diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-10-03 23:30:49 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-10-03 23:30:49 +0200 |
commit | 9bee2bd1b02c7ef91cc7232e8647bd07525d3382 (patch) | |
tree | e55a12a00b9cdf6041063598324ead5cb0ac7251 /tests | |
parent | 0f7cd95b8138f120bf0bc0593e772ed8c373f994 (diff) | |
download | guix-9bee2bd1b02c7ef91cc7232e8647bd07525d3382.tar guix-9bee2bd1b02c7ef91cc7232e8647bd07525d3382.tar.gz |
lint: 'cve' checker reports the replacement's vulnerabilities.
Before, 'guix lint -c cve' would report the vulnerabilities of the
original package while pretending they are the vulnerabilities of the
replacement.
* guix/scripts/lint.scm (check-vulnerabilities): Consider the package
replacement before calling 'package-vulnerabilities'.
* tests/lint.scm ("cve: vulnerability fixed in replacement version"):
New test.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/lint.scm | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/lint.scm b/tests/lint.scm index df69d2b4b1..d692b42f93 100644 --- a/tests/lint.scm +++ b/tests/lint.scm @@ -36,6 +36,7 @@ #:use-module (web server) #:use-module (web server http) #:use-module (web response) + #:use-module (ice-9 match) #:use-module (ice-9 threads) #:use-module (srfi srfi-9 gnu) #:use-module (srfi srfi-64)) @@ -613,6 +614,28 @@ string) on HTTP requests." (patches (list "/a/b/pi-CVE-2015-1234.patch")))))))))) +(test-assert "cve: vulnerability fixed in replacement version" + (mock ((guix scripts lint) package-vulnerabilities + (lambda (package) + (match (package-version package) + ("0" + (list (make-struct (@@ (guix cve) <vulnerability>) 0 + "CVE-2015-1234" + (list (cons (package-name package) + (package-version package)))))) + ("1" + '())))) + (and (not (string-null? + (with-warnings + (check-vulnerabilities + (dummy-package "foo" (version "0")))))) + (string-null? + (with-warnings + (check-vulnerabilities + (dummy-package + "foo" (version "0") + (replacement (dummy-package "foo" (version "1")))))))))) + (test-assert "cve: patched vulnerability in replacement" (mock ((guix scripts lint) package-vulnerabilities (lambda (package) |