From: Tobias Geerinckx-Rice via Guix-patches via <guix-patches@gnu.org>
To: 47193@debbugs.gnu.org
Subject: [bug#47193] [PATCH 1/2] lint: Sort possible vulnerabilities.
Date: Tue, 16 Mar 2021 17:06:52 +0100 [thread overview]
Message-ID: <20210316160653.9891-1-me@tobias.gr> (raw)
In-Reply-To: <87im5rm6lw.fsf@nckx>
* guix/lint.scm (check-vulnerabilities): Sort unpatched vulnerabilities
by ID.
---
guix/lint.scm | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/guix/lint.scm b/guix/lint.scm
index 5144fa139d..ed57e19fe2 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1164,6 +1164,23 @@ the NIST server non-fatal."
package-vulnerabilities))
"Check for known vulnerabilities for PACKAGE. Obtain the list of
vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
+
+ (define (vulnerability< v1 v2)
+ (define (string-list< list1 list2)
+ (match list1
+ ((head1 tail1 ...)
+ (match list2
+ ((head2 tail2 ...)
+ (if (string=? head1 head2)
+ (string-list< tail1 tail2)
+ (string<? head1 head2)))
+ (_ #f)))
+ (_ #f)))
+
+ (let ((separators (char-set-complement char-set:letter+digit)))
+ (string-list< (string-split (vulnerability-id v1) separators)
+ (string-split (vulnerability-id v2) separators))))
+
(let ((package (or (package-replacement package) package)))
(match (package-vulnerabilities package)
(()
@@ -1184,7 +1201,8 @@ vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
(make-warning
package
(G_ "probably vulnerable to ~a")
- (list (string-join (map vulnerability-id unpatched)
+ (list (string-join (map vulnerability-id
+ (sort unpatched vulnerability<))
", "))))))))))
(define (check-for-updates package)
--
2.30.1
next prev parent reply other threads:[~2021-03-16 16:10 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 16:00 [bug#47193] Fancify guix lint -c cve output Tobias Geerinckx-Rice via Guix-patches via
2021-03-16 16:06 ` Tobias Geerinckx-Rice via Guix-patches via [this message]
2021-03-16 16:06 ` [bug#47193] [PATCH 2/2] lint: Indicate CVE severity Tobias Geerinckx-Rice via Guix-patches via
2021-03-31 13:03 ` [bug#47193] Fancify guix lint -c cve output Ludovic Courtès
2021-03-31 13:06 ` Léo Le Bouter via Guix-patches via
2021-03-31 20:57 ` Ludovic Courtès
2021-04-01 23:36 ` Léo Le Bouter via Guix-patches via
2021-03-31 12:53 ` Ludovic Courtès
2021-03-16 18:19 ` Léo Le Bouter via Guix-patches via
2021-03-16 21:12 ` Tobias Geerinckx-Rice via Guix-patches via
2021-03-17 8:13 ` Léo Le Bouter via Guix-patches via
2021-03-17 19:32 ` Tobias Geerinckx-Rice via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210316160653.9891-1-me@tobias.gr \
--to=guix-patches@gnu.org \
--cc=47193@debbugs.gnu.org \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).