summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-03-11 10:21:58 +0100
committerLudovic Courtès <ludo@gnu.org>2016-03-11 16:33:50 +0100
commitcf557afa2e679f73b93796460dee23d5c5c314c5 (patch)
treec6e2f8674f414b291b3759dc576aa057cd223f6d
parentd381962f35bf8e9facc1a495254235ee707167e3 (diff)
downloadguix-cf557afa2e679f73b93796460dee23d5c5c314c5.tar.gz
cve: Make CPE patch level part of the version string.
* guix/cve.scm (%cpe-package-rx): Adjust to account for :PATCH-LEVEL.
(cpe->package-name): Likewise.
-rw-r--r--guix/cve.scm15
1 files changed, 11 insertions, 4 deletions
diff --git a/guix/cve.scm b/guix/cve.scm
index a7b0bde6dc..663097b483 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -70,8 +70,9 @@
         (close-port port)))))
 
 (define %cpe-package-rx
-  ;; For applications: "cpe:/a:VENDOR:PACKAGE:VERSION".
-  (make-regexp "^cpe:/a:([^:]+):([^:]+):([^:]+)"))
+  ;; For applications: "cpe:/a:VENDOR:PACKAGE:VERSION", or sometimes
+  ;; "cpe/a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL".
+  (make-regexp "^cpe:/a:([^:]+):([^:]+):([^:]+)((:.+)?)"))
 
 (define (cpe->package-name cpe)
   "Converts the Common Platform Enumeration (CPE) string CPE to a package
@@ -80,7 +81,13 @@ CPE string."
   (and=> (regexp-exec %cpe-package-rx (string-trim-both cpe))
          (lambda (matches)
            (cons (match:substring matches 2)
-                 (match:substring matches 3)))))
+                 (string-append (match:substring matches 3)
+                                (match (match:substring matches 4)
+                                  ("" "")
+                                  (patch-level
+                                   ;; Drop the colon from things like
+                                   ;; "cpe:/a:openbsd:openssh:6.8:p1".
+                                   (string-drop patch-level 1))))))))
 
 (define %parse-vulnerability-feed
   ;; Parse the XML vulnerability feed from