Skip to content

Commit 7cf215a

Browse files
Mab879Mab879
committed
Refuse to update old databases
Very old databases can cause 1000+ http requests due getting every CVE. For very old database it is better to download the latest new archive.
1 parent 27ef5ee commit 7cf215a

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

cmd/cvetool/update.go

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ import (
1616
"github.com/urfave/cli/v2"
1717
)
1818

19+
const oldDatabaseThresholdDuration = 24 * time.Hour * 30
20+
1921
var updateCmd = &cli.Command{
2022
Name: "update",
2123
Aliases: []string{"u"},
@@ -28,12 +30,17 @@ var updateCmd = &cli.Command{
2830
Usage: "where to look for the matcher DB",
2931
EnvVars: []string{"DB_PATH"},
3032
},
33+
&cli.BoolFlag{
34+
Name: "allow-updating-old-database",
35+
Usage: "Allow updating a database older than 30 days. Updating an old database is very slow, it is suggested to delete and create anew.",
36+
},
3137
},
3238
}
3339

3440
func update(c *cli.Context) error {
3541
ctx := c.Context
3642
dbPath := c.String("db-path")
43+
allowUpdatingOldDatabase := c.Bool("allow-updating-old-database")
3744
if dbPath == "" {
3845
var err error
3946
dbPath, err = getDefaultDBPath()
@@ -82,6 +89,32 @@ func update(c *cli.Context) error {
8289
},
8390
}
8491

92+
// Check last update time
93+
updateOps, err := matcherStore.GetUpdateOperations(ctx, driver.VulnerabilityKind)
94+
if err != nil {
95+
return fmt.Errorf("error getting update operations: %v", err)
96+
}
97+
98+
// Find the most recent update time across all updaters
99+
var lastUpdate time.Time
100+
for _, ops := range updateOps {
101+
if len(ops) > 0 {
102+
// ops are sorted by date descending, so first element is most recent
103+
if ops[0].Date.After(lastUpdate) {
104+
lastUpdate = ops[0].Date
105+
}
106+
}
107+
}
108+
109+
if !lastUpdate.IsZero() {
110+
fmt.Printf("Last update: %s (%s ago)\n", lastUpdate.Format(time.RFC1123), time.Since(lastUpdate).Round(time.Second))
111+
if time.Since(lastUpdate) > oldDatabaseThresholdDuration && !allowUpdatingOldDatabase {
112+
return fmt.Errorf("Database more than 30 days old, refusing to update. Delete the database at %s and run this command again.", dbPath)
113+
}
114+
} else {
115+
fmt.Println("No previous updates found in database")
116+
}
117+
85118
lv, err := libvuln.New(ctx, matcherOpts)
86119
if err != nil {
87120
return fmt.Errorf("error creating Libvuln: %v", err)

0 commit comments

Comments
 (0)