Skip to content

Commit

Permalink
Change: Use XML file iterator for CVE updates
Browse files Browse the repository at this point in the history 
The update of the CVEs now also uses the XML file iterator instead of
loading and parsing the whole file.
Also, a memory leak in insert_cve_products has been fixed.

This reduces the amount of memory used during the update.
  • Loading branch information
@timopollmeier
timopollmeier committed Mar 6, 2024
1 parent 8891f74 commit 3a1ee4c
Showing 1 changed file with 47 additions and 33 deletions.
80 changes: 47 additions & 33 deletions src/manage_sql_secinfo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2370,8 +2370,7 @@ insert_cve_products (element_t list, resource_t cve,
gchar *quoted_product, *product_decoded;
gchar *product_tilde;

product_decoded = g_uri_unescape_string
(element_text (product), NULL);
product_decoded = g_uri_unescape_string (product_text, NULL);
product_tilde = string_replace (product_decoded,
"~", "%7E", "%7e",
NULL);
Expand Down Expand Up @@ -2641,12 +2640,13 @@ insert_cve_from_entry (element_t entry, element_t last_modified,
static int
update_cve_xml (const gchar *xml_path, GHashTable *hashed_cpes)
{
GError *error;
element_t element, entry;
gchar *xml, *full_path;
gsize xml_len;
gchar *error_message = NULL;
xml_file_iterator_t iterator;
element_t entry;
gchar *full_path;
GStatBuf state;
int transaction_size = 0;
int ret;

full_path = g_build_filename (GVM_SCAP_DATA_DIR, xml_path, NULL);

Expand All @@ -2660,29 +2660,31 @@ update_cve_xml (const gchar *xml_path, GHashTable *hashed_cpes)

g_info ("Updating %s", full_path);

error = NULL;
g_file_get_contents (full_path, &xml, &xml_len, &error);
if (error)
{
g_warning ("%s: Failed to get contents: %s",
__func__,
error->message);
g_error_free (error);
g_free (full_path);
return -1;
}

if (parse_element (xml, &element))
iterator = xml_file_iterator_new ();
ret = xml_file_iterator_init_from_file_path (iterator, full_path, 1);
switch (ret)
{
g_free (xml);
g_warning ("%s: Failed to parse element", __func__);
g_free (full_path);
return -1;
case 0:
break;
case 2:
g_warning ("%s: Could not open file '%s' for XML file iterator: %s",
__func__, full_path, strerror(errno));
xml_file_iterator_free (iterator);
return -1;
case 3:
g_warning ("%s: Could not create parser context for XML file iterator",
__func__);
xml_file_iterator_free (iterator);
return -1;
default:
g_warning ("%s: Could not initialize XML file iterator",
__func__);
xml_file_iterator_free (iterator);
return -1;
}
g_free (xml);

sql_begin_immediate ();
entry = element_first_child (element);
entry = xml_file_iterator_next (iterator, &error_message);
while (entry)
{
if (strcmp (element_name (entry), "entry") == 0)
Expand All @@ -2692,28 +2694,40 @@ update_cve_xml (const gchar *xml_path, GHashTable *hashed_cpes)
last_modified = element_child (entry, "vuln:last-modified-datetime");
if (last_modified == NULL)
{
g_warning ("%s: vuln:last-modified-datetime missing",
__func__);
error_message = g_strdup ("vuln:last-modified-datetime missing");
goto fail;
}

if (insert_cve_from_entry (entry, last_modified, hashed_cpes,
&transaction_size))
goto fail;
{
error_message = g_strdup ("Insert of CVE into database failed");
goto fail;
}
}
entry = element_next (entry);

element_free (entry);
entry = xml_file_iterator_next (iterator, &error_message);
}

element_free (element);
if (error_message)
goto fail;

xml_file_iterator_free (iterator);
g_free (full_path);
sql_commit ();
return 0;

fail:
element_free (element);
g_warning ("Update of CVEs failed at file '%s'",
full_path);
xml_file_iterator_free (iterator);
if (error_message)
g_warning ("Update of CVEs failed at file '%s': %s",
full_path, error_message);
else
g_warning ("Update of CVEs failed at file '%s'",
full_path);
g_free (full_path);
g_free (error_message);
sql_commit ();
return -1;
}
Expand Down

0 comments on commit 3a1ee4c

Please sign in to comment.