On Wed, Feb 02, 2022 at 03:54:38PM +0100, Maxime Devos wrote:
> Efraim Flashner schreef op wo 02-02-2022 om 16:15 [+0200]:
> > +                   (false-if-exception
> > +                     (first
> > +                       (filter string?
> > +                               (map (lambda (prefix)
> > +                                      (when (string-prefix? prefix pkg-name)
> > +                                        (string-drop pkg-name (string-length prefix))))
> > +                                    '("java-" "perl-" "python-" "python2-" "ruby-")))))
> > +                   pkg-name)))
> 
> When can an exception happen here?

I tossed in 'glibc' since I know that always has CVEs listed against it,
you can't take first from an empty list.

> Also, the following seems simpler and equivalent:
> 
> (any (lambda (prefix)
>        (and (string-prefix? prefix)
>             (string-drop pkg-name (string-length prefix))))
>      '("java-" "perl-" "python-" "python2-" "ruby-"))

That is much nicer.

> It would be nice to test the code for guessing the CPE name of a
> package in a few unit tests.

Definitely. Also I should check if we should try dropping any of the
other prefixes. rust might work, go probably needs some actual
transformation to happen.

> Greetings,
> Maxime



-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted