Track the number of affected pkgs as well and display to the user.

brd · brd · commit 83e9c5efec29 · 2018-09-12T01:20:31.000-06:00
Thanks to @wca for the review. This fixes freebsd#1463.
diff --git a/libpkg/pkg.h.in b/libpkg/pkg.h.in
@@ -1694,7 +1694,7 @@ int pkg_audit_process(struct pkg_audit *audit);
  * @return true and `*result` is set if a package is vulnerable
  */
 bool pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
-		bool quiet, UT_string **result);
+		bool quiet, UT_string **result, int *affected);
 #endif
 
 void pkg_audit_free (struct pkg_audit *audit);
diff --git a/libpkg/pkg_audit.c b/libpkg/pkg_audit.c
@@ -766,7 +766,7 @@ pkg_audit_print_entry(struct pkg_audit_entry *e, UT_string *sb,
 
 bool
 pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
-		bool quiet, UT_string **result)
+		bool quiet, UT_string **result, int *affected)
 {
 	struct pkg_audit_entry *e;
 	struct pkg_audit_versions_range *vers;
@@ -807,6 +807,9 @@ pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
 				 */
 				res = true;
 				pkg_audit_print_entry(e, sb, pkg->name, NULL, quiet);
+				if (affected != NULL) {
+					++*affected;
+				}
 			}
 			else {
 				LL_FOREACH(e->versions, vers) {
@@ -816,6 +819,9 @@ pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,
 					if (res1 && res2) {
 						res = true;
 						pkg_audit_print_entry(e, sb, pkg->name, pkg->version, quiet);
+						if (affected != NULL) {
+							++*affected;
+						}
 						break;
 					}
 				}
diff --git a/src/audit.c b/src/audit.c
@@ -120,7 +120,7 @@ exec_audit(int argc, char **argv)
 	char			*name;
 	char			*version;
 	char			*audit_file = NULL;
-	unsigned int		 vuln = 0;
+	unsigned int		 affected = 0, vuln = 0;
 	bool			 fetch = false, recursive = false;
 	int			 ch, i;
 	int			 ret = EX_OK;
@@ -276,7 +276,7 @@ exec_audit(int argc, char **argv)
 
 	if (pkg_audit_process(audit) == EPKG_OK) {
 		kh_foreach_value(check, pkg, {
-			if (pkg_audit_is_vulnerable(audit, pkg, quiet, &sb)) {
+			if (pkg_audit_is_vulnerable(audit, pkg, quiet, &sb, &affected)) {
 				vuln ++;
 				printf("%s", utstring_body(sb));
 
@@ -302,7 +302,8 @@ exec_audit(int argc, char **argv)
 			ret = EX_OK;
 
 		if (!quiet)
-			printf("%u problem(s) in the installed packages found.\n", vuln);
+			printf("%u problem(s) in %u installed package(s) found.\n",
+			   affected, vuln);
 	}
 	else {
 		warnx("cannot process vulnxml");
diff --git a/src/upgrade.c b/src/upgrade.c
@@ -149,7 +149,7 @@ check_vulnerable(struct pkg_audit *audit, struct pkgdb *db, int sock)
 
 	if (pkg_audit_process(audit) == EPKG_OK) {
 		kh_foreach_value(check, pkg, {
-				if (pkg_audit_is_vulnerable(audit, pkg, true, &sb)) {
+				if (pkg_audit_is_vulnerable(audit, pkg, true, &sb, NULL)) {
 					pkg_get(pkg, PKG_UNIQUEID, &uid);
 					fprintf(out, "%s\n", uid);
 					fflush(out);
