From: Efraim Flashner <efraim@flashner.co.il>
To: Maxime Devos <maximedevos@telenet.be>
Cc: 53721@debbugs.gnu.org
Subject: [bug#53721] [PATCH] lint: Perform fuzzy search on package names for CVE checker.
Date: Wed, 2 Feb 2022 17:13:25 +0200 [thread overview]
Message-ID: <YfqfleUrtggE58IW@3900XT> (raw)
In-Reply-To: <47b10d97f63c470b29087ec389d02c71dce038fc.camel@telenet.be>
[-- Attachment #1: Type: text/plain, Size: 1769 bytes --]
On Wed, Feb 02, 2022 at 03:54:38PM +0100, Maxime Devos wrote:
> Efraim Flashner schreef op wo 02-02-2022 om 16:15 [+0200]:
> > + (false-if-exception
> > + (first
> > + (filter string?
> > + (map (lambda (prefix)
> > + (when (string-prefix? prefix pkg-name)
> > + (string-drop pkg-name (string-length prefix))))
> > + '("java-" "perl-" "python-" "python2-" "ruby-")))))
> > + pkg-name)))
>
> When can an exception happen here?
I tossed in 'glibc' since I know that always has CVEs listed against it,
you can't take first from an empty list.
> Also, the following seems simpler and equivalent:
>
> (any (lambda (prefix)
> (and (string-prefix? prefix)
> (string-drop pkg-name (string-length prefix))))
> '("java-" "perl-" "python-" "python2-" "ruby-"))
That is much nicer.
> It would be nice to test the code for guessing the CPE name of a
> package in a few unit tests.
Definitely. Also I should check if we should try dropping any of the
other prefixes. rust might work, go probably needs some actual
transformation to happen.
> Greetings,
> Maxime
--
Efraim Flashner <efraim@flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-02-02 17:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 14:15 [bug#53721] [PATCH] lint: Perform fuzzy search on package names for CVE checker Efraim Flashner
2022-02-02 14:54 ` Maxime Devos
2022-02-02 15:13 ` Efraim Flashner [this message]
2022-02-04 21:56 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YfqfleUrtggE58IW@3900XT \
--to=efraim@flashner.co.il \
--cc=53721@debbugs.gnu.org \
--cc=maximedevos@telenet.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.