[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#37838] [PATCH 0/2] Rewrite (guix cve) to read NIST's JSON feed
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#37838] [PATCH 0/2] Rewrite (guix cve) to read NIST's JSON feed |
|
Date: |
Sun, 20 Oct 2019 22:34:51 +0200 |
Hello!
Last Thursday I was surprised to see that ‘guix lint -c cve’
would be redirected to:
https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3
… leading to a failure.
And indeed, the XML CVE feed has now been replaced by a JSON feed
(let’s hope they don’t switch to YAML next year :-)). The JSON feed
seems to be nicer in some ways; for instance, it can specify ranges
of versions to which a given CVE applies.
The patch that follows rewrites (guix cve) so it gets info from the
JSON feed. It does so by providing a one-to-one mapping between data
structures in JSON and Scheme records, and then converting those to
the higher-level <vulnerability> records that were already there before.
If you look at the JSON-mapped record types, there are lots of
low-hanging fruits; for instance, we could grab severity info from
the JSON feeds and use them somehow. I’m not sure if ‘guix lint’
is the best place to display detailed CVE info, but we could/should
use that info somehow.
Feedback welcome!
Ludo’.
Ludovic Courtès (2):
cve: Rewrite to read the JSON feed instead of the XML feed.
lint: Re-enable CVE checker.
Makefile.am | 2 +-
doc/guix.texi | 4 +-
guix/cve.scm | 376 ++++++++----
guix/lint.scm | 16 +-
tests/cve-sample.json | 1279 +++++++++++++++++++++++++++++++++++++++++
tests/cve-sample.xml | 616 --------------------
tests/cve.scm | 83 ++-
7 files changed, 1610 insertions(+), 766 deletions(-)
create mode 100644 tests/cve-sample.json
delete mode 100644 tests/cve-sample.xml
--
2.23.0
- [bug#37838] [PATCH 0/2] Rewrite (guix cve) to read NIST's JSON feed,
Ludovic Courtès <=