;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015, 2016, 2019 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-cve) #:use-module (guix cve) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-64)) (define %sample (search-path %load-path "tests/cve-sample.json")) (define (vulnerability id packages) (make-struct/no-tail (@@ (guix cve) ) id packages)) (define %expected-vulnerabilities ;; What we should get when reading %SAMPLE. (list (vulnerability "CVE-2019-0001" ;; Only the "a" CPE configurations are kept; the "o" ;; configurations are discarded. '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2"))))) (vulnerability "CVE-2019-0005" '(("junos" (or "18.11" "18.1")))) ;; CVE-2019-0005 has no "a" configurations. (vulnerability "CVE-2019-14811" '(("ghostscript" (< "9.28")))) (vulnerability "CVE-2019-17365" '(("nix" (<= "2.3")))) (vulnerability "CVE-2019-1010180" '(("gdb" _))) ;any version (vulnerability "CVE-2019-1010204" '(("binutils" (and (>= "2.21") (<= "2.31.1"))) ("binutils_gold" (and (>= "1.11") (<= "1.16"))))) ;; CVE-2019-18192 has no associated configurations. )) (test-begin "cve") (test-equal "json->cve-items" '("CVE-2019-0001" "CVE-2019-0005" "CVE-2019-14811" "CVE-2019-17365" "CVE-2019-1010180" "CVE-2019-1010204" "CVE-2019-18192") (map (compose cve-id cve-item-cve) (call-with-input-file %sample json->cve-items))) (test-equal "cve-item-published-date" '(2019) (delete-duplicates (map (compose date-year cve-item-published-date) (call-with-input-file %sample json->cve-items)))) (test-equal "json->vulnerabilities" %expected-vulnerabilities (call-with-input-file %sample json->vulnerabilities)) (test-equal "vulnerabilities->lookup-proc" (list (list (third %expected-vulnerabilities)) ;ghostscript (list (third %expected-vulnerabilities)) '() (list (fifth %expected-vulnerabilities)) ;gdb (list (fifth %expected-vulnerabilities)) (list (fourth %expected-vulnerabilities)) ;nix '() (list (sixth %expected-vulnerabilities)) ;binutils '() (list (sixth %expected-vulnerabilities)) '()) (let* ((vulns (call-with-input-file %sample json->vulnerabilities)) (lookup (vulnerabilities->lookup-proc vulns))) (list (lookup "ghostscript") (lookup "ghostscript" "9.27") (lookup "ghostscript" "9.28") (lookup "gdb") (lookup "gdb" "42.0") (lookup "nix") (lookup "nix" "2.4") (lookup "binutils" "2.31.1") (lookup "binutils" "2.10") (lookup "binutils_gold" "1.11") (lookup "binutils" "2.32")))) (test-end "cve") tests/style.scm ("gexpify arguments, already gexpified") ("gexpify arguments, non-gexp arguments, margin comment") ("gexpify arguments, phases and flags") ("gexpify arguments, append arguments") ("gexpify arguments, substitute-keyword-arguments") ("gexpify arguments, append substitute-keyword-arguments"): New tests. * doc/guix.texi (package Reference): For 'arguments', add compatibility note and link to 'guix style'. (Invoking guix style): Document the 'arguments' styling rule. Ludovic Courtès 2023-05-04style: Make 'safe' policy less conservative....Previously, a mere (arguments '(#:tests? #f)) would lead guix style -S inputs --input-simplification=safe to bail out. It now recognizes such trivial argument lists and proceeds. * guix/scripts/style.scm (trivial-package-arguments?): New procedure. (simplify-package-inputs): Use it in the 'safe case instead of 'null?'. * tests/style.scm ("input labels, 'safe' policy, trivial arguments"): New test. Ludovic Courtès 2022-08-08style: Adjust test to not emit blank lines....Previously this test would produce a file containing blank lines between inputs. * tests/style.scm ("input labels, modify-inputs and margin comment"): Remove trailing newlines in replacement strings of 'substitute*' expression. Ludovic Courtès 2022-08-08style: Move reader and printer to (guix read-print)....* guix/scripts/style.scm (<comment>, read-with-comments) (vhashq, %special-forms, %newline-forms, prefix?) (special-form-lead, newline-form?, escaped-string) (string-width, canonicalize-comment, pretty-print-with-comments) (object->string*): Move to... * guix/read-print.scm: ... here. New file. * guix/scripts/import.scm: Adjust accordingly. * tests/style.scm: Move 'test-pretty-print' and tests to... * tests/read-print.scm: ... here. New file. * Makefile.am (MODULES): Add 'guix/read-print.scm'. (SCM_TESTS): Add 'tests/read-print.scm'. Ludovic Courtès 2022-07-04style: For 'let' and similar forms, emit one binding per line....Previously, 'let' bindings could be rendered like this: (let ((x 1) (y 2) (z 3)) ...) With this change, each bindings goes in its own line. Partly fixes <https://issues.guix.gnu.org/56297>. Reported by Maxime Devos <maximedevos@telenet.be>. * guix/scripts/style.scm (pretty-print-with-comments)[list-of-lists?]: New procedure. Use it. * tests/style.scm: Add tests with 'let' and 'substitute-keyword-arguments'. Ludovic Courtès 2022-06-22style: Keep values next to their keyword....This ensures we print '#:key value' rather than insert a newline between '#:key' and 'value' as was the case before. * guix/scripts/style.scm (pretty-print-with-comments)[print-sequence]: When ITEM is a keyword, loop with FIRST? = true. * tests/style.scm: Add test. Ludovic Courtès