aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-19)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.json"))

(define (vulnerability id packages)
  (make-struct/no-tail (@@ (guix cve) <vulnerability>) id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   (vulnerability "CVE-2019-0001"
                  ;; Only the "a" CPE configurations are kept; the "o"
                  ;; configurations are discarded.
                  '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
   (vulnerability "CVE-2019-0005"
                  '(("junos" (or "18.11" "18.1"))))
   ;; CVE-2019-0005 has no "a" configurations.
   (vulnerability "CVE-2019-14811"
                  '(("ghostscript" (< "9.28"))))
   (vulnerability "CVE-2019-17365"
                  '(("nix" (<= "2.3"))))
   (vulnerability "CVE-2019-1010180"
                  '(("gdb" _)))                   ;any version
   (vulnerability "CVE-2019-1010204"
                  '(("binutils" (and (>= "2.21") (<= "2.31.1")))
                    ("binutils_gold" (and (>= "1.11") (<= "1.16")))))
   ;; CVE-2019-18192 has no associated configurations.
   ))


(test-begin "cve")

(test-equal "json->cve-items"
  '("CVE-2019-0001"
    "CVE-2019-0005"
    "CVE-2019-14811"
    "CVE-2019-17365"
    "CVE-2019-1010180"
    "CVE-2019-1010204"
    "CVE-2019-18192")
  (map (compose cve-id cve-item-cve)
       (call-with-input-file %sample json->cve-items)))

(test-equal "cve-item-published-date"
  '(2019)
  (delete-duplicates
   (map (compose date-year cve-item-published-date)
        (call-with-input-file %sample json->cve-items))))

(test-equal "json->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample json->vulnerabilities))

(test-equal "vulnerabilities->lookup-proc"
  (list (list (third %expected-vulnerabilities))  ;ghostscript
        (list (third %expected-vulnerabilities))
        '()

        (list (fifth %expected-vulnerabilities))  ;gdb
        (list (fifth %expected-vulnerabilities))

        (list (fourth %expected-vulnerabilities)) ;nix
        '()

        (list (sixth %expected-vulnerabilities))  ;binutils
        '()
        (list (sixth %expected-vulnerabilities))
        '())
  (let* ((vulns  (call-with-input-file %sample json->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "ghostscript")
          (lookup "ghostscript" "9.27")
          (lookup "ghostscript" "9.28")
          (lookup "gdb")
          (lookup "gdb" "42.0")
          (lookup "nix")
          (lookup "nix" "2.4")
          (lookup "binutils" "2.31.1")
          (lookup "binutils" "2.10")
          (lookup "binutils_gold" "1.11")
          (lookup "binutils" "2.32"))))

