Add a -f option to 'pkg audit': use a local file as the vuln.xml

database. Fixes freebsd#757 in master. Will be in release 1.3.0
juikim · Apr 6, 2014 · 2f5f632 · 2f5f632
1 parent 2c84533
commit 2f5f632
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 20 deletions.
diff --git a/docs/pkg-audit.8 b/docs/pkg-audit.8
@@ -15,7 +15,7 @@
 .\"     @(#)pkg.8
 .\" $FreeBSD$
 .\"
-.Dd December  24, 2013
+.Dd April 6, 2014
 .Dt PKG-AUDIT 8
 .Os
 .Sh NAME
@@ -24,6 +24,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl Fq
+.Op Fl f Ar file
 .Ar pkg-name
 .Sh DESCRIPTION
 .Nm
@@ -54,6 +55,15 @@ will audit only that package.
 The following options are supported by
 .Nm :
 .Bl -tag -width F1
+.It Fl f Ar file
+Use
+.Pa file
+as the local copy of the vulnerability database.
+If used in combination with
+.Fl F
+download the vulnerability database to the named
+.Pa file
+before auditing installed ports against it.
 .It Fl F
 Fetch the database before checking.
 .It Fl q

diff --git a/src/audit.c b/src/audit.c
@@ -1,5 +1,6 @@
 /*-
  * Copyright (c) 2011-2012 Julien Laffaye <[email protected]>
+ * Copyright (c) 2014 Matthew Seaman <[email protected]>
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -711,31 +712,36 @@ free_audit_list(struct audit_entry *h)
 int
 exec_audit(int argc, char **argv)
 {
-	struct audit_entry *h = NULL;
-	struct audit_entry_sorted *cooked_audit_entries = NULL;
-	struct pkgdb *db = NULL;
-	struct pkgdb_it *it = NULL;
-	struct pkg *pkg = NULL;
-	const char *db_dir;
-	char *name;
-	char *version;
-	char audit_file[MAXPATHLEN];
-	unsigned int vuln = 0;
-	bool fetch = false;
-	int ch;
-	int ret = EX_OK, res;
-	const char *portaudit_site = NULL;
+	struct audit_entry		*h = NULL;
+	struct audit_entry_sorted	*cooked_audit_entries = NULL;
+	struct pkgdb			*db = NULL;
+	struct pkgdb_it			*it = NULL;
+	struct pkg			*pkg = NULL;
+	const char			*db_dir;
+	char				*name;
+	char				*version;
+	char				 audit_file_buf[MAXPATHLEN];
+	char				*audit_file = audit_file_buf;
+	unsigned int			 vuln = 0;
+	bool				 fetch = false;
+	int				 ch;
+	int				 ret = EX_OK, res;
+	const char			*portaudit_site = NULL;
 
 	db_dir = pkg_object_string(pkg_config_get("PKG_DBDIR"));
+	snprintf(audit_file_buf, sizeof(audit_file_buf), "%s/vuln.xml", db_dir);
 
-	while ((ch = getopt(argc, argv, "qF")) != -1) {
+	while ((ch = getopt(argc, argv, "qFf:")) != -1) {
 		switch (ch) {
 		case 'q':
 			quiet = true;
 			break;
 		case 'F':
 			fetch = true;
 			break;
+		case 'f':
+			audit_file = optarg;
+			break;
 		default:
 			usage_audit();
 			return(EX_USAGE);
@@ -744,8 +750,6 @@ exec_audit(int argc, char **argv)
 	argc -= optind;
 	argv += optind;
 
-	snprintf(audit_file, sizeof(audit_file), "%s/vuln.xml", db_dir);
-
 	if (fetch == true) {
 		portaudit_site = pkg_object_string(pkg_config_get("VULNXML_SITE"));
 		if (fetch_and_extract(portaudit_site, audit_file) != EPKG_OK) {
@@ -773,9 +777,12 @@ exec_audit(int argc, char **argv)
 		res = parse_db_vulnxml(audit_file, &h);
 		if (res != EPKG_OK) {
 			if (errno == ENOENT)
-				warnx("unable to open vulnxml file, try running 'pkg audit -F' first");
+				warnx("vulnxml file %s does not exist. "
+				      "Try running 'pkg audit -F' first",
+				      audit_file);
 			else
-				warn("unable to open vulnxml file %s", audit_file);
+				warn("unable to open vulnxml file %s",
+				     audit_file);
 			ret = EX_DATAERR;
 			goto cleanup;
 		}