From: "Ludovic Courtès" <ludo@gnu.org>
To: Efraim Flashner <efraim@flashner.co.il>
Cc: Maxime Devos <maximedevos@telenet.be>, 53721@debbugs.gnu.org
Subject: [bug#53721] [PATCH] lint: Perform fuzzy search on package names for CVE checker.
Date: Fri, 04 Feb 2022 22:56:14 +0100 [thread overview]
Message-ID: <87bkzmmh35.fsf@gnu.org> (raw)
In-Reply-To: <839345988529640bb54feea0fa830f25bd5bb608.1643811188.git.efraim@flashner.co.il> (Efraim Flashner's message of "Wed, 2 Feb 2022 16:15:20 +0200")
Hello,
Efraim Flashner <efraim@flashner.co.il> skribis:
> - (let ((name (or (assoc-ref (package-properties package)
> - 'cpe-name)
> - (package-name package)))
> - (version (or (assoc-ref (package-properties package)
> - 'cpe-version)
> - (package-version package))))
> + (let* ((pkg-name (package-name package))
> + (version (or (assoc-ref (package-properties package)
> + 'cpe-version)
> + (package-version package)))
> + (name
> + (or (assoc-ref (package-properties package)
> + 'cpe-name)
> + (false-if-exception
> + (first
> + (filter string?
> + (map (lambda (prefix)
> + (when (string-prefix? prefix pkg-name)
> + (string-drop pkg-name (string-length prefix))))
> + '("java-" "perl-" "python-" "python2-" "ruby-")))))
> + pkg-name)))
I agree with Maxime’s suggestions.
In addition, I’d suggest moving this code out in two procedures,
‘package-cpe-name’ and ‘package-cpe-version’, that would honor the
relevant property and fall back to stripping prefixes.
Then ‘package-vulnerabilities’ would simply call these two procedures.
How does that sound?
Longer-term, we should add a thing that proposes correct CPE names:
https://issues.guix.gnu.org/42299
Thanks,
Ludo’.
prev parent reply other threads:[~2022-02-04 21:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 14:15 [bug#53721] [PATCH] lint: Perform fuzzy search on package names for CVE checker Efraim Flashner
2022-02-02 14:54 ` Maxime Devos
2022-02-02 15:13 ` Efraim Flashner
2022-02-04 21:56 ` Ludovic Courtès [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bkzmmh35.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=53721@debbugs.gnu.org \
--cc=efraim@flashner.co.il \
--cc=maximedevos@telenet.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.