(test-end "cve")
generated by cgit
gcrypt. (build-program)[fake-gcrypt-hash]: New variable. Add (gcrypt hash) to the imported modules. Adjust load path assignments. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Add GUILE-GCRYPT. [arguments]: In 'wrap-program' phase, add GUILE-GCRYPT to the search path. 2018-06-27doc: Specify Guile-SQLite3 minimum version.Ludovic Courtès * doc/guix.texi (Requirements): Specify the minimum guile-sqlite3 version. * README (Requirements): Likewise. 2018-06-14build: Require Guile-SQLite3.Ludovic Courtès The next commits make (sqlite3) an indirect dependency of (gnu build install), which is itself used by (guix scripts system), hence this new requirement. * configure.ac: Error out when $guix_cv_have_recent_guile_sqlite3 is false. Remove HAVE_GUILE_SQLITE3 Automake conditional. * Makefile.am (MODULES, SCM_TESTS): Remove HAVE_GUILE_SQLITE3 conditions. * doc/guix.texi (Requirements): Add Guile-SQLite3. * README: Ditto. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Add GUILE-SQLITE3. [arguments]: In 'wrap-program' phase, take guile-sqlite3 into account. 2018-02-26build: Require Guile >= 2.0.13.Ludovic Courtès * README, configure.ac, doc/guix.texi (Requirements): Increase minimum Guile version from 2.0.9 to 2.0.13. * config-daemon.ac: Remove use of 'GUIX_CHECK_UNBUFFERED_CBIP'. * m4/guix.m4 (GUIX_CHECK_UNBUFFERED_CBIP): Remove. * guix/build/download.scm (current-http-proxy): Remove. * guix/build/syscalls.scm (%libc-errno-pointer, errno): Remove. (syscall->procedure): Use #:return-errno unconditionally. * guix/hash.scm (open-sha256-input-port)[unbuffered]: Remove outdated comment. * guix/http-client.scm (when-guile<=2.0.5-or-otherwise-broken): Remove. <top level>: Remove 'when-guile<=2.0.5-or-otherwise-broken' block. * guix/scripts/substitute.scm (fetch): Remove 'guile-version>?' conditional. * tests/hash.scm (supports-unbuffered-cbip?): Remove. <top level>: Remove 'test-skip' call. 2018-01-07doc: Mark zlib as mandatory, libbz2 as optional.Ludovic Courtès * doc/guix.texi (Requirements): Move zlib to mandatory and libbz2 to optional. * README: Ditto. 2018-01-01doc: Update requirements in 'README'.Mathieu Lirzin * README (Requirements): Update. 2017-09-25README: Replace http:// with https:// where applicable.Marius Bakke 2017-03-18build: Require Guile >= 2.0.9.Ludovic Courtès * configure.ac: Bump requirement to 2.0.9. * doc/guix.texi (Requirements): Adjust accordingly. * README (Requirements): Likewise. * build-aux/download.scm: Remove workaround for <http://bugs.gnu.org/13095>. * guix/build/download.scm: Likewise. (http-fetch)[post-2.0.7?]: Remove. Remove conditional code for not POST-2.0.7?. * guix/http-client.scm: Remove workaround for <http://bugs.gnu.org/13095>. (http-fetch)[post-2.0.7?]: Remove. Remove conditional code for not POST-2.0.7?. * guix/serialization.scm (read-latin1-string): Remove mention of 2.0.9. * tests/nar.scm: Use (ice-9 control). (let/ec): Remove. 2017-01-30maint: Fix invalid calls to 'info'.Mathieu Lirzin * HACKING <Contributing>: Remove name of the manual from the item argument. * README <Installation>: Likewise. 2015-10-06build: Automatically determine libgcrypt's file name.Ludovic Courtès * m4/guix.m4 (GUIX_LIBGCRYPT_LIBDIR): New macro. * configure.ac: Use it when no --with-libgcrypt-* option was passed. * README: Do not recommend --with-libgcrypt-prefix. Co-authored-by: 宋文武 <iyzsong@gmail.com> 2015-06-14doc: Move most 'HACKING' informations into the manual.Mathieu Lirzin * HACKING (Contributing): New section. (Building from Git, The Perfect Setup, Coding Style, Submitting Patches): Move to ... * doc/guix.texi (Running Guix Before It Is Installed): Likewise. * doc/contributing.texi: ... here. New file. * doc.am (EXTRA_DIST): Use it. * README (Installation): Adapt to it. * configure.ac (DOT): Likewise. 2015-06-04Document 'guix environment guix' in README.Ludovic Courtès * README (Installing Guix from Guix): Replace complicated instructions with 'guix environment guix'. 2015-05-10doc: Mention GNU Make as a requirement.Ludovic Courtès * README (Requirements): Add GNU Make. * doc/guix.texi (Requirements): Likewise. 2015-05-10build: Require Guile >= 2.0.7.Ludovic Courtès * configure.ac: Require guile-2.0 >= 2.0.7. * README: Adjust accordingly. * doc/guix.texi (Requirements): Likewise. 