aboutsummaryrefslogtreecommitdiff
path: root/tests/cve.scm
blob: 3fbb22d3c666675659d284a45129b42da5f9e6e5 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.xml"))

(define (vulnerability id packages)
  (make-struct (@@ (guix cve) <vulnerability>) 0 id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   ;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
   ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
   (vulnerability "CVE-2008-2335" '(("phpvid" "1.2" "1.1")))
   (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" "3.5")
                                    ("jasper" "1.900.1")))
   (vulnerability "CVE-2009-3301" '(("openoffice.org" "2.3.0" "2.2.1" "2.1.0")))
   ;; CVE-2015-8330 has no software list.
   ))


(test-begin "cve")

(test-equal "xml->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample xml->vulnerabilities))

(test-equal "vulnerabilities->lookup-proc"
  (list (list (first %expected-vulnerabilities))
        '()
        '()
        (list (second %expected-vulnerabilities))
        (list (third %expected-vulnerabilities)))
  (let* ((vulns  (call-with-input-file %sample xml->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "phpvid")
          (lookup "jasper" "2.0")
          (lookup "foobar")
          (lookup "jasper" "1.900.1")
          (lookup "openoffice.org" "2.3.0"))))

(test-end "cve")
generated by cgit
:51 -0400'>2022-06-06system: Fix typo, add doc....* gnu/system.scm (operating-system-kernel-arguments): Fix typo in doc. (boot-parameters->menu-entry): Add doc. Maxim Cournoyer 2022-05-21system: Improve warning when using LUKS mapped devices without UUIDs....This corrects two problems with the previous mapped devices warning: 1. It wasn't clear how to correct the situation. 2. The output would be repeated multiple times, as many times as the procedure is called during a system reconfigure. * gnu/system.scm (operating-system-bootloader-crypto-devices): Memoize procedure. Include the mapped devices source location information in the warnings. Add a hint to help users fix the warning. Maxim Cournoyer 2022-04-07services: shepherd: Default to version 0.9....* gnu/services/shepherd.scm (scm->go): Define 'shepherd&co' and pass it to 'with-extensions'. (shepherd-configuration-file): Call 'start-in-the-background' when it is defined. (<shepherd-configuration>)[shepherd]: Default to SHEPHERD-0.9. * gnu/system.scm (hurd-default-essential-services): Use SHEPHERD-0.8. Ludovic Courtès 2022-03-21system: Use 'shadow-with-man-pages' in %BASE-PACKAGES-UTILS....* gnu/system.scm (%base-packages-utils): Replace SHADOW with SHADOW-WITH-MAN-PAGES. Ludovic Courtès 2022-03-16system: Improve 'read-boot-parameters' incompatibility diagnostic....Previously, when reading an incompatible "parameters" file, 'guix system' would print a warning and then crash with a wrong-type-arg backtrace because code expects 'read-boot-parameters' to always return a <boot-parameters> record. * gnu/system.scm (read-boot-parameters): Upon incompatibility, raise an error instead of returning #f. Also raise a '&fix-hint' condition. * tests/boot-parameters.scm ("read, construction, mandatory fields"): Define 'test-read-boot-parameters' as a macro; expect 'formatted-message?' exceptions rather than #f returns. Ludovic Courtès 2022-03-07system: Set kernel name for riscv64-linux....* gnu/system.scm (system-linux-image-file-name): Add option for riscv64. Efraim Flashner 2022-03-01initrd: Use non-hyphenated kernel command-line parameter names....This is to make it less surprising, given the common convention sets forth by the kernel Linux command-line parameters. * gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root' and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system', respectively. Adjust doc. (find-long-option): Adjust doc. * gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly. * gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and update doc. Use VERSION to conditionally return old style vs new style initrd arguments. (%boot-parameters-version): Increment to 1. (operating-system-boot-parameters): Adjust doc. (operating-system-boot-parameters-file): Likewise. * gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise. * doc/guix.texi: Adjust doc. * gnu/build/activation.scm (boot-time-system): Adjust accordingly. * gnu/build/hurd-boot.scm (boot-hurd-system): Likewise. * gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment. Maxim Cournoyer 2022-03-01system: Streamline operating-system-boot-parameters-file a bit....