unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
From: Tobias Geerinckx-Rice via Guix-patches via <guix-patches@gnu.org>
To: 47193@debbugs.gnu.org
Subject: [bug#47193] [PATCH 1/2] lint: Sort possible vulnerabilities.
Date: Tue, 16 Mar 2021 17:06:52 +0100	[thread overview]
Message-ID: <20210316160653.9891-1-me@tobias.gr> (raw)
In-Reply-To: <87im5rm6lw.fsf@nckx>

* guix/lint.scm (check-vulnerabilities): Sort unpatched vulnerabilities
by ID.
---
 guix/lint.scm | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/guix/lint.scm b/guix/lint.scm
index 5144fa139d..ed57e19fe2 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1164,6 +1164,23 @@ the NIST server non-fatal."
                                             package-vulnerabilities))
   "Check for known vulnerabilities for PACKAGE.  Obtain the list of
 vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
+
+  (define (vulnerability< v1 v2)
+    (define (string-list< list1 list2)
+      (match list1
+        ((head1 tail1 ...)
+         (match list2
+           ((head2 tail2 ...)
+            (if (string=? head1 head2)
+                (string-list< tail1 tail2)
+                (string<? head1 head2)))
+           (_ #f)))
+        (_ #f)))
+
+    (let ((separators (char-set-complement char-set:letter+digit)))
+      (string-list< (string-split (vulnerability-id v1) separators)
+                    (string-split (vulnerability-id v2) separators))))
+
   (let ((package (or (package-replacement package) package)))
     (match (package-vulnerabilities package)
       (()
@@ -1184,7 +1201,8 @@ vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
               (make-warning
                package
                (G_ "probably vulnerable to ~a")
-               (list (string-join (map vulnerability-id unpatched)
+               (list (string-join (map vulnerability-id
+                                       (sort unpatched vulnerability<))
                                   ", "))))))))))
 
 (define (check-for-updates package)
-- 
2.30.1





  reply	other threads:[~2021-03-16 16:10 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-16 16:00 [bug#47193] Fancify guix lint -c cve output Tobias Geerinckx-Rice via Guix-patches via
2021-03-16 16:06 ` Tobias Geerinckx-Rice via Guix-patches via [this message]
2021-03-16 16:06   ` [bug#47193] [PATCH 2/2] lint: Indicate CVE severity Tobias Geerinckx-Rice via Guix-patches via
2021-03-31 13:03     ` [bug#47193] Fancify guix lint -c cve output Ludovic Courtès
2021-03-31 13:06       ` Léo Le Bouter via Guix-patches via
2021-03-31 20:57         ` Ludovic Courtès
2021-04-01 23:36           ` Léo Le Bouter via Guix-patches via
2021-03-31 12:53   ` Ludovic Courtès
2021-03-16 18:19 ` Léo Le Bouter via Guix-patches via
2021-03-16 21:12   ` Tobias Geerinckx-Rice via Guix-patches via
2021-03-17  8:13     ` Léo Le Bouter via Guix-patches via
2021-03-17 19:32       ` Tobias Geerinckx-Rice via Guix-patches via

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210316160653.9891-1-me@tobias.gr \
    --to=guix-patches@gnu.org \
    --cc=47193@debbugs.gnu.org \
    --cc=me@tobias.gr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).