Resolve linking issues - ensuring cve-check-tool works with full RELRO

This is currently the temporary path we'll use, as and when the packaging
implementations switch to plugins, we can drop the current callback mechanism,
abstract util.*, and query supported package types and then determine the
plugin we'll use for the lifetime of this operation.

Signed-off-by: Ikey Doherty <[email protected]>

src/library/cve-check-tool.h

@@ -19,10 +19,21 @@
 
 #include "core.h"
 
+/**
+ * Distro implementations need to add packages to the interest list
+ * before we will check them for CVEs. This will actually call back to
+ * the self->examine function, and add the parsed package into the
+ * current list.
+ *
+ * @param path Full legal path to the source package
+ */
+
+typedef void (*cve_add_callback)(const char *);
+
 /**
  * Function to yield all applicable sources.
  */
-typedef void (*cve_locate_sources)(const char*, bool);
+typedef void (*cve_locate_sources)(const char*, bool, cve_add_callback);
 
 /**
  * Determine if a package has already patched a vulnerability
@@ -72,13 +83,3 @@ typedef struct CveCheckTool {
  * Remotely exploitable
  */
 #define ACCESS_VECTOR_NETWORK   "NETWORK"
-
-/**
- * Distro implementations need to add packages to the interest list
- * before we will check them for CVEs. This will actually call back to
- * the self->examine function, and add the parsed package into the
- * current list.
- *
- * @param path Full legal path to the source package
- */
-void cve_add_package(const char *path);

src/library/util.c

@@ -32,14 +32,18 @@
 
 DEF_AUTOFREE(char, free)
 
-bool find_sources(const char *path, package_match_func match, bool recurse)
+bool find_sources(const char *path, package_match_func match, bool recurse, cve_add_callback cb)
 {
         struct stat st = {.st_ino = 0};
         bool ret = false;
         DIR *dir = NULL;
         struct dirent *ent = NULL;
         char *fullp = NULL;
 
+        if (!cb) {
+                return false;
+        }
+
         if (!match) {
                 return false;
         }
@@ -61,14 +65,14 @@ bool find_sources(const char *path, package_match_func match, bool recurse)
                                         goto end;
                                 }
                                 if (!(cve_is_dir(fullp) && !recurse)) {
-                                        find_sources(fullp, match, recurse);
+                                        find_sources(fullp, match, recurse, cb);
                                 }
                                 free(fullp);
                         }
                 }
         } else if (S_ISREG(st.st_mode)) {
                 if (match(path)) {
-                        cve_add_package(path);
+                        cb(path);
                 }
         }
 

src/library/util.h

@@ -78,8 +78,9 @@ int64_t parse_xml_date(const char *date);
  * @param directory Base directory to recurse
  * @param match A function to determine "matching" source packages
  * @param recurse Whether we can recurse the given directory
+ * @param cb A callback to execute when we encounter a matching package
  */
-bool find_sources(const char *directory, package_match_func match, bool recurse);
+bool find_sources(const char *directory, package_match_func match, bool recurse, cve_add_callback cb);
 
 /**
  * Implemented in a *similar* fashion to how g_autoptr is intended to

src/main.c

@@ -52,7 +52,7 @@ DEF_AUTOFREE(char, free)
 #define streq(x,y) strcmp(x,y) == 0
 
 
-static void cve_add_package_internal(struct source_package_t *pkg)
+void cve_add_package_internal(struct source_package_t *pkg)
 {
         GList *issues = NULL, *em = NULL;
         gchar *cur_id = NULL;
@@ -590,7 +590,7 @@ int main(int argc, char **argv)
                 /* Attempt to add a single package.. */
                 if (cve_is_dir(target)) {
                         /* Recurse.. */
-                        self->locate(target, true);
+                        self->locate(target, true, &cve_add_package);
                 } else {
                         cve_add_package(target);
                 }
@@ -677,7 +677,7 @@ int main(int argc, char **argv)
                                         goto cleanup;
                                 }
                         }
-                        self->locate(path, false);
+                        self->locate(path, false, &cve_add_package);
 clean:
                         free(buf);
                         buf = NULL;

src/packaging/eopkg.c

@@ -156,7 +156,7 @@ bool eopkg_is_package(const char *filename)
         return g_str_has_suffix((const gchar*)filename, "pspec.xml") || g_str_has_suffix((const gchar*)filename, "pspec_x86_64.xml");
 }
 
-void eopkg_locate_sources(const char *directory, bool recurse)
+void eopkg_locate_sources(const char *directory, bool recurse, cve_add_callback cb)
 {
-        find_sources(directory, &eopkg_is_package, recurse);
+        find_sources(directory, &eopkg_is_package, recurse, cb);
 }

src/packaging/eopkg.h

@@ -24,6 +24,6 @@ struct source_package_t *eopkg_inspect_pspec(const char *filename);
 bool eopkg_is_patched(struct source_package_t *pkg, char *id);
 bool eopkg_is_ignored(struct source_package_t *pkg, char *id);
 
