TakeV
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Use XML::LibXML.

This commit is contained in:
Eelco Dolstra 2005-03-07 14:54:52 +00:00
parent 543d7a41dc
commit bfbc55cbc6
2 changed files with 87 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
blacklisting/blacklist.xml
View File

@ -1,6 +1,7 @@
<blacklist> <blacklist>
<!--
<item id='openssl-0.9.7d-obsolete'> <item id='openssl-0.9.7d-obsolete'>
<condition> <condition>
<containsSource <containsSource
@ -12,29 +13,20 @@
</reason> </reason>
<severity class="all" level="low" /> <severity class="all" level="low" />
</item> </item>
-->
<item id='zlib-1.2.1-security'> <item id='zlib-1.2.1-security' type='security'>
<condition> <condition>
<containsSource <containsSource
hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv" hash="sha256:1xf1749gdfw9f50mxa5rsnmwiwrb5mi0kg4siw8a73jykdp2i6ii"
origin="zlib-1.2.1.tar.gz" /> origin="openssl-0.9.7d.tar.gz" />
<!-- <!-- <within>
<or> <traverse>
<and> <not><hasName name='*.tar.*' /></not>
<containsSource </traverse>
hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv" <hasAttr name='md5' value='ef1cb003448b4a53517b8f25adb12452' />
origin="zlib-1.2.1.tar.gz" /> </within> -->
<not>
<containsSource
hash="..."
origin="zlib-1.2.1-dos.patch" />
</not>
</and>
<containsOutput
name="/nix/store/gxbdsvlwz6ixin94jhdw7rwdbb5mxxq3-zlib-1.2.1" />
</or>
-->
</condition> </condition>
<reason> <reason>
Zlib 1.2.1 is vulnerable to a denial-of-service condition. See Zlib 1.2.1 is vulnerable to a denial-of-service condition. See
@ -45,6 +37,7 @@
</item> </item>
<!--
<item id='libpng-1.2.7-crash'> <item id='libpng-1.2.7-crash'>
<condition> <condition>
<containsName name="libpng" comparison="lte" version="1.2.7" /> <containsName name="libpng" comparison="lte" version="1.2.7" />
@ -55,6 +48,25 @@
</reason> </reason>
<severity class="client" level="low" /> <severity class="client" level="low" />
</item> </item>
-->
<!--
<item id='subversion-without-zlib' type='improvement'>
<condition>
<withinOutputClosure>
<not>
<containsName name='zlib' />
</not>
</withinOutputClosure>
</condition>
<reason>
Subversion can be compiled with Zlib compression support, which is a good thing.
</reason>
</item>
-->
</blacklist> </blacklist>

76
blacklisting/check-env.pl
View File

@ -1,7 +1,8 @@
#! /usr/bin/perl -w #! /usr/bin/perl -w -I /home/eelco/.nix-profile/lib/site_perl
use strict; use strict;
use XML::Simple; use XML::LibXML;
#use XML::Simple;
my $blacklistFN = shift @ARGV; my $blacklistFN = shift @ARGV;
die unless defined $blacklistFN; die unless defined $blacklistFN;
@ -10,10 +11,10 @@ die unless defined $userEnv;
# Read the blacklist. # Read the blacklist.
my $blacklist = XMLin($blacklistFN, my $parser = XML::LibXML->new();
forcearray => [qw()], my $blacklist = $parser->parse_file($blacklistFN)->getDocumentElement;
keyattr => ['id'],
suppressempty => ''); #print $blacklist->toString() , "\n";
# Get all the elements of the user environment. # Get all the elements of the user environment.
@ -30,10 +31,10 @@ sub evalCondition {
my $storePaths = shift; my $storePaths = shift;
my $condition = shift; my $condition = shift;
if (defined $condition->{'containsSource'}) { my $name = $condition->getName;
my $c = $condition->{'containsSource'};
my $hash = $c->{'hash'}; if ($name eq "containsSource") {
my $hash = $condition->attributes->getNamedItem("hash")->getValue;
foreach my $path (keys %{$storePathHashes{$hash}}) { foreach my $path (keys %{$storePathHashes{$hash}}) {
# !!! use a hash for $storePaths # !!! use a hash for $storePaths
foreach my $path2 (@{$storePaths}) { foreach my $path2 (@{$storePaths}) {
@ -42,8 +43,43 @@ sub evalCondition {
} }
return 0; return 0;
} }
elsif ($name eq "and") {
my $result = 1;
foreach my $node ($condition->getChildNodes) {
if ($node->nodeType == XML_ELEMENT_NODE) {
$result &= evalCondition($storePaths, $node);
}
}
return $result;
}
elsif ($name eq "true") {
return 1;
}
elsif ($name eq "false") {
return 0;
}
else {
die "unknown element `$name'";
}
}
sub evalOr {
my $storePaths = shift;
my $nodes = shift;
my $result = 0;
foreach my $node (@{$nodes}) {
if ($node->nodeType == XML_ELEMENT_NODE) {
$result |= evalCondition($storePaths, $node);
}
}
return 0; return $result;
} }
@ -83,20 +119,18 @@ foreach my $userEnvElem (@userEnvElems) {
# Evaluate each blacklist item. # Evaluate each blacklist item.
foreach my $itemId (sort (keys %{$blacklist->{'item'}})) { foreach my $item ($blacklist->getChildrenByTagName("item")) {
# print " CHECKING FOR $itemId\n"; my $itemId = $item->getAttributeNode("id")->getValue;
print " CHECKING FOR $itemId\n";
my $item = $blacklist->{'item'}->{$itemId}; my $condition = ($item->getChildrenByTagName("condition"))[0];
die unless defined $item; die unless $condition;
my $condition = $item->{'condition'};
die unless defined $condition;
# Evaluate the condition. # Evaluate the condition.
if (evalCondition(\@requisites, $condition)) { my @foo = $condition->getChildNodes();
if (evalOr(\@requisites, \@foo)) {
# Oops, condition triggered. # Oops, condition triggered.
my $reason = $item->{'reason'}; my $reason = ($item->getChildrenByTagName("reason"))[0]->getChildNodes->to_literal;
$reason =~ s/\s+/ /g; $reason =~ s/\s+/ /g;
$reason =~ s/^\s+//g; $reason =~ s/^\s+//g;