* gnu/system.scm (operating-system-boot-parameters-file) [SYSTEM-KERNEL-ARGUMENTS?]: Remove unused argument (it had no callers) and adjust doc, moving the self-referential tip to... * gnu/system.scm (operating-system-boot-parameters): ... here, reworded for clarity. Suggested-by: Ludovic Courtès <ludo@gnu.org> Maxim Cournoyer 2022-03-01system: Add a version field to the <boot-parameters> record....This version field exposes the (already present) version information of a boot parameters file. * gnu/system.scm (%boot-parameters-version): New variable. (<boot-parameters>)[version]: New field. (read-boot-parameters): Use it. (operating-system-boot-parameters-file): Likewise. * tests/boot-parameters.scm (test-read-boot-parameters): Use %boot-parameters-version as the default version value in the template. Maxim Cournoyer 2022-01-01system: Allow 'chfn' to change the user's full name....Fixes <https://issues.guix.gnu.org/52539>. Reported by Jacob First <jacob.first@member.fsf.org>. * gnu/build/accounts.scm (allocate-passwd): Add comment as to why 'real-name' is taken from PREVIOUS. Add (not system?) to the condition. * gnu/system.scm (operating-system-etc-service) <login.defs>: Add "CHFN_RESTRICT". * gnu/system.scm (%setuid-programs): Add "chfn". * gnu/system/pam.scm (base-pam-services): Add "chfn". * doc/guix.texi (User Accounts): Document it. Ludovic Courtès 2021-12-08system: Mark 'services' field as thunked....This allows us to make services dependent on (%current-system), for example. * gnu/system.scm (<operating-system>)[services]: Mark as thunked. Ludovic Courtès 2021-11-23Merge branch 'master' into core-updates-frozenLudovic Courtès 2021-11-23system: Filter out boot dependencies from swap-space....* gnu/systems.scm (swap-services): Filter them. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Josselin Poiret 2021-11-23system: Warn about swap-devices format change...* gnu/system.scm (warn-swap-devices-change, %warn-swap-devices-change): Add them. * gnu/system.scm (operating-system) [swap-devices]: Use it. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Josselin Poiret 2021-11-23system: Rework swap space support, add dependencies....* gnu/system/file-systems.scm (swap-space): Add it. * gnu/system.scm (operating-system)[swap-devices]: Update comment. * gnu/services/base.scm (swap-space->shepherd-service-name, swap-deprecated->shepherd-service-name, swap->shepherd-service-name): Add them. * gnu/services/base.scm (swap-service-type, swap-service): Use the new records. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Josselin Poiret 2021-11-17gnu: system: Improve location of some configuration warnings....* gnu/bootloader.scm (%warn-target-field-deprecation): Remove it. * gnu/bootloader.scm (warn-target-field-deprecation): Use define-with-syntax-properties. * gnu/system.scm (ensure-setuid-program-list): Ditto. Also rename the 'location' variable to 'properties'. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Josselin Poiret 2021-10-12Merge remote-tracking branch 'origin/master' into core-updates-frozen.Mathieu Othacehe 2021-10-02system: Introduce the os-release file....* gnu/system.scm (os-release): New procedure. (operating-system-etc-service): Use it. Mathieu Othacehe 2021-10-02system: Add guix-icons to the base packages....* gnu/system.scm (%base-packages-artwork): New variable. (%base-packages): Add it. Mathieu Othacehe 2021-09-23system: Add xfsprogs to base packages....This makes them available in the Guix System installer. * gnu/system.scm (%base-packages-disk-utilities): Add xfsprogs. Tobias Geerinckx-Rice 2021-09-14system: Add trailing newline to /etc/timezone....Fixes <https://issues.guix.gnu.org/50523>. Reported by meedstrom@teknik.io. * gnu/system.scm (operating-system-etc-service): Add trailing newline to "timezone" contents. Ludovic Courtès 2021-08-12system: Accept gexps in 'setuid-programs'....Commit a7ac19851baab3fbcc40c4b2cf5b00a6ac9cd2f3 led configs such as the following one, which were previously valid, to be rejected: (operating-system ;; ... (setuid-programs (cons #~(string-append #$wireshark "/bin/dumpcap") %setuid-programs))) They are now accepted again. Reported by wonko on #guix. * gnu/system.scm (%ensure-setuid-program-list): Handle the case where PROGRAM is not a file-like. Ludovic Courtès 2021-08-12system: Handle 'setuid-programs' deprecation handling as a field sanitizer....Previously, evaluating an OS configuration with a childhurd (for instance) would produce tens of lines like: guix system: warning: representing setuid programs with '#<file-append #<package shadow@4.8.1 gnu/packages/admin.scm:798 7ff97f6f7640> "/bin/passwd">' is deprecated; use 'setuid-program' instead Now, it prints this one line: gnu/system/hurd.scm:105:2: warning: representing setuid programs with file-like objects is deprecated; use 'setuid-program' instead This change also means that extensions of 'setuid-program-service-type' now have to provide a list of <setuid-program>, so it's stricter in this sense. * gnu/services.scm (setuid-program-file-like-deprecated): Remove. (setuid-program-service-type)[extend]: Remove 'setuid-program-file-like-deprecated' call. Assume CONFIG and EXTENSIONS are already lists of <setuid-program> records. * gnu/system.scm (<operating-system>)[setuid-programs]: Add 'sanitize' property. Change accessor name from '%operating-system-setuid-programs' to 'operating-system-setuid-programs'. (operating-system-default-essential-services) (hurd-default-essential-services): Adjust accordingly. (ensure-setuid-program-list): New macro. (%ensure-setuid-program-list): New procedure, based on 'setuid-program-file-like-deprecated'. Ludovic Courtès 2021-07-29services: Migrate to <setuid-program>....* gnu/services/dbus.scm (dbus-setuid-programs, polkit-setuid-programs): Return setuid-programs. * gnu/services/desktop.scm (enlightenment-setuid-programs): Return setuid-programs. (%desktop-services)[mount-setuid-helpers]: Use setuid-programs. * gnu/services/docker.scm (singularity-setuid-programs): Return setuid-programs. * gnu/services/xorg.scm(screen-locker-setuid-programs): Return setuid-programs. * gnu/system.scm (%setuid-programs): Return setuid-programs. * doc/guix.texi (Setuid Programs, operating-system Reference): Replace 'list of G-expressions' with 'list of <setuid-program>'. Brice Waegeneire 2021-07-29services: setuid: More configurable setuid support....New record <setuid-program> with fields for setting the specific user and group, as well as specifically selecting the setuid and setgid bits, for a program within the setuid-program-service. * gnu/services.scm (setuid-program-file-like-deprecated): New function. (setuid-program-service-type): Make use of setuid-program->activation-gexp. Adjust the extend property to handle <setuid-program>. * gnu/build/activation.scm (activate-setuid-programs): Update to expect a <setuid-record> list for each program entry. * gnu/system.scm: (operating-system-setuid-programs): Renamed to %operating-system-setuid-programs and replace it with new procedure. (operating-system-default-essential-services, hurd-default-essential-services): Replace operating-system-setuid-programs with %operating-system-setuid-programs. * gnu/system/setuid.scm: New file. * doc/guix.texi (Setuid Programs): Document <setuid-program>. Co-authored-by: Brice Waegeneire <brice@waegenei.re> Chris Lemmer-Webber 2021-07-09system: Provide mg instead of zile....Since the update to the 2.6.2 release, the closure size of zile has increased. Switch to mg which is lighter. * gnu/system.scm (%base-packages-interactive): Replace zile by mg. * doc/guix.texi (Proceeding with the Installation, Using the Configuration System): Adapt those sections. Mathieu Othacehe