-void eopkg_locate_sources(const char *directory, bool recurse);
+void eopkg_locate_sources(const char *directory, bool recurse, cve_add_callback cb);
 
 bool eopkg_is_package(const char *filename);

src/packaging/pkgbuild.c

@@ -111,7 +111,7 @@ bool pkgbuild_is_package(const char *filename)
         return g_str_has_suffix((const gchar*)filename, "PKGBUILD");
 }
 
-void pkgbuild_locate_sources(const char *directory, bool recurse)
+void pkgbuild_locate_sources(const char *directory, bool recurse, cve_add_callback cb)
 {
-        find_sources(directory, &pkgbuild_is_package, recurse);
+        find_sources(directory, &pkgbuild_is_package, recurse, cb);
 }

src/packaging/pkgbuild.h

@@ -23,6 +23,6 @@ struct source_package_t *pkgbuild_inspect_spec(const char *filename);
 
 bool pkgbuild_is_patched(struct source_package_t *pkg, char *id);
 
-void pkgbuild_locate_sources(const char *directory, bool recurse);
+void pkgbuild_locate_sources(const char *directory, bool recurse, cve_add_callback cb);
 
 bool pkgbuild_is_package(const char *filename);

src/packaging/rpm.c

@@ -330,7 +330,7 @@ bool rpm_is_package(const char *filename)
         return g_str_has_suffix((const gchar*)filename, ".spec");
 }
 
-void rpm_locate_sources(const char *directory, bool recurse)
+void rpm_locate_sources(const char *directory, bool recurse, cve_add_callback cb)
 {
-        find_sources(directory, &rpm_is_package, recurse);
+        find_sources(directory, &rpm_is_package, recurse, cb);
 }

src/packaging/rpm.h

@@ -39,6 +39,6 @@ bool srpm_is_ignored(struct source_package_t *t, char *id);
 bool rpm_is_patched(struct source_package_t *pkg, char *id);
 bool rpm_is_ignored(struct source_package_t *pkg, char *id);
 
-void rpm_locate_sources(const char *directory, bool recurse);
+void rpm_locate_sources(const char *directory, bool recurse, cve_add_callback cb);
 
 bool rpm_is_package(const char *filename);

src/update-main.c

@@ -48,13 +48,6 @@ static GOptionEntry _entries[] = {
         { .short_name = 0 }
 };
 
-/**
- * TODO: Remove these symbol issues by further refactoring
- */
-void cve_add_package(__attribute__ ((unused)) const char *path)
-{
-}
-
 /**
  * Main entry.
  */

tests/check-core.c

@@ -23,14 +23,6 @@
 
 #include "config.h"
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-
-}
-
 /**
  * Ensure parse_xml_date works
  */

tests/check-database.c

@@ -25,13 +25,6 @@
 
 #include "config.h"
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-}
-
 START_TEST(cve_database_new)
 {
         CveDB *db = NULL;

tests/check-jira-plugin.c

@@ -36,14 +36,6 @@ bool file_exists(const gchar *path)
         return((access(path,F_OK) != -1));
 }
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-
-}
-
 /* Check the plugin init function which includes parsing the config file */
 START_TEST(cve_jira_plugin_init_function)
 {

tests/check-packaging.c

@@ -25,9 +25,6 @@
 
 static int add_count = 0;
 
-/**
- * Kept here as a no-op for now (linking)
- */
 void cve_add_package(__attribute__((unused)) const char *path)
 {
         add_count++;
@@ -187,15 +184,15 @@ START_TEST(cve_packaging_test)
         fail_if(t != PACKAGE_TYPE_UNKNOWN, "Incorrect unknown package type detection");
 
         add_count = 0;
-        eopkg_locate_sources(TOP_DIR "/tests/dummy_data/eopkg", true);
+        eopkg_locate_sources(TOP_DIR "/tests/dummy_data/eopkg", true, &cve_add_package);
         fail_if(add_count != 1, "Failed to locate eopkg sources");
 
         add_count = 0;
-        rpm_locate_sources(TOP_DIR "/tests/dummy_data/rpm", true);
+        rpm_locate_sources(TOP_DIR "/tests/dummy_data/rpm", true, &cve_add_package);
         fail_if(add_count != 2, "Failed to locate RPM sources");
 
         add_count = 0;
-        pkgbuild_locate_sources(TOP_DIR "/tests/dummy_data/pkgbuild", true);
+        pkgbuild_locate_sources(TOP_DIR "/tests/dummy_data/pkgbuild", true, &cve_add_package);
         fail_if(add_count != 1, "Failed to locate PKGBUILD sources");
 }
 END_TEST

tests/check-template.c

@@ -18,14 +18,6 @@
 
 #include "config.h"
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-
-}
-
 START_TEST(cve_template_basic)
 {
         gchar *ret = NULL;