NVD_DB_VERSION ?= "FKIE"
# Use different file names for each database source, as they synchronize at different moments, so may be slightly different
-CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-1.db'}"
+CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-2.db'}"
CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}"
CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
"""
import bb.progress
import bb.utils
+ import datetime
from datetime import date
import lzma
import sqlite3
initialize_db(conn)
with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
+ pre_update_utc_timestamp = datetime.datetime.now().astimezone(tz=datetime.timezone.utc)
total_years = date.today().year + 1 - YEAR_START
for i, year in enumerate(range(YEAR_START, date.today().year + 1)):
bb.note("Updating %d" % year)
bb.debug(2, "Already up to date (last modified %s)" % last_modified)
# Update success, set the date to cve_check file.
if year == date.today().year:
+ conn.execute("insert into MTIME values (?)", [pre_update_utc_timestamp.isoformat()]).close()
cve_f.write('CVE database update : %s\n\n' % date.today())
conn.commit()
import bb.utils
import bb.progress
import shutil
+ import time
bb.utils.export_proxies(d)
# The NVD database changes once a day, so no need to update more frequently
# Allow the user to force-update
- try:
- import time
- update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
- if update_interval < 0:
- bb.note("CVE database update skipped")
- if not os.path.exists(db_file):
- bb.error("CVE database %s not present, database fetch/update skipped" % db_file)
- return
+ update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+ if update_interval < 0:
+ bb.note("CVE database update skipped")
+ if not os.path.exists(db_file):
+ bb.error("CVE database %s not present, database fetch/update skipped" % db_file)
+ return
+
+ if os.path.exists(db_file):
+ database_time = get_mtime_timestamp_from(db_file)
curr_time = time.time()
- database_time = os.path.getmtime(db_file)
bb.note("Current time: %s; DB time: %s" % (time.ctime(curr_time), time.ctime(database_time)))
if curr_time < database_time:
bb.warn("Database time is in the future, force DB update")
bb.note("CVE database recently updated, skipping")
return
- except OSError:
- pass
-
if bb.utils.to_boolean(d.getVar("BB_NO_NETWORK")):
bb.error("BB_NO_NETWORK attempted to disable fetch, this recipe uses CVE_DB_UPDATE_INTERVAL to control download, set to '-1' to disable fetch or update")
os.remove(db_tmp_file)
+def get_mtime_timestamp_from(db_file):
+ """
+ Resolve the time when the CVE database was previously updated
+ """
+ import datetime
+ import sqlite3
+
+ conn = sqlite3.connect(db_file)
+ curs = conn.cursor()
+ res = curs.execute("select TIMESTAMP from MTIME order by TIMESTAMP desc limit 1;")
+ latest = res.fetchone()[0]
+ latest = datetime.datetime.strptime(latest, '%Y-%m-%dT%H:%M:%S.%f+00:00')
+ latest = latest.astimezone(tz=datetime.timezone.utc)
+ curs.close()
+ conn.close()
+ return latest.timestamp()
+
+
def initialize_db(conn):
with conn:
c = conn.cursor()
+ c.execute("CREATE TABLE IF NOT EXISTS MTIME (TIMESTAMP INT)")
+
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
