03/07: cve: Include the 3 previous years of vulnerabilities.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/07: cve: Include the 3 previous years of vulnerabilities.

From:	Ludovic Court�s
Subject:	03/07: cve: Include the 3 previous years of vulnerabilities.
Date:	Thu, 26 May 2016 21:59:02 +0000 (UTC)

civodul pushed a commit to branch master
in repository guix.

commit 3af7a7a879b91c59fcd5a025ac55db2c69da4fb7
Author: Ludovic Courtès <address@hidden>
Date:   Thu May 26 23:00:08 2016 +0200

    cve: Include the 3 previous years of vulnerabilities.
    
    * guix/cve.scm (fetch-vulnerabilities): Add 'format' call.
    (current-vulnerabilities): Include the 3 previous years.
---
 guix/cve.scm |   18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/guix/cve.scm b/guix/cve.scm
index 3956864..2167028 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -25,6 +25,7 @@
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-19)
+  #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
   #:use-module (ice-9 regex)
   #:use-module (ice-9 vlist)
@@ -179,6 +180,7 @@ the given TTL (fetch from the NIST web site when TTL has 
expired)."
       (lambda (port)
         ;; XXX: The SSAX "error port" is used to send pointless warnings such 
as
         ;; "warning: Skipping PI".  Turn that off.
+        (format (current-error-port) "fetching CVE database for ~a...~%" year)
         (parameterize ((current-ssax-error-port (%make-void-port "w")))
           (xml->vulnerabilities port)))))
 
@@ -214,9 +216,19 @@ the given TTL (fetch from the NIST web site when TTL has 
expired)."
 (define (current-vulnerabilities)
   "Return the current list of Common Vulnerabilities and Exposures (CVE) as
 published by the US NIST."
-  (append-map fetch-vulnerabilities
-              (list %past-year %current-year)
-              (list %past-year-ttl %current-year-ttl)))
+  (let ((past-years (unfold (cut > <> 3)
+                            (lambda (n)
+                              (- %current-year n))
+                            1+
+                            1))
+        (past-ttls  (unfold (cut > <> 3)
+                            (lambda (n)
+                              (* n %past-year-ttl))
+                            1+
+                            1)))
+    (append-map fetch-vulnerabilities
+                (cons %current-year past-years)
+                (cons %current-year-ttl past-ttls))))
 
 (define (vulnerabilities->lookup-proc vulnerabilities)
   "Return a lookup procedure built from VULNERABILITIES that takes a package

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (f01c461 -> de3bbf6), Ludovic Court�s, 2016/05/26
- 02/07: gnu: isc-dhcp: Specify CPE name., Ludovic Court�s, 2016/05/26
- 06/07: gnu: qemu: Use 'install-file' instead of 'copy-file'., Ludovic Court�s, 2016/05/26
- 07/07: gnu: qemu: Make tests more verbose., Ludovic Court�s, 2016/05/26
- 05/07: gnu: qemu: Use 'modify-phases'., Ludovic Court�s, 2016/05/26
- 03/07: cve: Include the 3 previous years of vulnerabilities., Ludovic Court�s <=
- 01/07: gnu: rush: Fix CVE-2013-6889., Ludovic Court�s, 2016/05/26
- 04/07: gnu: qemu: Disable parallel tests again., Ludovic Court�s, 2016/05/26

Prev by Date: branch master updated (f01c461 -> de3bbf6)
Next by Date: 01/07: gnu: rush: Fix CVE-2013-6889.
Previous by thread: 05/07: gnu: qemu: Use 'modify-phases'.
Next by thread: 01/07: gnu: rush: Fix CVE-2013-6889.
Index(es):
- Date
- Thread