;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.xml"))

(define (vulnerability id packages)
  (make-struct (@@ (guix cve) <vulnerability>) 0 id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   ;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
   ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
   (vulnerability "CVE-2008-2335" '(("phpvid" "1.2" "1.1")))
   (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" "3.5")
                                    ("jasper" "1.900.1")))
   (vulnerability "CVE-2009-3301" '(("openoffice.org" "2.3.0" "2.2.1" "2.1.0")))
   ;; CVE-2015-8330 has no software list.
   ))


(test-begin "cve")

(test-equal "xml->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample xml->vulnerabilities))

(test-equal "vulnerabilities->lookup-proc"
  (list (list (first %expected-vulnerabilities))
        '()
        '()
        (list (second %expected-vulnerabilities))
        (list (third %expected-vulnerabilities)))
  (let* ((vulns  (call-with-input-file %sample xml->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "phpvid")
          (lookup "jasper" "2.0")
          (lookup "foobar")
          (lookup "jasper" "1.900.1")
          (lookup "openoffice.org" "2.3.0"))))

(test-end "cve")
p'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/image.scm?id=bad8d9630b0431f34d9ad6f800d3a799a9fde413&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-09-24 14:49:09 +0200'>2022-09-24</span></td><td><a href='/guix/commit/gnu/image.scm?id=233cf9f0367e78562f07ac9885ed2cc6defe17e1'>system: image: Add wsl2 support.</a><span class='msg-avail'>...</span></td><td>Alex Griffin</td></tr>
<tr><td><span title='2022-09-24 14:49:09 +0200'>2022-09-24</span></td><td><a href='/guix/commit/gnu/image.scm?id=8757c3f2934352fe8ad9a86f6e6f1d4b7245644d'>system: image: Add tarball support.</a><span class='msg-avail'>...</span></td><td>Alex Griffin</td></tr>
<tr><td><span title='2022-09-24 14:20:36 +0200'>2022-09-24</span></td><td><a href='/guix/commit/gnu/image.scm?id=c009c286a23f48b56731c3e7bc4875a9e88857c4'>image: Make the operating-system field mandatory.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-09-07 14:26:34 +0200'>2022-09-07</span></td><td><a href='/guix/commit/gnu/image.scm?id=0edb79b2a91947fd2abec420152cb46b3a4524b9'>image: Use #true and #false.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-09-07 14:24:52 +0200'>2022-09-07</span></td><td><a href='/guix/commit/gnu/image.scm?id=a1fb85a539f14e50b1d81e2bb78eeab60237eb7b'>image: Use a default size partition value.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-08-31 14:59:43 +0200'>2022-08-31</span></td><td><a href='/guix/commit/gnu/image.scm?id=16a6cbe94700da82ab223999df1ed4ba049676b1'>image: Add comments.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-08-30 19:29:58 +0200'>2022-08-30</span></td><td><a href='/guix/commit/gnu/image.scm?id=0518a88a4e417d6369859ff1da6448e1a6e693da'>image: Remove an unused field.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-08-30 19:29:58 +0200'>2022-08-30</span></td><td><a href='/guix/commit/gnu/image.scm?id=bce7a28a0a38da41fca91cfdbf7ae0fe14833f2a'>image: Perform more sanitizing.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-07-01 12:10:29 +0200'>2022-07-01</span></td><td><a href='/guix/commit/gnu/image.scm?id=0dab106a6af36eaebfd533d3e38c1275deb85935'>image: Add sanitizers for 'format' and 'partition-table-type'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-07-01 12:10:28 +0200'>2022-07-01</span></td><td><a href='/guix/commit/gnu/image.scm?id=9f530ef38a23caa1136f93cda45d396ce8fe1569'>image: Add default value for partition initializer.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-05-25 09:27:25 +0200'>2022-05-25</span></td><td><a href='/guix/commit/gnu/image.scm?id=dab819d5c4c55609efae098c8e3c2f2757c34e5b'>Move (gnu platform) and (gnu platforms ...) to guix/.</a><span class='msg-avail'>...</span></td><td>Josselin Poiret</td></tr>
<tr><td><span title='2021-12-23 10:53:59 +0100'>2021-12-23</span></td><td><a href='/guix/commit/gnu/image.scm?id=dcc843a716807768c446983ad3406211e28e5f3d'>image: Add a shared-network? field.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2021-12-23 10:53:59 +0100'>2021-12-23</span></td><td><a href='/guix/commit/gnu/image.scm?id=594e9428c5ece0ccba1f57810adedefee58ca4cc'>image: Add a shared-store? field.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2021-11-12 12:06:58 +0000'>2021-11-12</span></td><td><a href='/guix/commit/gnu/image.scm?id=096a2bf8c59a955c634cc838e7f7111941c07b37'>image: Support generating GPT images via `partition-table-type`.</a><span class='msg-avail'>...</span></td><td>Ryan Sundberg</td></tr>
<tr><td><span title='2021-10-11 12:05:39 +0000'>2021-10-11</span></td><td><a href='/guix/commit/gnu/image.scm?id=d5073fd113c621fe0b55382f7dd336ee118e759f'>gnu: Add platform support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2021-02-17 10:55:36 +0100'>2021-02-17</span></td><td><a href='/guix/commit/gnu/image.scm?id=4cce7610eb992fcf168be7cb05ec2b1b2020171e'>image: Export image? procedure.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-09-30 10:47:59 +0200'>2020-09-30</span></td><td><a href='/guix/commit/gnu/image.scm?id=99d036ce8402326352c8aa181d89c6d0c7ce85a8'>image: Add image-type support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-06-24 20:24:34 +0200'>2020-06-24</span></td><td><a href='/guix/commit/gnu/image.scm?id=b904b59ce592c89dfb4675a8c06757afed6738a0'>image: Move hurd image definition to a dedicated file.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-06-13 15:20:52 +0200'>2020-06-13</span></td><td><a href='/guix/commit/gnu/image.scm?id=f292d4719dead6a615187f325fbc0bb0e99d10b4'>image: Add 'target' support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>