* Use XML::LibXML.
This commit is contained in:
parent
543d7a41dc
commit
bfbc55cbc6
2 changed files with 87 additions and 41 deletions
|
@ -1,6 +1,7 @@
|
||||||
<blacklist>
|
<blacklist>
|
||||||
|
|
||||||
|
|
||||||
|
<!--
|
||||||
<item id='openssl-0.9.7d-obsolete'>
|
<item id='openssl-0.9.7d-obsolete'>
|
||||||
<condition>
|
<condition>
|
||||||
<containsSource
|
<containsSource
|
||||||
|
@ -12,29 +13,20 @@
|
||||||
</reason>
|
</reason>
|
||||||
<severity class="all" level="low" />
|
<severity class="all" level="low" />
|
||||||
</item>
|
</item>
|
||||||
|
-->
|
||||||
|
|
||||||
|
|
||||||
<item id='zlib-1.2.1-security'>
|
<item id='zlib-1.2.1-security' type='security'>
|
||||||
<condition>
|
<condition>
|
||||||
<containsSource
|
<containsSource
|
||||||
hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv"
|
hash="sha256:1xf1749gdfw9f50mxa5rsnmwiwrb5mi0kg4siw8a73jykdp2i6ii"
|
||||||
origin="zlib-1.2.1.tar.gz" />
|
origin="openssl-0.9.7d.tar.gz" />
|
||||||
<!--
|
<!-- <within>
|
||||||
<or>
|
<traverse>
|
||||||
<and>
|
<not><hasName name='*.tar.*' /></not>
|
||||||
<containsSource
|
</traverse>
|
||||||
hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv"
|
<hasAttr name='md5' value='ef1cb003448b4a53517b8f25adb12452' />
|
||||||
origin="zlib-1.2.1.tar.gz" />
|
</within> -->
|
||||||
<not>
|
|
||||||
<containsSource
|
|
||||||
hash="..."
|
|
||||||
origin="zlib-1.2.1-dos.patch" />
|
|
||||||
</not>
|
|
||||||
</and>
|
|
||||||
<containsOutput
|
|
||||||
name="/nix/store/gxbdsvlwz6ixin94jhdw7rwdbb5mxxq3-zlib-1.2.1" />
|
|
||||||
</or>
|
|
||||||
-->
|
|
||||||
</condition>
|
</condition>
|
||||||
<reason>
|
<reason>
|
||||||
Zlib 1.2.1 is vulnerable to a denial-of-service condition. See
|
Zlib 1.2.1 is vulnerable to a denial-of-service condition. See
|
||||||
|
@ -45,6 +37,7 @@
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
|
||||||
|
<!--
|
||||||
<item id='libpng-1.2.7-crash'>
|
<item id='libpng-1.2.7-crash'>
|
||||||
<condition>
|
<condition>
|
||||||
<containsName name="libpng" comparison="lte" version="1.2.7" />
|
<containsName name="libpng" comparison="lte" version="1.2.7" />
|
||||||
|
@ -55,6 +48,25 @@
|
||||||
</reason>
|
</reason>
|
||||||
<severity class="client" level="low" />
|
<severity class="client" level="low" />
|
||||||
</item>
|
</item>
|
||||||
|
-->
|
||||||
|
|
||||||
|
|
||||||
|
<!--
|
||||||
|
<item id='subversion-without-zlib' type='improvement'>
|
||||||
|
|
||||||
|
<condition>
|
||||||
|
<withinOutputClosure>
|
||||||
|
<not>
|
||||||
|
<containsName name='zlib' />
|
||||||
|
</not>
|
||||||
|
</withinOutputClosure>
|
||||||
|
</condition>
|
||||||
|
|
||||||
|
<reason>
|
||||||
|
Subversion can be compiled with Zlib compression support, which is a good thing.
