lint: cve: Gracefully handle HTTP errors.

* guix/scripts/lint.scm (current-vulnerabilities*): New procedure.
(package-vulnerabilities): Use it.
This commit is contained in:
Ludovic Courtès 2016-03-04 10:44:08 +01:00
parent fe4e698d77
commit 4ce783a2f9
1 changed files with 23 additions and 10 deletions

View File

@ -24,6 +24,7 @@
#:use-module (guix base32) #:use-module (guix base32)
#:use-module (guix download) #:use-module (guix download)
#:use-module (guix ftp-client) #:use-module (guix ftp-client)
#:use-module (guix http-client)
#:use-module (guix packages) #:use-module (guix packages)
#:use-module (guix licenses) #:use-module (guix licenses)
#:use-module (guix records) #:use-module (guix records)
@ -593,18 +594,30 @@ Common Platform Enumeration (CPE) name."
;; TODO: Add more. ;; TODO: Add more.
(_ name))) (_ name)))
(define (current-vulnerabilities*)
"Like 'current-vulnerabilities', but return the empty list upon networking
or HTTP errors. This allows network-less operation and makes problems with
the NIST server non-fatal.."
(guard (c ((http-get-error? c)
(warning (_ "failed to retrieve CVE vulnerabilities \
from ~s: ~a (~s)~%")
(uri->string (http-get-error-uri c))
(http-get-error-code c)
(http-get-error-reason c))
(warning (_ "assuming no CVE vulnerabilities~%"))
'()))
(catch 'getaddrinfo-error
(lambda ()
(current-vulnerabilities))
(lambda (key errcode)
(warning (_ "failed to lookup NIST host: ~a~%")
(gai-strerror errcode))
(warning (_ "assuming no CVE vulnerabilities~%"))
'()))))
(define package-vulnerabilities (define package-vulnerabilities
(let ((lookup (delay (vulnerabilities->lookup-proc (let ((lookup (delay (vulnerabilities->lookup-proc
;; Catch networking errors to allow network-less (current-vulnerabilities*)))))
;; operation.
(catch 'getaddrinfo-error
(lambda ()
(current-vulnerabilities))
(lambda (key errcode)
(warn (_ "failed to lookup NIST host: ~a~%")
(gai-strerror errcode))
(warn (_ "assuming no CVE vulnerabilities~%"))
'()))))))
(lambda (package) (lambda (package)
"Return a list of vulnerabilities affecting PACKAGE." "Return a list of vulnerabilities affecting PACKAGE."
((force lookup) ((force lookup)