"is version affected" functions: migrate to library

[frasertweedale]

If feasible, it would be good if Flora could handle unknown introduced/fixed versions in advisories and use comparison operators on the Version type to deduce whether some known package version is affected.

If it would help, we can add library functions to hsec-core to perform these sorts of checks. It's already implemented in the hsec-tools query command so we only need to move some code around and expose a library function.

Originally posted by @frasertweedale in #247 (comment)

[blackheaven]

Is there anything preventing hsec-tools to be used as a library?

In my mind, it aimed to be a library with an executable, not an executable with a supporting library.

[blackheaven]

/cc @tchoutri

[tchoutri]

If feasible, it would be good if Flora could handle unknown introduced/fixed versions in advisories and use comparison operators on the Version type to deduce whether some known package version is affected.

I am now storing raw versions, instead of resolving to a package/release in the database: flora-pm/flora-server#791

Is there anything preventing hsec-tools to be used as a library?

Absolutely not on my end, I actually already do that. I use listAdvisories from Security.Advisories.Filesystem.