Commit 53d0cc1e authored Nov 18, 2019 by Ross Burton Committed by Richard Purdie Nov 21, 2019

cve-check: fetch CVE data once at a time instead of in a single call

This code used to construct a single SQL statement that fetched the NVD data for
every CVE requested. For recipes such as the kernel where there are over 2000
CVEs to report this can hit the variable count limit and the query fails with
"sqlite3.OperationalError: too many SQL variables". The default limit is 999
variables, but some distributions such as Debian set the default to 250000.

As the NVD table has an index on the ID column, whilst requesting the data
CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time
different is insignificant: 0.05s verses 0.01s on my machine.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

parent f19253cc

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 3ded9a64
· Nov 27, 2019

mentioned in commit 3ded9a64

mentioned in commit 3ded9a64c95ae02df7562fc69e2af08c150d2452

Toggle commit list
mirror @mirror
mentioned in commit b52d6340
· Dec 18, 2019

mentioned in commit b52d6340

mentioned in commit b52d6340acdad27d41caf057b78f181297a9a75e

Toggle commit list
mirror @mirror
mentioned in commit 0f5b748a
· Jan 18, 2020

mentioned in commit 0f5b748a

mentioned in commit 0f5b748a5b7fec41bac16bbc1346230e86bb99e3

Toggle commit list

Please register or to comment