aboutsummaryrefslogtreecommitdiff
path: root/tests/cve.scm
blob: 26bc560e52dc9122ffd59bcba6888cb1f4fc1b9c (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.xml"))

(define (vulnerability id packages)
  (make-struct (@@ (guix cve) <vulnerability>) 0 id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   ;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
   ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
   (vulnerability "CVE-2008-2335" '(("phpvid" . "1.1") ("phpvid" . "1.2")))
   (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" . "3.5")
                                    ("jasper" . "1.900.1")))
   (vulnerability "CVE-2009-3301" '(("openoffice.org" . "2.1.0")
                                    ("openoffice.org" . "2.3.0")
                                    ("openoffice.org" . "2.2.1")))
   ;; CVE-2015-8330 has no software list.
   ))


(test-begin "cve")

(test-equal "xml->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample xml->vulnerabilities))

(test-equal ""
  (list `(("1.1" . ,(first %expected-vulnerabilities))
          ("1.2" . ,(first %expected-vulnerabilities)))
        '()
        '()
        (list (second %expected-vulnerabilities))
        (list (third %expected-vulnerabilities)))
  (let* ((vulns  (call-with-input-file %sample xml->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "phpvid")
          (lookup "jasper" "2.0")
          (lookup "foobar")
          (lookup "jasper" "1.900.1")
          (lookup "openoffice.org" "2.3.0"))))

(test-end "cve")


(exit (= (test-runner-fail-count (test-runner-current)) 0))
generated by cgit
etc: Add completions for fish....* etc/completion/fish/guix.fish: New file. * Makefile.am: Register the file. * configure.ac: Add the fish vendor-completions directory. Signed-off-by: Ludovic Courtès <ludo@gnu.org> ng0 2018-01-06build: Detect broken 'equal?' in Guile 2.2.1....Fixes <https://bugs.gnu.org/29903>. Reported by Mathieu Lirzin <mthl@gnu.org>. * m4/guix.m4 (GUIX_ASSERT_SYNTAX_OBJECT_EQUAL): New macro. * configure.ac: Use it. Ludovic Courtès 2017-10-09build: Update automake version requirement to 1.14....For '%D%' support. * configure.ac (AM_INIT_AUTOMAKE): Update version requirement to 1.14. Eric Bavier 2017-09-05build: Negate ‘--disable-daemon’ help string....This is a follow-up to commit c9b70836d080150046633edc782fdaaff9fc6d9c. * configure.ac: Make ‘--disable-daemon’'s help text consistent with others. Tobias Geerinckx-Rice 2017-08-02build: Make Guile-Git a hard requirement....* configure.ac: Error out when (git) is missing. * doc/guix.texi (Requirements): Mention Guile-Git. * Makefile.am (MODULES): Add guix/git.scm unconditionally. Ludovic Courtès 2017-06-30build: Remove check for broken (srfi srfi-37)....This was for Guile < 2.0.9 and we've been requiring 2.0.9+ for some time already. * configure.ac: Remove 'GUIX_CHECK_SRFI_37' use and 'INSTALL_SRFI_37' conditional. * Makefile.am: Remove code in "if INSTALL_SRFI_37". (EXTRA_DIST): Remove srfi/srfi-37.scm.in. * srfi/srfi-37.scm.in: Remove. * m4/guix.m4 (GUIX_CHECK_SRFI_37): Remove. Ludovic Courtès 2017-06-09guix: git: Add new module....* guix/git.scm: New file. * configure.ac: Check for (guile git). * Makefile.am: Build guix/git.scm if (guile git) is available. Mathieu Othacehe 2017-05-05Revert "guix: git: Add new module."...This reverts commit a70b784708fb5e1b78430aa793d89ca04bc641a8. Commit a70b784708f caused `guix pull` to fail: ERROR: In procedure scm-error: ERROR: no code for module (git) Leo Famulari 2017-05-05guix: git: Add new module....* guix/git.scm: New file. * configure.ac: Check for (guile git). * Makefile.am: Build guix/git.scm if (guile git) is available. Mathieu Othacehe 2017-05-04build: Use Gnulib's 'git-version-gen'....* Makefile.am (EXTRA_DIST, BUILT_SOURCES): Add $(top_srcdir)/.version. ($(top_srcdir)/.version, gen-tarball-version): New targets. (dist-hook): Depend on 'gen-tarball-version'. (.PHONY): Add 'gen-tarball-version'. * build-aux/git-version-gen: New file, from Gnulib v0.1-1312-ga87d5e5c6. * configure.ac: Use it in 'AC_INIT'. Use 'https' for the URL. Ludovic Courtès 2017-03-20build: Install .go files to $libdir/guile/X.Y....* configure.ac: Define and substitute 'guileobjectdir'. * Makefile.am (nobase_nodist_guilemodule_DATA): Remove $(GOBJECTS). (nobase_nodist_guileobject_DATA): New variable. (guix_install_go_files): Adjust accordingly. (install-data-hook): Likewise. * scripts/guix.in (config-lookup): Add 'exec_prefix' and 'guileobjectdir'. Add '_' in VAR-REF-REGEXP. (maybe-augment-load-paths!): Distinguish OBJECT-DIR from MODULE-DIR. Ludovic Courtès 2017-03-18build: Require Guile >= 2.0.9....* configure.ac: Bump requirement to 2.0.9. * doc/guix.texi (Requirements): Adjust accordingly. * README (Requirements): Likewise. * build-aux/download.scm: Remove workaround for <http://bugs.gnu.org/13095>. * guix/build/download.scm: Likewise. (http-fetch)[post-2.0.7?]: Remove. Remove conditional code for not POST-2.0.7?. * guix/http-client.scm: Remove workaround for <http://bugs.gnu.org/13095>. (http-fetch)[post-2.0.7?]: Remove. Remove conditional code for not POST-2.0.7?. * guix/serialization.scm (read-latin1-string): Remove mention of 2.0.9. * tests/nar.scm: Use (ice-9 control). (let/ec): Remove. Ludovic Courtès 2017-03-15build: Prefer Guile 2.2 over 2.0....* configure.ac: In 'GUILE_PKG', prefer 2.2 over 2.0. Remove warning about 2.2 not being fully supported. * doc/guix.texi (Requirements): Mention Guile 2.2.x. Ludovic Courtès 2017-03-12build: GnuTLS is now a hard dependency....Discussed as part of <https://bugs.gnu.org/25975>. * configure.ac: Check for (gnutls) and error out if it's missing. * doc/guix.texi (Requirements): Move GnuTLS from optional to required. (Substitutes): Remove footnote about the need for GnuTLS. Ludovic Courtès 2017-02-07build: Warn about lack of substitutes for non-standard stores....* configure.ac: Emit a warning when $storedir is not "/gnu/store". Ludovic Courtès