Commit Graph

9 Commits

Author SHA1 Message Date
Ludovic Courtès 7482b98120
cve: Use 'http-fetch/cached' instead of having custom caching.
That way CVE fetching benefits from 'If-Modified-Since' handling.

* guix/http-client.scm (http-fetch/cached): Add #:write-cache and
 #:cache-miss parameters and honor them.
* guix/cve.scm (%current-year-ttl, %past-year-ttl): Reduce.
(call-with-cve-port): Remove.
(write-cache): New procedure.
(fetch-vulnerabilities): Rewrite in terms of 'http-fetch/cached'.
2017-11-16 08:45:15 +01:00
Ludovic Courtès f1b65d0dd9
cve: Disable position recording while reading the CVE list.
* guix/cve.scm (fetch-vulnerabilities)[read*]: New procedure.
Use it in lieu of 'read'.
2017-09-19 23:58:25 +02:00
Ludovic Courtès 870bf71eb0
cve: Use a more compact format for the list of package/versions.
On a warm cache, "guix lint -c cve vorbis-tools" goes down
from 6.5s to 2.4s.

* guix/cve.scm (cpe->package-name): Change to return two values instead
of a pair.
(cpe->product-alist): New procedure.
(%parse-vulnerability-feed): Use it instead of 'filter-map'.
(fetch-vulnerabilities): Bump sexp format version to 1.
(vulnerabilities->lookup-proc): Adjust accordingly.  When #:version is
omitted, return a list of vulnerabilities instead of a list of
version/vulnerability pairs.
* tests/cve.scm (%expected-vulnerabilities)
("vulnerabilities->lookup-proc): Adjust accordingly.
2016-05-28 01:07:12 +02:00
Ludovic Courtès 3af7a7a879
cve: Include the 3 previous years of vulnerabilities.
* guix/cve.scm (fetch-vulnerabilities): Add 'format' call.
(current-vulnerabilities): Include the 3 previous years.
2016-05-26 23:00:08 +02:00
Ludovic Courtès 86cf13033e
cve: Remove now unnecessary HTTP caching.
* guix/cve.scm (call-with-cve-port): Use 'http-fetch' instead of
'http-fetch/cached'.
2016-05-23 18:05:46 +02:00
Ludovic Courtès 5cdd21c7fe
cve: Keep a summarized sexp in cache instead of the full XML.
This avoids ~20s of XML parsing when running 'guix lint -c cve'.

* guix/cve.scm (vulnerability->sexp, sexp->vulnerability)
(fetch-vulnerabilities): New procedures.
(current-vulnerabilities): Use 'fetch-vulnerabilities'.
2016-05-23 18:05:46 +02:00
Ludovic Courtès 6a25e59514 cve: Read entire CVE databases for the current year and the past year.
The "Modified" database that we were reading is much smaller, but it
only shows CVEs modified over the past week.

* guix/cve.scm (%now, %current-year, %past-year): New variables.
(yearly-feed-uri): New procedure.
(%cve-feed-uri, %ttl): Remove.
(%current-year-ttl, %past-year-ttl): New variables.
(call-with-cve-port): Add 'uri' and 'ttl' parameters and honor them.
Add 'setvbuf' call.
(current-vulnerabilities)[read-vulnerabilities]: New procedure.
Read from both %LAST-YEAR and %CURRENT-YEAR.
2016-03-11 16:33:50 +01:00
Ludovic Courtès cf557afa2e cve: Make CPE patch level part of the version string.
* guix/cve.scm (%cpe-package-rx): Adjust to account for :PATCH-LEVEL.
(cpe->package-name): Likewise.
2016-03-11 16:33:50 +01:00
Ludovic Courtès 0eef755130 Add (guix cve).
* guix/cve.scm, tests/cve-sample.xml, tests/cve.scm: New files.
* Makefile.am (MODULES): Add guix/cve.scm.
(SCM_TESTS): Add tests/cve.scm.
(EXTRA_DIST): Add tests/cve-sample.scm.
2015-11-26 22:35:01 +01:00