Page MenuHomeFreeBSD

Do not parse the output of pkg audit
ClosedPublic

Authored by bapt on May 23 2019, 1:37 PM.

Details

Reviewers
None
Group Reviewers
portmgr
Commits
rP502793: Improve vulnerability checking
Summary

Do not parse the output of pkg audit to declare a package as vulnerable.

The return value is trustable for that so use it. In the futur the output may
change and would have make this script broken

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

bapt created this revision.May 23 2019, 1:37 PM
Herald added a subscriber: mat. · View Herald Transcript
mat added inline comments.May 27 2019, 11:57 AM
Mk/Scripts/check-vulnerable.sh
27 ↗(On Diff #57762)

Is it a recent addition in our sh that we can assign a variable in a test ?

mat added inline comments.May 27 2019, 12:01 PM
Mk/Scripts/check-vulnerable.sh
27 ↗(On Diff #57762)

Ah, no, for some reason, I thought this was not possible.

35 ↗(On Diff #57762)

I do not know where this is used, but I have a feeling that this should be kept, it changes the way the script works.

bapt updated this revision to Diff 57949.May 27 2019, 12:49 PM

Keep the exit 1 which should have remained :)

mat accepted this revision as: portmgr.May 27 2019, 12:51 PM

ok for me.

This revision was not accepted when it landed; it landed in state Needs Review.May 27 2019, 1:02 PM
Closed by commit rP502793: Improve vulnerability checking (authored by bapt). · Explain Why
This revision was automatically updated to reflect the committed changes.