cve: Include the 3 previous years of vulnerabilities.

* guix/cve.scm (fetch-vulnerabilities): Add 'format' call. (current-vulnerabilities): Include the 3 previous years.
2016-05-26 23:00:08 +02:00 · 2016-05-26 23:00:08 +02:00 · 3af7a7a879
commit 3af7a7a879
parent 159a5e0197
1 changed files with 15 additions and 3 deletions
--- a/guix/cve.scm
+++ b/guix/cve.scm
@ -25,6 +25,7 @@ (define-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-9)
  #:use-module (srfi srfi-19)
+  #:use-module (srfi srfi-26)
  #:use-module (ice-9 match)
  #:use-module (ice-9 regex)
  #:use-module (ice-9 vlist)
@ -179,6 +180,7 @@ (define (do-fetch)
      (lambda (port)
        ;; XXX: The SSAX "error port" is used to send pointless warnings such as
        ;; "warning: Skipping PI".  Turn that off.
+        (format (current-error-port) "fetching CVE database for ~a...~%" year)
        (parameterize ((current-ssax-error-port (%make-void-port "w")))
          (xml->vulnerabilities port)))))

@ -214,9 +216,19 @@ (define (old? file)
 (define (current-vulnerabilities)
  "Return the current list of Common Vulnerabilities and Exposures (CVE) as
 published by the US NIST."
-  (append-map fetch-vulnerabilities
-              (list %past-year %current-year)
-              (list %past-year-ttl %current-year-ttl)))
+  (let ((past-years (unfold (cut > <> 3)
+                            (lambda (n)
+                              (- %current-year n))
+                            1+
+                            1))
+        (past-ttls  (unfold (cut > <> 3)
+                            (lambda (n)
+                              (* n %past-year-ttl))
+                            1+
+                            1)))
+    (append-map fetch-vulnerabilities
+                (cons %current-year past-years)
+                (cons %current-year-ttl past-ttls))))

 (define (vulnerabilities->lookup-proc vulnerabilities)
  "Return a lookup procedure built from VULNERABILITIES that takes a package