From eb04a0d2c955f5fa9a721537c8202fc5c5959b19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Tue, 1 Apr 2025 14:46:31 +0200 Subject: [PATCH] lint: cve: Catch HTTP GET errors. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes a bug where ‘guix lint -c cve’ would crash when nvd.nist.gov returns 503 or similar. * guix/lint.scm (current-vulnerabilities*): Wrap ‘current-vulnerabilities’ call in ‘guard’ and return the empty list in case of ‘http-get-error?’. Change-Id: I76d5f22c260999154af7b73630f783555747aa7a --- guix/lint.scm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/guix/lint.scm b/guix/lint.scm index e5e124a690b..0e93c536619 100644 --- a/guix/lint.scm +++ b/guix/lint.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Cyril Roelandt ;;; Copyright © 2014, 2015 Eric Bavier -;;; Copyright © 2013-2024 Ludovic Courtès +;;; Copyright © 2013-2025 Ludovic Courtès ;;; Copyright © 2015, 2016 Mathieu Lirzin ;;; Copyright © 2016 Danny Milosavljevic ;;; Copyright © 2016 Hartmut Goebel @@ -1573,7 +1573,15 @@ or HTTP errors. This allows network-less operation and makes problems with the NIST server non-fatal." (with-networking-fail-safe (G_ "while retrieving CVE vulnerabilities") '() - (current-vulnerabilities #:timeout 4))) + (guard (c ((http-get-error? c) + (warning (G_ "failed to get list of \ +CVE vulnerabilities from '~a': ~a (~a)~%") + (uri->string + (http-get-error-uri c)) + (http-get-error-code c) + (http-get-error-reason c)) + '())) + (current-vulnerabilities #:timeout 4)))) (define package-vulnerabilities (let ((lookup (delay (vulnerabilities->lookup-proc