summaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-05-26 23:00:08 +0200
committerLudovic Courtès <ludo@gnu.org>2016-05-26 23:00:08 +0200
commit3af7a7a879b91c59fcd5a025ac55db2c69da4fb7 (patch)
tree99ef2a93849069a1482913090904aa72a27f0b95 /guix
parent159a5e019767a7f85bef355cfcfc24fd5c7162d6 (diff)
cve: Include the 3 previous years of vulnerabilities.
* guix/cve.scm (fetch-vulnerabilities): Add 'format' call. (current-vulnerabilities): Include the 3 previous years.
Diffstat (limited to 'guix')
-rw-r--r--guix/cve.scm18
1 files changed, 15 insertions, 3 deletions
diff --git a/guix/cve.scm b/guix/cve.scm
index 3956864938..2167028ede 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -25,6 +25,7 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-19)
+ #:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:use-module (ice-9 regex)
#:use-module (ice-9 vlist)
@@ -179,6 +180,7 @@ the given TTL (fetch from the NIST web site when TTL has expired)."
(lambda (port)
;; XXX: The SSAX "error port" is used to send pointless warnings such as
;; "warning: Skipping PI". Turn that off.
+ (format (current-error-port) "fetching CVE database for ~a...~%" year)
(parameterize ((current-ssax-error-port (%make-void-port "w")))
(xml->vulnerabilities port)))))
@@ -214,9 +216,19 @@ the given TTL (fetch from the NIST web site when TTL has expired)."
(define (current-vulnerabilities)
"Return the current list of Common Vulnerabilities and Exposures (CVE) as
published by the US NIST."
- (append-map fetch-vulnerabilities
- (list %past-year %current-year)
- (list %past-year-ttl %current-year-ttl)))
+ (let ((past-years (unfold (cut > <> 3)
+ (lambda (n)
+ (- %current-year n))
+ 1+
+ 1))
+ (past-ttls (unfold (cut > <> 3)
+ (lambda (n)
+ (* n %past-year-ttl))
+ 1+
+ 1)))
+ (append-map fetch-vulnerabilities
+ (cons %current-year past-years)
+ (cons %current-year-ttl past-ttls))))
(define (vulnerabilities->lookup-proc vulnerabilities)
"Return a lookup procedure built from VULNERABILITIES that takes a package