aboutsummaryrefslogtreecommitdiff
path: root/tests/cve.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-11-26 21:52:25 +0100
committerLudovic Courtès <ludo@gnu.org>2015-11-26 22:35:01 +0100
commit0eef7551303e3fc855809d84eed8421d2a075cfa (patch)
tree8ebfa3b7e0effc744691d7500fb2f9d8304fe8d7 /tests/cve.scm
parent8a5063f7774c225626224697b5548f2e953c6af4 (diff)
downloadgnu-guix-0eef7551303e3fc855809d84eed8421d2a075cfa.tar
gnu-guix-0eef7551303e3fc855809d84eed8421d2a075cfa.tar.gz
Add (guix cve).
* guix/cve.scm, tests/cve-sample.xml, tests/cve.scm: New files. * Makefile.am (MODULES): Add guix/cve.scm. (SCM_TESTS): Add tests/cve.scm. (EXTRA_DIST): Add tests/cve-sample.scm.
Diffstat (limited to 'tests/cve.scm')
-rw-r--r--tests/cve.scm69
1 files changed, 69 insertions, 0 deletions
diff --git a/tests/cve.scm b/tests/cve.scm
new file mode 100644
index 0000000000..26bc560e52
--- /dev/null
+++ b/tests/cve.scm
@@ -0,0 +1,69 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (test-cve)
+ #:use-module (guix cve)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-64))
+
+(define %sample
+ (search-path %load-path "tests/cve-sample.xml"))
+
+(define (vulnerability id packages)
+ (make-struct (@@ (guix cve) <vulnerability>) 0 id packages))
+
+(define %expected-vulnerabilities
+ ;; What we should get when reading %SAMPLE.
+ (list
+ ;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
+ ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
+ (vulnerability "CVE-2008-2335" '(("phpvid" . "1.1") ("phpvid" . "1.2")))
+ (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" . "3.5")
+ ("jasper" . "1.900.1")))
+ (vulnerability "CVE-2009-3301" '(("openoffice.org" . "2.1.0")
+ ("openoffice.org" . "2.3.0")
+ ("openoffice.org" . "2.2.1")))
+ ;; CVE-2015-8330 has no software list.
+ ))
+
+
+(test-begin "cve")
+
+(test-equal "xml->vulnerabilities"
+ %expected-vulnerabilities
+ (call-with-input-file %sample xml->vulnerabilities))
+
+(test-equal ""
+ (list `(("1.1" . ,(first %expected-vulnerabilities))
+ ("1.2" . ,(first %expected-vulnerabilities)))
+ '()
+ '()
+ (list (second %expected-vulnerabilities))
+ (list (third %expected-vulnerabilities)))
+ (let* ((vulns (call-with-input-file %sample xml->vulnerabilities))
+ (lookup (vulnerabilities->lookup-proc vulns)))
+ (list (lookup "phpvid")
+ (lookup "jasper" "2.0")
+ (lookup "foobar")
+ (lookup "jasper" "1.900.1")
+ (lookup "openoffice.org" "2.3.0"))))
+
+(test-end "cve")
+
+
+(exit (= (test-runner-fail-count (test-runner-current)) 0))