lint: cve: Gracefully handle HTTP errors.
* guix/scripts/lint.scm (current-vulnerabilities*): New procedure. (package-vulnerabilities): Use it.
This commit is contained in:
parent
fe4e698d77
commit
4ce783a2f9
|
@ -24,6 +24,7 @@
|
||||||
#:use-module (guix base32)
|
#:use-module (guix base32)
|
||||||
#:use-module (guix download)
|
#:use-module (guix download)
|
||||||
#:use-module (guix ftp-client)
|
#:use-module (guix ftp-client)
|
||||||
|
#:use-module (guix http-client)
|
||||||
#:use-module (guix packages)
|
#:use-module (guix packages)
|
||||||
#:use-module (guix licenses)
|
#:use-module (guix licenses)
|
||||||
#:use-module (guix records)
|
#:use-module (guix records)
|
||||||
|
@ -593,18 +594,30 @@ Common Platform Enumeration (CPE) name."
|
||||||
;; TODO: Add more.
|
;; TODO: Add more.
|
||||||
(_ name)))
|
(_ name)))
|
||||||
|
|
||||||
(define package-vulnerabilities
|
(define (current-vulnerabilities*)
|
||||||
(let ((lookup (delay (vulnerabilities->lookup-proc
|
"Like 'current-vulnerabilities', but return the empty list upon networking
|
||||||
;; Catch networking errors to allow network-less
|
or HTTP errors. This allows network-less operation and makes problems with
|
||||||
;; operation.
|
the NIST server non-fatal.."
|
||||||
|
(guard (c ((http-get-error? c)
|
||||||
|
(warning (_ "failed to retrieve CVE vulnerabilities \
|
||||||
|
from ~s: ~a (~s)~%")
|
||||||
|
(uri->string (http-get-error-uri c))
|
||||||
|
(http-get-error-code c)
|
||||||
|
(http-get-error-reason c))
|
||||||
|
(warning (_ "assuming no CVE vulnerabilities~%"))
|
||||||
|
'()))
|
||||||
(catch 'getaddrinfo-error
|
(catch 'getaddrinfo-error
|
||||||
(lambda ()
|
(lambda ()
|
||||||
(current-vulnerabilities))
|
(current-vulnerabilities))
|
||||||
(lambda (key errcode)
|
(lambda (key errcode)
|
||||||
(warn (_ "failed to lookup NIST host: ~a~%")
|
(warning (_ "failed to lookup NIST host: ~a~%")
|
||||||
(gai-strerror errcode))
|
(gai-strerror errcode))
|
||||||
(warn (_ "assuming no CVE vulnerabilities~%"))
|
(warning (_ "assuming no CVE vulnerabilities~%"))
|
||||||
'()))))))
|
'()))))
|
||||||
|
|
||||||
|
(define package-vulnerabilities
|
||||||
|
(let ((lookup (delay (vulnerabilities->lookup-proc
|
||||||
|
(current-vulnerabilities*)))))
|
||||||
(lambda (package)
|
(lambda (package)
|
||||||
"Return a list of vulnerabilities affecting PACKAGE."
|
"Return a list of vulnerabilities affecting PACKAGE."
|
||||||
((force lookup)
|
((force lookup)
|
||||||
|
|
Loading…
Reference in New Issue