Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 83e9c5e
Track the number of affected pkgs as well and display to the user.
Brad Davis committed 7 years ago
commit 83e9c5efec2903b3c6f4c8aae47455f2560ca929
parent 8082f17
4 files changed +13 -6
modified libpkg/pkg.h.in
@@ -1694,7 +1694,7 @@ int pkg_audit_process(struct pkg_audit *audit);
 * @return true and `*result` is set if a package is vulnerable

 */

bool pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
- 
		bool quiet, UT_string **result);
+ 
		bool quiet, UT_string **result, int *affected);

#endif



void pkg_audit_free (struct pkg_audit *audit);
modified libpkg/pkg_audit.c
@@ -766,7 +766,7 @@ pkg_audit_print_entry(struct pkg_audit_entry *e, UT_string *sb,


bool

pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
- 
		bool quiet, UT_string **result)
+ 
		bool quiet, UT_string **result, int *affected)

{

	struct pkg_audit_entry *e;

	struct pkg_audit_versions_range *vers;
@@ -807,6 +807,9 @@ pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
				 */

				res = true;

				pkg_audit_print_entry(e, sb, pkg->name, NULL, quiet);
+ 
				if (affected != NULL) {
+ 
					++*affected;
+ 
				}

			}

			else {

				LL_FOREACH(e->versions, vers) {
@@ -816,6 +819,9 @@ pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
					if (res1 && res2) {

						res = true;

						pkg_audit_print_entry(e, sb, pkg->name, pkg->version, quiet);
+ 
						if (affected != NULL) {
+ 
							++*affected;
+ 
						}

						break;

					}

				}
modified src/audit.c
@@ -120,7 +120,7 @@ exec_audit(int argc, char **argv)
	char			*name;

	char			*version;

	char			*audit_file = NULL;
- 
	unsigned int		 vuln = 0;
+ 
	unsigned int		 affected = 0, vuln = 0;

	bool			 fetch = false, recursive = false;

	int			 ch, i;

	int			 ret = EX_OK;
@@ -276,7 +276,7 @@ exec_audit(int argc, char **argv)


	if (pkg_audit_process(audit) == EPKG_OK) {

		kh_foreach_value(check, pkg, {
- 
			if (pkg_audit_is_vulnerable(audit, pkg, quiet, &sb)) {
+ 
			if (pkg_audit_is_vulnerable(audit, pkg, quiet, &sb, &affected)) {

				vuln ++;

				printf("%s", utstring_body(sb));
@@ -302,7 +302,8 @@ exec_audit(int argc, char **argv)
			ret = EX_OK;



		if (!quiet)
- 
			printf("%u problem(s) in the installed packages found.\n", vuln);
+ 
			printf("%u problem(s) in %u installed package(s) found.\n",
+ 
			   affected, vuln);

	}

	else {

		warnx("cannot process vulnxml");
modified src/upgrade.c
@@ -149,7 +149,7 @@ check_vulnerable(struct pkg_audit *audit, struct pkgdb *db, int sock)


	if (pkg_audit_process(audit) == EPKG_OK) {

		kh_foreach_value(check, pkg, {
- 
				if (pkg_audit_is_vulnerable(audit, pkg, true, &sb)) {
+ 
				if (pkg_audit_is_vulnerable(audit, pkg, true, &sb, NULL)) {

					pkg_get(pkg, PKG_UNIQUEID, &uid);

					fprintf(out, "%s\n", uid);

					fflush(out);