aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-19)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.json"))

(define (vulnerability id packages)
  (make-struct/no-tail (@@ (guix cve) <vulnerability>) id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   (vulnerability "CVE-2019-0001"
                  ;; Only the "a" CPE configurations are kept; the "o"
                  ;; configurations are discarded.
                  '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
   (vulnerability "CVE-2019-0005"
                  '(("junos" (or "18.11" "18.1"))))
   ;; CVE-2019-0005 has no "a" configurations.
   (vulnerability "CVE-2019-14811"
                  '(("ghostscript" (< "9.28"))))
   (vulnerability "CVE-2019-17365"
                  '(("nix" (<= "2.3"))))
   (vulnerability "CVE-2019-1010180"
                  '(("gdb" _)))                   ;any version
   (vulnerability "CVE-2019-1010204"
                  '(("binutils" (and (>= "2.21") (<= "2.31.1")))
                    ("binutils_gold" (and (>= "1.11") (<= "1.16")))))
   ;; CVE-2019-18192 has no associated configurations.
   ))


(test-begin "cve")

(test-equal "json->cve-items"
  '("CVE-2019-0001"
    "CVE-2019-0005"
    "CVE-2019-14811"
    "CVE-2019-17365"
    "CVE-2019-1010180"
    "CVE-2019-1010204"
    "CVE-2019-18192")
  (map (compose cve-id cve-item-cve)
       (call-with-input-file %sample json->cve-items)))

(test-equal "cve-item-published-date"
  '(2019)
  (delete-duplicates
   (map (compose date-year cve-item-published-date)
        (call-with-input-file %sample json->cve-items))))

(test-equal "json->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample json->vulnerabilities))

(test-equal "vulnerabilities->lookup-proc"
  (list (list (third %expected-vulnerabilities))  ;ghostscript
        (list (third %expected-vulnerabilities))
        '()

        (list (fifth %expected-vulnerabilities))  ;gdb
        (list (fifth %expected-vulnerabilities))

        (list (fourth %expected-vulnerabilities)) ;nix
        '()

        (list (sixth %expected-vulnerabilities))  ;binutils
        '()
        (list (sixth %expected-vulnerabilities))
        '())
  (let* ((vulns  (call-with-input-file %sample json->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "ghostscript")
          (lookup "ghostscript" "9.27")
          (lookup "ghostscript" "9.28")
          (lookup "gdb")
          (lookup "gdb" "42.0")
          (lookup "nix")
          (lookup "nix" "2.4")
          (lookup "binutils" "2.31.1")
          (lookup "binutils" "2.10")
          (lookup "binutils_gold" "1.11")
          (lookup "binutils" "2.32"))))

