aboutsummaryrefslogtreecommitdiff
path: root/guix/cve.scm
Commit message (Collapse)AuthorAge
* cve: Use 'http-fetch/cached' instead of having custom caching.Ludovic Courtès2017-11-16
| | | | | | | | | | | That way CVE fetching benefits from 'If-Modified-Since' handling. * guix/http-client.scm (http-fetch/cached): Add #:write-cache and #:cache-miss parameters and honor them. * guix/cve.scm (%current-year-ttl, %past-year-ttl): Reduce. (call-with-cve-port): Remove. (write-cache): New procedure. (fetch-vulnerabilities): Rewrite in terms of 'http-fetch/cached'.
* cve: Disable position recording while reading the CVE list.Ludovic Courtès2017-09-19
| | | | | * guix/cve.scm (fetch-vulnerabilities)[read*]: New procedure. Use it in lieu of 'read'.
* cve: Use a more compact format for the list of package/versions.Ludovic Courtès2016-05-28
| | | | | | | | | | | | | | | | On a warm cache, "guix lint -c cve vorbis-tools" goes down from 6.5s to 2.4s. * guix/cve.scm (cpe->package-name): Change to return two values instead of a pair. (cpe->product-alist): New procedure. (%parse-vulnerability-feed): Use it instead of 'filter-map'. (fetch-vulnerabilities): Bump sexp format version to 1. (vulnerabilities->lookup-proc): Adjust accordingly. When #:version is omitted, return a list of vulnerabilities instead of a list of version/vulnerability pairs. * tests/cve.scm (%expected-vulnerabilities) ("vulnerabilities->lookup-proc): Adjust accordingly.
* cve: Include the 3 previous years of vulnerabilities.Ludovic Courtès2016-05-26
| | | | | * guix/cve.scm (fetch-vulnerabilities): Add 'format' call. (current-vulnerabilities): Include the 3 previous years.
* cve: Remove now unnecessary HTTP caching.Ludovic Courtès2016-05-23
| | | | | * guix/cve.scm (call-with-cve-port): Use 'http-fetch' instead of 'http-fetch/cached'.
* cve: Keep a summarized sexp in cache instead of the full XML.Ludovic Courtès2016-05-23
| | | | | | | | This avoids ~20s of XML parsing when running 'guix lint -c cve'. * guix/cve.scm (vulnerability->sexp, sexp->vulnerability) (fetch-vulnerabilities): New procedures. (current-vulnerabilities): Use 'fetch-vulnerabilities'.
* cve: Read entire CVE databases for the current year and the past year.Ludovic Courtès2016-03-11
| | | | | | | | | | | | | | The "Modified" database that we were reading is much smaller, but it only shows CVEs modified over the past week. * guix/cve.scm (%now, %current-year, %past-year): New variables. (yearly-feed-uri): New procedure. (%cve-feed-uri, %ttl): Remove. (%current-year-ttl, %past-year-ttl): New variables. (call-with-cve-port): Add 'uri' and 'ttl' parameters and honor them. Add 'setvbuf' call. (current-vulnerabilities)[read-vulnerabilities]: New procedure. Read from both %LAST-YEAR and %CURRENT-YEAR.
* cve: Make CPE patch level part of the version string.Ludovic Courtès2016-03-11
| | | | | * guix/cve.scm (%cpe-package-rx): Adjust to account for :PATCH-LEVEL. (cpe->package-name): Likewise.
* Add (guix cve).Ludovic Courtès2015-11-26
* guix/cve.scm, tests/cve-sample.xml, tests/cve.scm: New files. * Makefile.am (MODULES): Add guix/cve.scm. (SCM_TESTS): Add tests/cve.scm. (EXTRA_DIST): Add tests/cve-sample.scm.