aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--guix/lint.scm7
-rw-r--r--tests/lint.scm18
2 files changed, 15 insertions, 10 deletions
diff --git a/guix/lint.scm b/guix/lint.scm
index 697bd24a1e..24fbf05202 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1029,8 +1029,11 @@ the NIST server non-fatal."
(package-version package))))
((force lookup) name version)))))
-(define (check-vulnerabilities package)
- "Check for known vulnerabilities for PACKAGE."
+(define* (check-vulnerabilities package
+ #:optional (package-vulnerabilities
+ package-vulnerabilities))
+ "Check for known vulnerabilities for PACKAGE. Obtain the list of
+vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
(let ((package (or (package-replacement package) package)))
(match (package-vulnerabilities package)
(()
diff --git a/tests/lint.scm b/tests/lint.scm
index 3a9b539a24..4ce45b4a70 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013 Cyril Roelandt <tipecaml@gmail.com>
;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
@@ -756,14 +756,16 @@
(test-equal "cve: one vulnerability"
"probably vulnerable to CVE-2015-1234"
- (mock ((guix lint) package-vulnerabilities
+ (let ((dummy-vulnerabilities
(lambda (package)
- (list (make-struct/no-tail (@@ (guix cve) <vulnerability>)
- "CVE-2015-1234"
- (list (cons (package-name package)
- (package-version package)))))))
- (single-lint-warning-message
- (check-vulnerabilities (dummy-package "pi" (version "3.14"))))))
+ (list (make-struct/no-tail
+ (@@ (guix cve) <vulnerability>)
+ "CVE-2015-1234"
+ (list (cons (package-name package)
+ (package-version package))))))))
+ (single-lint-warning-message
+ (check-vulnerabilities (dummy-package "pi" (version "3.14"))
+ dummy-vulnerabilities))))
(test-equal "cve: one patched vulnerability"
'()