(test-end "cve")
e-page]: Likewise. * gnu/packages/chemistry.scm (gromacs)[home-page]: Likewise. * gnu/packages/chez.scm (chez-fmt)[home-page]: Likewise. * gnu/packages/code.scm (lcov, uncrustify, cscope)[home-page]: Likewise. * gnu/packages/compression.scm (p7zip)[home-page]: Likewise. * gnu/packages/cran.scm (r-emdist, r-proj4, r-zoo, r-ggalluvial) (r-orgmassspecr, r-polychrome, r-partykit, r-rcpp, r-ff, r-emdbook) (r-fitdistrplus, r-linprog, r-geometry, r-dtw, r-fst, r-rjags) (r-intergraph, r-qualv, r-labelled, r-survey, r-coin, r-fmsb, r-tm) (r-corpcor, r-rmpfr, r-spatialextremes, r-longitudinal, r-genenet) (r-bayesm, r-seqinr, r-mpm, r-text2vec, r-rgdal, r-seewave, r-hdrcde) (r-shapes, r-anytime, r-stm, r-d3network, r-tam, r-directlabels) (r-spatstat-utils, r-spatstat-sparse, r-spatstat-data, r-spatstat-geom) (r-spatstat-core, r-spatstat-linnet, r-spatstat-random, r-spatstat) (r-rcpptoml, r-mlecens, r-seurat, r-mlearning, r-zooimage)[home-page]: Likewise. * gnu/packages/crates-io.scm (rust-nickel-0.11, rust-thrift-0.13) (rust-trust-dns-https-0.20, rust-trust-dns-native-tls-0.20) (rust-trust-dns-openssl-0.20, rust-trust-dns-proto-0.20) (rust-trust-dns-resolver-0.20, rust-trust-dns-rustls-0.20) (rust-uint-0.9, rust-yaml-rust-0.4)[home-page]: Likewise. * gnu/packages/crypto.scm (libdecaf, ccrypt)[home-page]: Likewise. * gnu/packages/curl.scm (curlpp)[home-page]: Likewise. * gnu/packages/databases.scm (python-pylibmc, unixodbc, wiredtiger) (libpqxx, mdbtools, virtuoso-ose, libdbi, libdbi-drivers) (soci)[home-page]: Likewise. * gnu/packages/debian.scm (apt-mirror)[home-page]: Likewise. * gnu/packages/debug.scm (remake)[home-page]: Likewise. * gnu/packages/disk.scm (sdparm, idle3-tools, duc)[home-page]: Likewise. * gnu/packages/django.scm (python-django-haystack)[home-page]: Likewise. * gnu/packages/djvu.scm (djvulibre, djview)[home-page]: Likewise. * gnu/packages/dns.scm (dnsmasq)[home-page]: Likewise. * gnu/packages/docbook.scm (dblatex, docbook2x)[home-page]: Likewise. * gnu/packages/documentation.scm (scrollkeeper)[home-page]: Likewise. * gnu/packages/ebook.scm (liblinebreak)[home-page]: Likewise. * gnu/packages/electronics.scm (xoscope)[home-page]: Likewise. * gnu/packages/emacs-xyz.scm (emacs-bbdb, emacs-caps-lock, emacs-djvu) (emacs-pabbrev, emacs-twittering-mode, emacs-filladapt, emacs-rudel) (emacs-stream, emacspeak, emacs-cc-mode, emacs-eldoc, emacs-jsonrpc) (emacs-gtk-look, emacs-xclip, emacs-slime-volleyball, emacs-minimap) (emacs-auto-dictionary-mode, emacs-persist, emacs-shell-command+) (emacs-map, emacs-xref, emacs-dictionary)[home-page]: Likewise. * gnu/packages/embedded.scm (sdcc)[home-page]: Likewise. * gnu/packages/engineering.scm (asco, libngspice, libspnav) (openctm)[home-page]: Likewise. * gnu/packages/erlang.scm (erlang-erlware-commons)[home-page]: Likewise. * gnu/packages/file-systems.scm (jfsutils, curlftpfs)[home-page]: Likewise. * gnu/packages/finance.scm (gbonds)[home-page]: Likewise. * gnu/packages/flashing-tools.scm (dfu-util, srecord)[home-page]: Likewise. * gnu/packages/fltk.scm (ntk)[home-page]: Likewise. * gnu/packages/fonts.scm (font-terminus, font-tex-gyre) (font-comic-neue)[home-page]: Likewise. * gnu/packages/fontutils.scm (ttf2pt1, potrace, libspiro)[home-page]: Likewise. * gnu/packages/fpga.scm (icestorm, gtkwave, gtkwave) (python-myhdl)[home-page]: Likewise. * gnu/packages/freedesktop.scm (libatasmart)[home-page]: Likewise. * gnu/packages/ftp.scm (weex)[home-page]: Likewise. * gnu/packages/game-development.scm (dds, python-tmx, sfxr, quesoglc) (eureka, plib)[home-page]: Likewise. * gnu/packages/games.scm (abe, alex4, armagetronad, barony) (foobillard++, golly, ltris, pipewalker, prboom-plus, trigger-rally) (cmatrix, pinball, pioneers, tennix, chromium-bsu, freeciv, kiki) (quakespasm, frotz, frotz-dumb-terminal, frotz-sdl, btanks) (flare-engine, chessx, barrage, cgoban, passage)[home-page]: Likewise. * gnu/packages/geo.scm (python-geopandas, saga)[home-page]: Likewise. * gnu/packages/gl.scm (freeglut, gl2ps)[home-page]: Likewise. * gnu/packages/gnome.scm (cogl, clutter-gtk, clutter-gst, bluefish) (workrave)[home-page]: Likewise. * gnu/packages/gnustep.scm (wmnd, wmfire, wmfire)[home-page]: Likewise. * gnu/packages/graph.scm (mscgen)[home-page]: Likewise. * gnu/packages/graphics.scm (assimp, alembic, ctl, agg) (opencsg)[home-page]: Likewise. * gnu/packages/graphviz.scm (gts)[home-page]: Likewise. * gnu/packages/gtk.scm (gtkspell3)[home-page]: Likewise. * gnu/packages/guile-xyz.scm (guile-irregex)[home-page]: Likewise. * gnu/packages/haskell-apps.scm (cpphs)[home-page]: Likewise. * gnu/packages/haskell-check.scm (ghc-hunit)[home-page]: Likewise. * gnu/packages/haskell-web.scm (ghc-http-client-restricted) (ghc-blaze-html, ghc-happstack-server, ghc-sourcemap)[home-page]: Likewise. * gnu/packages/haskell-xyz.scm (ghc-assoc, ghc-cairo, ghc-cborg) (ghc-csv, ghc-glob, ghc-gtk2hs-buildtools, ghc-hmatrix-gsl-stats) (ghc-intervalmap, ghc-lens-family-core, ghc-managed, ghc-mountpoints) (ghc-network-multicast, ghc-optional-args, ghc-regex, ghc-spoon) (ghc-transformers, ghc-turtle, ghc-utf8-light, ghc-wizards) (ghc-template-haskell, ghc-boot-th, ghc-binary-orphans) (ghc-postgresql-simple)[home-page]: Likewise. * gnu/packages/hexedit.scm (ht, bvi)[home-page]: Likewise. * gnu/packages/hunspell.scm (hunspell-dict-hu)[home-page]: Likewise. * gnu/packages/image-processing.scm (mia)[home-page]: Likewise. * gnu/packages/image-viewers.scm (geeqie, gpicview, luminance-hdr) (qiv)[home-page]: Likewise. * gnu/packages/image.scm (libuemf, devil, steghide, optipng, niftilib) (sng, mtpaint)[home-page]: Likewise. * gnu/packages/java-xml.scm (java-simple-xml, java-jaxp) (java-apache-xml-commons-resolver)[home-page]: Likewise. * gnu/packages/java.scm (java-cisd-base, java-cisd-args4j) (java-hamcrest-core, java-jsr305, java-eclipse-osgi) (java-eclipse-equinox-common, java-eclipse-core-jobs) (java-eclipse-equinox-registry, java-eclipse-equinox-app) (java-eclipse-equinox-preferences, java-eclipse-core-contenttype) (java-eclipse-text, java-treelayout, java-aopalliance, java-jeromq) (java-cdi-api)[home-page]: Likewise. * gnu/packages/jemalloc.scm (jemalloc-4.5.0)[home-page]: Likewise. * gnu/packages/julia-xyz.scm (julia-recipespipeline)[home-page]: Likewise. * gnu/packages/kde-internet.scm (kget)[home-page]: Likewise. * gnu/packages/kde-systemtools.scm (dolphin-plugins) (konsole)[home-page]: Likewise. * gnu/packages/kodi.scm (fstrcmp)[home-page]: Likewise. * gnu/packages/language.scm (hime, libchewing)[home-page]: Likewise. * gnu/packages/lego.scm (nqc)[home-page]: Likewise. * gnu/packages/lesstif.scm (lesstif)[home-page]: Likewise. * gnu/packages/libcanberra.scm (libcanberra)[home-page]: Likewise. * gnu/packages/libdaemon.scm (libdaemon)[home-page]: Likewise. * gnu/packages/libffi.scm (libffi)[home-page]: Likewise. * gnu/packages/libreoffice.scm (libwpd, libwpg, libwps)[home-page]: Likewise. * gnu/packages/libusb.scm (libmtp, gmtp)[home-page]: Likewise. * gnu/packages/linux.scm (e2fsprogs, extundelete, lsscsi, net-tools) (kbd, sysfsutils, cpuid, libpfm4)[home-page]: Likewise. * gnu/packages/lisp-check.scm (sbcl-ptester, sbcl-xlunit)[home-page]: Likewise. * gnu/packages/lisp-xyz.scm (sbcl-html-encode, sbcl-py-configparser) (sbcl-cl-utilities, sbcl-series, sbcl-uffi, sbcl-clsql, sbcl-sycamore) (sbcl-osicat, sbcl-hu.dwim.common, sbcl-caveman, sbcl-trivial-shell) (sbcl-trivial-benchmark, sbcl-screamer, sbcl-smug)[home-page]: Likewise. * gnu/packages/lisp.scm (lush2)[home-page]: Likewise. * gnu/packages/logging.scm (log4cpp)[home-page]: Likewise. * gnu/packages/lua.scm (lua-ldoc)[home-page]: Likewise. * gnu/packages/machine-learning.scm (mcl, openfst, rxcpp)[home-page]: Likewise. * gnu/packages/mail.scm (muchsync, procmail, sendmail) (opensmtpd-filter-dkimsign, crm114)[home-page]: Likewise. * gnu/packages/man.scm (libpipeline, man-db)[home-page]: Likewise. * gnu/packages/maths.scm (lapack, scalapack, hdf-eos5, itpp, gmsh) (metamath, p4est, armadillo, suitesparse, atlas, lpsolve, wcalc, why3) (frama-c)[home-page]: Likewise. * gnu/packages/mcrypt.scm (mcrypt, libmcrypt, libmhash)[home-page]: Likewise. * gnu/packages/minetest.scm (minetest-advtrains)[home-page]: Likewise. * gnu/packages/monitoring.scm (python-whisper, python-carbon) (hostscope)[home-page]: Likewise. * gnu/packages/mp3.scm (id3lib, libmp3splt, mp3splt, mpg321) (lame)[home-page]: Likewise. * gnu/packages/multiprecision.scm (mpc)[home-page]: Likewise. * gnu/packages/music.scm (aria-maestosa, lingot, setbfree, bristol) (portmidi, python-pyportmidi, zynaddsubfx, yoshimi, aj-snapshot) (schismtracker, midicsv, midicsv, qmidiarp, qmidiroute, dssi, tap-lv2) (shiru-lv2)[home-page]: Likewise. * gnu/packages/ncurses.scm (stfl)[home-page]: Likewise. * gnu/packages/networking.scm (lksctp-tools, mbuffer, ifstatus, bird) (tunctl, traceroute)[home-page]: Likewise. * gnu/packages/node-xyz.scm (node-mersenne)[home-page]: Likewise. * gnu/packages/ntp.scm (openntpd)[home-page]: Likewise. * gnu/packages/ocaml.scm (opam, hevea, ocaml-menhir, ocaml-piqilib) (ocaml-graph, cubicle)[home-page]: Likewise. * gnu/packages/opencl.scm (python-pyopencl)[home-page]: Likewise. * gnu/packages/package-management.scm (xstow, modules)[home-page]: Likewise. * gnu/packages/parallel.scm (xjobs)[home-page]: Likewise. * gnu/packages/pdf.scm (podofo, qpdf, xournal, impressive)[home-page]: Likewise. * gnu/packages/perl.scm (perl-math-vecstat, perltidy)[home-page]: Likewise. * gnu/packages/photo.scm (libpano13, enblend-enfuse, hugin)[home-page]: Likewise. * gnu/packages/plan9.scm (drawterm)[home-page]: Likewise. * gnu/packages/plotutils.scm (guile-charting, ploticus)[home-page]: Likewise. * gnu/packages/popt.scm (argtable, popt)[home-page]: Likewise. * gnu/packages/profiling.scm (otf2)[home-page]: Likewise. * gnu/packages/pulseaudio.scm (pulseaudio)[home-page]: Likewise. * gnu/packages/python-check.scm (python-mypy)[home-page]: Likewise. * gnu/packages/python-web.scm (python-cssutils) (python-translationstring)[home-page]: Likewise. * gnu/packages/python-xyz.scm (python-diskcache, python-doxyqml) (python-docutils, python-pexpect, python-importlib-resources) (python-simplegeneric, python-urwid, python-xlrd, python-xlwt) (python-pyasn1, python-pythondialog, python-tftpy, python-random2) (python-arcp, python-pyopengl, python-sortedcollections) (python-sortedcontainers, python-yapsy, python-pydispatcher) (python-posix-ipc)[home-page]: Likewise. * gnu/packages/qt.scm (qwt, libqglviewer, signond)[home-page]: Likewise. * gnu/packages/radio.scm (unixcw, gnuais)[home-page]: Likewise. * gnu/packages/raspberry-pi.scm (bcm2835)[home-page]: Likewise. * gnu/packages/rdf.scm (clucene, rasqal, redland)[home-page]: Likewise. * gnu/packages/regex.scm (tre)[home-page]: Likewise. * gnu/packages/rsync.scm (librsync)[home-page]: Likewise. * gnu/packages/ruby.scm (ruby-packnga, ruby-nokogiri, ruby-oj, ruby-ox) (ruby-sinatra, ruby-citrus, ruby-cbor, ruby-roda)[home-page]: Likewise. * gnu/packages/scheme.scm (scheme48, tinyscheme)[home-page]: Likewise. * gnu/packages/screen.scm (dtach)[home-page]: Likewise. * gnu/packages/scsi.scm (sg3-utils)[home-page]: Likewise. * gnu/packages/sdl.scm (libmikmod, sdl-pango)[home-page]: Likewise. * gnu/packages/shellutils.scm (hstr, rig)[home-page]: Likewise. * gnu/packages/simulation.scm (python-dolfin-adjoint)[home-page]: Likewise. * gnu/packages/smalltalk.scm (smalltalk)[home-page]: Likewise. * gnu/packages/speech.scm (espeak)[home-page]: Likewise. * gnu/packages/stalonetray.scm (stalonetray)[home-page]: Likewise. * gnu/packages/statistics.scm (jags, r-mass, r-class, r-lattice) (r-matrix, r-nnet, r-spatial, r-bit, r-bit64, r-digest, r-xtable) (python-statsmodels, r-ade4, r-latticeextra, r-rcurl, r-xml, r-mvtnorm) (r-robustbase, r-minqa, r-fdrtool, java-jdistlib, xlispstat)[home-page]: Likewise. * gnu/packages/swig.scm (swig)[home-page]: Likewise. * gnu/packages/task-management.scm (wtime)[home-page]: Likewise. * gnu/packages/tcl.scm (itcl, tclxml, tclx)[home-page]: Likewise. * gnu/packages/terminals.scm (libtermkey, mlterm, libvterm) (libvterm)[home-page]: Likewise. * gnu/packages/tex.scm (texlive-lm, texlive-lm-math, texlive-cs) (texlive-csplain, biber, texmaker)[home-page]: Likewise. * gnu/packages/text-editors.scm (joe)[home-page]: Likewise. * gnu/packages/textutils.scm (drm-tools, docx2txt)[home-page]: Likewise. * gnu/packages/tv.scm (tvtime)[home-page]: Likewise. * gnu/packages/unicode.scm (libunibreak)[home-page]: Likewise. * gnu/packages/upnp.scm (libupnp)[home-page]: Likewise. * gnu/packages/version-control.scm (cvs)[home-page]: Likewise. * gnu/packages/video.scm (transcode, libquicktime, mjpegtools, aalib) (liba52, libmpeg2, x265, libdv, dvdauthor, aegisub, pitivi, gavl) (dvdbackup, guvcview, video-contact-sheet)[home-page]: Likewise. * gnu/packages/virtualization.scm (bochs)[home-page]: Likewise. * gnu/packages/w3m.scm (w3m)[home-page]: Likewise. * gnu/packages/web.scm (qjson, libquvi-scripts, libquvi, quvi) (tidy-html, htmlcxx)[home-page]: Likewise. * gnu/packages/wm.scm (evilwm, menumaker)[home-page]: Likewise. * gnu/packages/wv.scm (wv)[home-page]: Likewise. * gnu/packages/wxwidgets.scm (wxsvg)[home-page]: Likewise. * gnu/packages/xdisorg.scm (mtdev, xsel)[home-page]: Likewise. * gnu/packages/xfig.scm (xfig, transfig)[home-page]: Likewise. * gnu/packages/xml.scm (openjade, python-pyxb, xmlstarlet, xmlrpc-c) (opensp)[home-page]: Likewise. * gnu/packages/xorg.scm (xf86-video-qxl)[home-page]: Likewise. 2023-02-05gnu: Rename 'git-minimal/fixed' to 'git-minimal/pinned'.Simon Tournier * gnu/packages/version-control.scm: Rename variable 'git-minimal/fixed' to 'git-minimal/pinned', add depreciation. * gnu/packages/erlang.scm (erlang-erlware-commons)[native-inputs]: Replace 'git-minimal/fixed' with 'git-minimal/pinned'. (rebar3-git-vsn)[inputs]: Likewise. * gnu/packages/gnome.scm (gnome-photos)[native-inputs]: Likewise. * gnu/packages/gtk.scm (graphene)[native-inputs]: Likewise. * gnu/packages/haskell.scm (ghc-8.8, ghc-8.10)[native-inputs]: Likewise. * gnu/packages/julia-xyz.scm (julia-documenter)[native-inputs]: Likewise. * gnu/packages/ocaml.scm (opam, ocamlformat)[native-inputs]: Likewise. * gnu/packages/python-xyz.scm (python-check-manifest)[native-inputs]: Likewise. (python-scikit-build)[native-inputs]: Likewise. Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com> 2022-12-12gnu: Add erlang-yamerl.jgart * gnu/packages/erlang.scm (erlang-yamerl): New variable. Signed-off-by: Christopher Baines <mail@cbaines.net> 2022-12-12gnu: Add erlang-jsx.jgart * gnu/packages/erlang.scm (erlang-jsx): New variable. Signed-off-by: Christopher Baines <mail@cbaines.net>