about summary refs log tree commit diff
path: root/blacklisting
diff options
context:
space:
mode:
Diffstat (limited to 'blacklisting')
-rw-r--r--blacklisting/blacklist.xml52
-rwxr-xr-xblacklisting/check-env.pl76
2 files changed, 87 insertions, 41 deletions
diff --git a/blacklisting/blacklist.xml b/blacklisting/blacklist.xml
index 0ae2b21d2c5b..aec9113262a4 100644
--- a/blacklisting/blacklist.xml
+++ b/blacklisting/blacklist.xml
@@ -1,6 +1,7 @@
 <blacklist>
 
-  
+
+<!--
 <item id='openssl-0.9.7d-obsolete'>
   <condition>
     <containsSource
@@ -12,29 +13,20 @@
   </reason>
   <severity class="all" level="low" />
 </item>
+-->
 
 
-<item id='zlib-1.2.1-security'>
+<item id='zlib-1.2.1-security' type='security'>
   <condition>
     <containsSource
-        hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv"
-        origin="zlib-1.2.1.tar.gz" />
-<!--
-    <or>
-      <and>
-        <containsSource
-            hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv"
-            origin="zlib-1.2.1.tar.gz" />
-        <not>
-          <containsSource
-              hash="..."
-              origin="zlib-1.2.1-dos.patch" />
-        </not>
-      </and>
-      <containsOutput
-          name="/nix/store/gxbdsvlwz6ixin94jhdw7rwdbb5mxxq3-zlib-1.2.1" />
-    </or>
-    -->
+        hash="sha256:1xf1749gdfw9f50mxa5rsnmwiwrb5mi0kg4siw8a73jykdp2i6ii"
+        origin="openssl-0.9.7d.tar.gz" />
+<!--    <within>
+      <traverse>
+        <not><hasName name='*.tar.*' /></not>
+      </traverse>
+      <hasAttr name='md5' value='ef1cb003448b4a53517b8f25adb12452' />
+    </within> -->
   </condition>
   <reason>
     Zlib 1.2.1 is vulnerable to a denial-of-service condition.  See
@@ -45,6 +37,7 @@
 </item>
 
 
+<!--
 <item id='libpng-1.2.7-crash'>
   <condition>
     <containsName name="libpng" comparison="lte" version="1.2.7" />
@@ -55,6 +48,25 @@
   </reason>
   <severity class="client" level="low" />
 </item>
+-->
+
+
+<!--
+<item id='subversion-without-zlib' type='improvement'>
+
+  <condition>
+    <withinOutputClosure>
+      <not>
+        <containsName name='zlib' />
+      </not>
+    </withinOutputClosure>
+  </condition>
 
+  <reason>
+    Subversion can be compiled with Zlib compression support, which is a good thing.
+  </reason>
+
+</item>
+-->
 
 </blacklist>
diff --git a/blacklisting/check-env.pl b/blacklisting/check-env.pl
index f73ad558b86a..f334ef04cb1e 100755
--- a/blacklisting/check-env.pl
+++ b/blacklisting/check-env.pl
@@ -1,7 +1,8 @@
-#! /usr/bin/perl -w
+#! /usr/bin/perl -w -I /home/eelco/.nix-profile/lib/site_perl
 
 use strict;
-use XML::Simple;
+use XML::LibXML;
+#use XML::Simple;
 
 my $blacklistFN = shift @ARGV;
 die unless defined $blacklistFN;
@@ -10,10 +11,10 @@ die unless defined $userEnv;
 
 
 # Read the blacklist.
-my $blacklist = XMLin($blacklistFN,
-    forcearray => [qw()],
-    keyattr => ['id'],
-    suppressempty => '');
+my $parser = XML::LibXML->new();
+my $blacklist = $parser->parse_file($blacklistFN)->getDocumentElement;
+
+#print $blacklist->toString() , "\n";
 
 
 # Get all the elements of the user environment.
@@ -30,10 +31,10 @@ sub evalCondition {
     my $storePaths = shift;
     my $condition = shift;
 
-    if (defined $condition->{'containsSource'}) {
-        my $c = $condition->{'containsSource'};
-        my $hash = $c->{'hash'};
-
+    my $name = $condition->getName;
+    
+    if ($name eq "containsSource") {
+        my $hash = $condition->attributes->getNamedItem("hash")->getValue;
         foreach my $path (keys %{$storePathHashes{$hash}}) {
             # !!! use a hash for $storePaths
             foreach my $path2 (@{$storePaths}) {
@@ -42,8 +43,43 @@ sub evalCondition {
         }
         return 0;
     }
+
+    elsif ($name eq "and") {
+        my $result = 1;
+        foreach my $node ($condition->getChildNodes) {
+            if ($node->nodeType == XML_ELEMENT_NODE) {
+                $result &= evalCondition($storePaths, $node);
+            }
+        }
+        return $result;
+    }
+
+    elsif ($name eq "true") {
+        return 1;
+    }
+
+    elsif ($name eq "false") {
+        return 0;
+    }
+
+    else {
+        die "unknown element `$name'";
+    }
+}
+
+
+sub evalOr {
+    my $storePaths = shift;
+    my $nodes = shift;
+
+    my $result = 0;
+    foreach my $node (@{$nodes}) {
+        if ($node->nodeType == XML_ELEMENT_NODE) {
+            $result |= evalCondition($storePaths, $node);
+        }
+    }
     
-    return 0;
+    return $result;
 }
 
 
@@ -83,20 +119,18 @@ foreach my $userEnvElem (@userEnvElems) {
 
 
     # Evaluate each blacklist item.
-    foreach my $itemId (sort (keys %{$blacklist->{'item'}})) {
-#        print "  CHECKING FOR $itemId\n";
+    foreach my $item ($blacklist->getChildrenByTagName("item")) {
+        my $itemId = $item->getAttributeNode("id")->getValue;
+        print "  CHECKING FOR $itemId\n";
 
-        my $item = $blacklist->{'item'}->{$itemId};
-        die unless defined $item;
-
-        my $condition = $item->{'condition'};
-        die unless defined $condition;
+        my $condition = ($item->getChildrenByTagName("condition"))[0];
+        die unless $condition;
 
         # Evaluate the condition.
-        if (evalCondition(\@requisites, $condition)) {
-
+        my @foo = $condition->getChildNodes();
+        if (evalOr(\@requisites, \@foo)) {
             # Oops, condition triggered.
-            my $reason = $item->{'reason'};
+            my $reason = ($item->getChildrenByTagName("reason"))[0]->getChildNodes->to_literal;
             $reason =~ s/\s+/ /g;
             $reason =~ s/^\s+//g;