cve-update-nvd2-native: faster requests with API keys

As per NVD, the public rate limit is 5 requests in 30s (6s delay). Using an API key increases the limit to 50 requests in 30s (0.6s delay). However, NVD still recommends sleeping for several seconds so that the other legitimate requests are serviced without denial or interruption. Keeping the default sleep at 6 seconds and 2 seconds with an API key. For failures, the wait time is unchanged (6 seconds). Reference: https://nvd.nist.gov/developers/start-here#RateLimits (From OE-Core rev: 5c32e2941d1dc3d04a799a1b7cbd275c1ccc9e79) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-26 18:32:13 +02:00 · 2023-12-11 02:04:59 -08:00
parent bebebac37d
commit ef371d1cb3
1 changed files with 6 additions and 1 deletions
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -188,6 +188,11 @@ def update_db_file(db_tmp_file, d, database_time):
        api_key = d.getVar("NVDCVE_API_KEY") or None
        attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS"))

+        # Recommended by NVD
+        wait_time = 6
+        if api_key:
+            wait_time = 2
+
        while True:
            req_args['startIndex'] = index
            raw_data = nvd_request_next(url, attempts, api_key, req_args)
@@ -210,7 +215,7 @@ def update_db_file(db_tmp_file, d, database_time):
               break

            # Recommended by NVD
-            time.sleep(6)
+            time.sleep(wait_time)

        # Update success, set the date to cve_check file.
        cve_f.write('CVE database update : %s\n\n' % datetime.date.today())