|
||||||
|
</reason>
|
||||||
|
|
||||||
|
</item>
|
||||||
|
-->
|
||||||
|
|
||||||
</blacklist>
|
</blacklist>
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
#! /usr/bin/perl -w
|
#! /usr/bin/perl -w -I /home/eelco/.nix-profile/lib/site_perl
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
use XML::Simple;
|
use XML::LibXML;
|
||||||
|
#use XML::Simple;
|
||||||
|
|
||||||
my $blacklistFN = shift @ARGV;
|
my $blacklistFN = shift @ARGV;
|
||||||
die unless defined $blacklistFN;
|
die unless defined $blacklistFN;
|
||||||
|
@ -10,10 +11,10 @@ die unless defined $userEnv;
|
||||||
|
|
||||||
|
|
||||||
# Read the blacklist.
|
# Read the blacklist.
|
||||||
my $blacklist = XMLin($blacklistFN,
|
my $parser = XML::LibXML->new();
|
||||||
forcearray => [qw()],
|
my $blacklist = $parser->parse_file($blacklistFN)->getDocumentElement;
|
||||||
keyattr => ['id'],
|
|
||||||
suppressempty => '');
|
#print $blacklist->toString() , "\n";
|
||||||
|
|
||||||
|
|
||||||
# Get all the elements of the user environment.
|
# Get all the elements of the user environment.
|
||||||
|
@ -30,10 +31,10 @@ sub evalCondition {
|
||||||
my $storePaths = shift;
|
my $storePaths = shift;
|
||||||
my $condition = shift;
|
my $condition = shift;
|
||||||
|
|
||||||
if (defined $condition->{'containsSource'}) {
|
my $name = $condition->getName;
|
||||||
my $c = $condition->{'containsSource'};
|
|
||||||
my $hash = $c->{'hash'};
|
|
||||||
|
|
||||||
|
if ($name eq "containsSource") {
|
||||||
|
my $hash = $condition->attributes->getNamedItem("hash")->getValue;
|
||||||
foreach my $path (keys %{$storePathHashes{$hash}}) {
|
foreach my $path (keys %{$storePathHashes{$hash}}) {
|
||||||
# !!! use a hash for $storePaths
|
# !!! use a hash for $storePaths
|
||||||
foreach my $path2 (@{$storePaths}) {
|
foreach my $path2 (@{$storePaths}) {
|
||||||
|
@ -43,7 +44,42 @@ sub evalCondition {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
elsif ($name eq "and") {
|
||||||
|
my $result = 1;
|
||||||
|
foreach my $node ($condition->getChildNodes) {
|
||||||
|
if ($node->nodeType == XML_ELEMENT_NODE) {
|
||||||
|
$result &= evalCondition($storePaths, $node);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
|
elsif ($name eq "true") {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
elsif ($name eq "false") {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
else {
|
||||||
|
die "unknown element `$name'";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
sub evalOr {
|
||||||
|
my $storePaths = shift;
|
||||||
|
my $nodes = shift;
|
||||||
|
|
||||||
|
my $result = 0;
|
||||||
|
foreach my $node (@{$nodes}) {
|
||||||
|
if ($node->nodeType == XML_ELEMENT_NODE) {
|
||||||
|
$result |= evalCondition($storePaths, $node);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -83,20 +119,18 @@ foreach my $userEnvElem (@userEnvElems) {
|
||||||
|
|
||||||
|
|
||||||
# Evaluate each blacklist item.
|
# Evaluate each blacklist item.
|
||||||
foreach my $itemId (sort (keys %{$blacklist->{'item'}})) {
|
foreach my $item ($blacklist->getChildrenByTagName("item")) {
|
||||||
# print " CHECKING FOR $itemId\n";
|
my $itemId = $item->getAttributeNode("id")->getValue;
|
||||||
|
print " CHECKING FOR $itemId\n";
|
||||||
|
|
||||||
my $item = $blacklist->{'item'}->{$itemId};
|
my $condition = ($item->getChildrenByTagName("condition"))[0];
|
||||||
die unless defined $item;
|
die unless $condition;
|
||||||
|
|
||||||
my $condition = $item->{'condition'};
|
|
||||||
die unless defined $condition;
|
|
||||||
|
|
||||||
# Evaluate the condition.
|
# Evaluate the condition.
|
||||||
if (evalCondition(\@requisites, $condition)) {
|
my @foo = $condition->getChildNodes();
|
||||||
|
if (evalOr(\@requisites, \@foo)) {
|
||||||
# Oops, condition triggered.
|
# Oops, condition triggered.
|
||||||
my $reason = $item->{'reason'};
|
my $reason = ($item->getChildrenByTagName("reason"))[0]->getChildNodes->to_literal;
|
||||||
$reason =~ s/\s+/ /g;
|
$reason =~ s/\s+/ /g;
|
||||||
$reason =~ s/^\s+//g;
|
$reason =~ s/^\s+//g;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue