aboutsummaryrefslogtreecommitdiff
path: root/tests/cve.scm
blob: b69da0e1204c9c9ee20e77087718f8981ece369b (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-19)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.json"))

(define (vulnerability id packages)
  (make-struct/no-tail (@@ (guix cve) <vulnerability>) id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   (vulnerability "CVE-2019-0001"
                  ;; Only the "a" CPE configurations are kept; the "o"
                  ;; configurations are discarded.
                  '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
   (vulnerability "CVE-2019-0005"
                  '(("junos" (or "18.11" "18.1"))))
   ;; CVE-2019-0005 has no "a" configurations.
   (vulnerability "CVE-2019-14811"
                  '(("ghostscript" (< "9.28"))))
   (vulnerability "CVE-2019-17365"
                  '(("nix" (<= "2.3"))))
   (vulnerability "CVE-2019-1010180"
                  '(("gdb" _)))                   ;any version
   (vulnerability "CVE-2019-1010204"
                  '(("binutils" (and (>= "2.21") (<= "2.31.1")))
                    ("binutils_gold" (and (>= "1.11") (<= "1.16")))))
   ;; CVE-2019-18192 has no associated configurations.
   ))


(test-begin "cve")

(test-equal "json->cve-items"
  '("CVE-2019-0001"
    "CVE-2019-0005"
    "CVE-2019-14811"
    "CVE-2019-17365"
    "CVE-2019-1010180"
    "CVE-2019-1010204"
    "CVE-2019-18192")
  (map (compose cve-id cve-item-cve)
       (call-with-input-file %sample json->cve-items)))

(test-equal "cve-item-published-date"
  '(2019)
  (delete-duplicates
   (map (compose date-year cve-item-published-date)
        (call-with-input-file %sample json->cve-items))))

(test-equal "json->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample json->vulnerabilities))

(test-equal "vulnerabilities->lookup-proc"
  (list (list (third %expected-vulnerabilities))  ;ghostscript
        (list (third %expected-vulnerabilities))
        '()

        (list (fifth %expected-vulnerabilities))  ;gdb
        (list (fifth %expected-vulnerabilities))

        (list (fourth %expected-vulnerabilities)) ;nix
        '()

        (list (sixth %expected-vulnerabilities))  ;binutils
        '()
        (list (sixth %expected-vulnerabilities))
        '())
  (let* ((vulns  (call-with-input-file %sample json->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "ghostscript")
          (lookup "ghostscript" "9.27")
          (lookup "ghostscript" "9.28")
          (lookup "gdb")
          (lookup "gdb" "42.0")
          (lookup "nix")
          (lookup "nix" "2.4")
          (lookup "binutils" "2.31.1")
          (lookup "binutils" "2.10")
          (lookup "binutils_gold" "1.11")
          (lookup "binutils" "2.32"))))

(test-end "cve")
2020-03-17bootloader: grub: Use the all_video module in graphic mode....Maxim Cournoyer 2020-01-25bootloader: grub: Add gfxmode (resolution) override....Jan Nieuwenhuizen 2020-01-07Revert "bootloader: grub: Add gfxmode (resolution) override."...Tobias Geerinckx-Rice 2020-01-07bootloader: grub: Add gfxmode (resolution) override....Jan Nieuwenhuizen 2020-01-06Adjust module autoloads....Ludovic Courtès 2020-01-03bootloader: Mark "grub.cfg" and "extlinux.conf" as non-substitutable....Ludovic Courtès 2019-12-23bootloader: grub: Add firmware setup entry....Brice Waegeneire 2019-05-09bootloader: grub: Remove unneeded 'terminal_output'....Ludovic Courtès 2019-03-24bootloader: Add a 'keyboard-layout' field....Ludovic Courtès 2019-03-16bootloader: Use 'invoke/quiet' when running 'grub-install' and co....Ludovic Courtès 2019-03-13Remove traces of "GuixSD"....Ludovic Courtès 2018-11-18bootloader: De-monadify configuration file generators....Ludovic Courtès 2018-06-26bootloader: grub-efi: Identify as "GuixSD" instead of "grub"....Marius Bakke 2018-06-26bootloader: grub-efi: Support EFI directories relative to MOUNT-POINT....Marius Bakke 2018-06-01bootloader: grub: Use 'with-extensions'....Ludovic Courtès 2018-06-01bootloader: grub: Simplify 'svg->png'....Ludovic Courtès 2018-05-28file-systems: Remove 'title' field and add <file-system-label>....Ludovic Courtès 2018-02-18gnu: Pass "--target=i386-pc" when installing GRUB for legacy BIOS....Ricardo Wurmus 2017-09-11system: Introduce a disjoint UUID type....Ludovic Courtès 2017-08-20gnu: grub-efi-bootloader: Specialize grub-install invocation....Andy Wingo 2017-08-03vm: Use grub-hybrid's grub-mkrescue....Danny Milosavljevic 2017-07-28bootloader: Use <menu-entry> for the bootloader side....Danny Milosavljevic 2017-07-02gnu: Switch guile-cairo and dependents to Guile 2.2 again....Ludovic Courtès 2017-06-08bootloader: Use menu-entry to define custom bootloader entries....Mathieu Othacehe 2017-05-16bootloader: Add extlinux support....Mathieu Othacehe