't be configurable?


The raw data isn't updated a lot more frequently than that as far as
I'm aware.  Also I may retract this and replace it with simply using
DATE as the hash because otherwise the class causes constant rebuilds
of the world.

Ross
-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index cabbde5066c..2afca94fc6b 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -22,7 +22,7 @@  python do_populate_cve_db() {
     Update NVD database with json data feed
     """
 
-    import sqlite3, urllib, shutil, gzip, re
+    import sqlite3, urllib, shutil, gzip, re, time
     from datetime import date
 
     BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
@@ -37,6 +37,11 @@  python do_populate_cve_db() {
     if not os.path.isdir(db_dir):
         os.mkdir(db_dir)
 
+    expiry = time.time() - (60*60*24) # This time yesterday
+    if os.path.exists(db_file) and expiry < os.path.getmtime(db_file):
+        bb.note("CVE data updated less than 24 hours ago, not refreshing. Delete %s to force update." % db_file)
+        return
+
     # Connect to database
     conn = sqlite3.connect(db_file)
     c = conn.cursor()