2014-10-27doc: Add a note about optional GnuTLS dependency.Ian Denhardt * README (Requirements): add a note about 'guix download''s GnuTLS dependency. * doc/guix.texi (Requirements): Likewise. Co-authored-by: Ludovic Courtès <ludo@gnu.org> 2014-10-06doc: Mention optional dependency on Guile-JSON.Ludovic Courtès * README (Requirements): Add Guile-JSON. * doc/guix.texi (Requirements): Likewise. 2014-09-02doc: Update "Installing Guix from Guix".Ludovic Courtès * README: Make 'guix package' command line more readable. Mention --localstatedir. 2014-08-26doc: Replace /nix/store with /gnu/store in README.John Darrington * README update anachronistic reference to /nix/store 2014-04-10doc: Mention 'gcc-toolchain' in README.Ludovic Courtès * README (Installing Guix from Guix): Use "gcc-toolchain" instead of "gcc,binutils,ld-wrapper,glibc". 2013-11-16doc: Improve "Installing Guix from Guix" section.Ludovic Courtès Reported by Mark H. Weaver <mhw@netris.org>. * README (Installing Guix from Guix): Explicitly mention $PATH separately. Mention $ACLOCAL_PATH, not $ACLOCAL. Give the exact command to install the dependencies. Remove mention of $GUIX_LD_WRAPPER_ALLOW_IMPURITIES, which is no longer needed. 2013-07-19doc: Improve build instructions in README and HACKING.Ludovic Courtès * README (Requirements): Remove Nixpkgs. Remove mentions of building from Git. (Installation): Refer to the manual. * HACKING: List requirements for when building from Git. Remove the `dot: Command not found' error. 2013-07-17doc: Mark 2.0.5 as being the minimum Guile version.Ludovic Courtès * doc/guix.texi (Requirements): Require Guile 2.0.5+. * README: Ditto. 2013-06-12doc: Describe the build procedure in more detail.Konrad Hinsen * README (Requirements): Replace "autoreconf" by "bootstrap". (Installing Guix from Guix): Augment and update. 2013-04-25doc: Add note on installing Guix from Guix.Ludovic Courtès * README (Installing Guix from Guix): New section. Suggested by Alex Sassmannshausen <alex.sassmannshausen@gmail.com>. 2012-12-14daemon: Build `nix-setuid-helper'.Ludovic Courtès * daemon.am (libexec_PROGRAMS, nix_setuid_helper_SOURCES, nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): New variables. * test-env.in: Set and export `NIX_SETUID_HELPER'. * README (Installing Guix as non-root): New section. 2012-12-06doc: Add new dependencies in `README'.Ludovic Courtès * README (Hacking): Rename to... (Requirements): ... this. Add the daemon's dependencies. 2012-11-25doc: Mention the pronunciation of "Guix".Ludovic Courtès * README: Mention pronunciation of "Guix". * doc/guix.texi (Introduction): Likewise. 2012-11-24doc: Update `README'.Ludovic Courtès * README: Update introductory summary. Point to Savannah instead of Gitorious. Mention <bug-guix@gnu.org>. (Guix & Nix): New section. 2012-11-18doc: Add a "Related software" section to `README'.Ludovic Courtès * README (Related software): New section. 2012-11-18Turn Guix into "GNU Guix".Ludovic Courtès * configure.ac: Change package name to "GNU Guix", and bug-report address to `gnu-system-discuss@gnu.org'. * doc/guix.texi: Replace "Guix" by "GNU Guix" in some places. (Top, Introduction): Mention "for the GNU system". * HACKING, README: Use "GNU Guix" instead of "Guix" in some places. 2012-11-03build: Require GNU libgcrypt.Ludovic Courtès * guix/utils.scm (sha256): Remove Coreutils- and libchop-based implementations. * README: Update accordingly. * m4/guix.m4: New file. * configure.ac: Use `GUIX_ASSERT_LIBGCRYPT_USABLE'. Set and substitute `LIBGCRYPT_PREFIX'. * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Pass `--with-libgcrypt-prefix=$(LIBGCRYPT_PREFIX)'. 2012-11-03build: Clearly mark Nixpkgs as optional.Ludovic Courtès * configure.ac: Always show the result of checking for Nixpkgs. Don't warn when Nixpkgs is not found. * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Remove `--with-nixpkgs' flag. * guix/utils.scm (%nixpkgs-directory): Use either the compile-time or the run-time `NIXPKGS' environment variable. * release.nix (jobs.tarball, jobs.build): Remove `--with-nixpkgs' configure flag. * README: Mark Nixpkgs as optional. * distro/packages/databases.scm, distro/packages/guile.scm, distro/packages/typesetting.scm: Change uses of `nixpkgs-derivation*' to `nixpkgs-derivation', to avoid failing at compile-time. 2012-10-05Augment `README'.Ludovic Courtès * README (Hacking): Mention `--with-nixpkgs'. List the autotools and Gettext, as suggested by Nikita Karetnikov <nikita.karetnikov@gmail.com>.