2f5f632 Add a -f option to 'pkg audit': use a local file as the vuln.xml database. — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

Add a -f option to 'pkg audit': use a local file as the vuln.xml database.

Matthew Seaman committed 12 years ago

commit 2f5f63228c949801978c2d42145154ed04f85fbc
parent 2c84533

2 files changed +37 -20

modified docs/pkg-audit.8

@@ -15,7 +15,7 @@

 .\"     @(#)pkg.8
 .\" $FreeBSD$
 .\"
 .Dd December  24, 2013
 .Dd April 6, 2014
 .Dt PKG-AUDIT 8
 .Os
 .Sh NAME

@@ -24,6 +24,7 @@

 .Sh SYNOPSIS
 .Nm
 .Op Fl Fq
 .Op Fl f Ar file
 .Ar pkg-name
 .Sh DESCRIPTION
 .Nm

@@ -54,6 +55,15 @@ will audit only that package.

 The following options are supported by
 .Nm :
 .Bl -tag -width F1
 .It Fl f Ar file
 Use
 .Pa file
 as the local copy of the vulnerability database.
 If used in combination with
 .Fl F
 download the vulnerability database to the named
 .Pa file
 before auditing installed ports against it.
 .It Fl F
 Fetch the database before checking.
 .It Fl q

modified src/audit.c

@@ -1,5 +1,6 @@

 /*-
  * Copyright (c) 2011-2012 Julien Laffaye <jlaffaye@FreeBSD.org>
  * Copyright (c) 2014 Matthew Seaman <matthew@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

@@ -711,24 +712,26 @@ free_audit_list(struct audit_entry *h)

 int
 exec_audit(int argc, char **argv)
 {
 	struct audit_entry *h = NULL;
 	struct audit_entry_sorted *cooked_audit_entries = NULL;
 	struct pkgdb *db = NULL;
 	struct pkgdb_it *it = NULL;
 	struct pkg *pkg = NULL;
 	const char *db_dir;
 	char *name;
 	char *version;
 	char audit_file[MAXPATHLEN];
 	unsigned int vuln = 0;
 	bool fetch = false;
 	int ch;
 	int ret = EX_OK, res;
 	const char *portaudit_site = NULL;
 	struct audit_entry		*h = NULL;
 	struct audit_entry_sorted	*cooked_audit_entries = NULL;
 	struct pkgdb			*db = NULL;
 	struct pkgdb_it			*it = NULL;
 	struct pkg			*pkg = NULL;
 	const char			*db_dir;
 	char				*name;
 	char				*version;
 	char				 audit_file_buf[MAXPATHLEN];
 	char				*audit_file = audit_file_buf;
 	unsigned int			 vuln = 0;
 	bool				 fetch = false;
 	int				 ch;
 	int				 ret = EX_OK, res;
 	const char			*portaudit_site = NULL;
 	db_dir = pkg_object_string(pkg_config_get("PKG_DBDIR"));
 	snprintf(audit_file_buf, sizeof(audit_file_buf), "%s/vuln.xml", db_dir);
 	while ((ch = getopt(argc, argv, "qF")) != -1) {
 	while ((ch = getopt(argc, argv, "qFf:")) != -1) {
 		switch (ch) {
 		case 'q':
 			quiet = true;

@@ -736,6 +739,9 @@ exec_audit(int argc, char **argv)

 		case 'F':
 			fetch = true;
 			break;
 		case 'f':
 			audit_file = optarg;
 			break;
 		default:
 			usage_audit();
 			return(EX_USAGE);

@@ -744,8 +750,6 @@ exec_audit(int argc, char **argv)

 	argc -= optind;
 	argv += optind;
 	snprintf(audit_file, sizeof(audit_file), "%s/vuln.xml", db_dir);
 	if (fetch == true) {
 		portaudit_site = pkg_object_string(pkg_config_get("VULNXML_SITE"));
 		if (fetch_and_extract(portaudit_site, audit_file) != EPKG_OK) {

@@ -773,9 +777,12 @@ exec_audit(int argc, char **argv)

 		res = parse_db_vulnxml(audit_file, &h);
 		if (res != EPKG_OK) {
 			if (errno == ENOENT)
 				warnx("unable to open vulnxml file, try running 'pkg audit -F' first");
 				warnx("vulnxml file %s does not exist. "
 				      "Try running 'pkg audit -F' first",
 				      audit_file);
 			else
 				warn("unable to open vulnxml file %s", audit_file);
 				warn("unable to open vulnxml file %s",
 				     audit_file);
 			ret = EX_DATAERR;
 			goto cleanup;
 		}