Re: [OE-core] [master] [PATCH] cve-update-nvd2-native: faster requests with API keys

Alexandre Belloni via lists.openembedded.org Fri, 08 Dec 2023 06:53:02 -0800

Please follow 
https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#fixing-your-from-identity


On 07/12/2023 18:53:22-0800, Dhairya Nagodra via lists.openembedded.org wrote:
> As per NVD, the public rate limit is 5 requests in 30s (6s delay).
> Using an API key increases the limit to 50 requests in 30s (0.6s delay).
> However, NVD still recommends sleeping for several seconds so that the
> other legitimate requests are serviced without denial or interruption.
> Keeping the default sleep at 6 seconds and 2 seconds with an API key.
> 
> For failures, the wait time is unchanged (6 seconds).
> 
> Reference: https://nvd.nist.gov/developers/start-here#RateLimits
> 
> Signed-off-by: Dhairya Nagodra <[email protected]>
> ---
>  meta/recipes-core/meta/cve-update-nvd2-native.bb | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb 
> b/meta/recipes-core/meta/cve-update-nvd2-native.bb
> index 9ab8dc6050..941fca34c6 100644
> --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
> +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
> @@ -188,6 +188,11 @@ def update_db_file(db_tmp_file, d, database_time):
>          api_key = d.getVar("NVDCVE_API_KEY") or None
>          attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS"))
>  
> +        # Recommended by NVD
> +        wait_time = 6
> +        if api_key:
> +            wait_time = 2
> +
>          while True:
>              req_args['startIndex'] = index
>              raw_data = nvd_request_next(url, attempts, api_key, req_args)
> @@ -210,7 +215,7 @@ def update_db_file(db_tmp_file, d, database_time):
>                 break
>  
>              # Recommended by NVD
> -            time.sleep(6)
> +            time.sleep(wait_time)
>  
>          # Update success, set the date to cve_check file.
>          cve_f.write('CVE database update : %s\n\n' % datetime.date.today())
> -- 
> 2.35.6
> 

> 
> 
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192075): 
https://lists.openembedded.org/g/openembedded-core/message/192075
Mute This Topic: https://lists.openembedded.org/mt/103048465/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [master] [PATCH] cve-update-nvd2-native: faster requests with API keys

Reply via email to