lint: 'cve' checker reports the replacement's vulnerabilities.

Before, 'guix lint -c cve' would report the vulnerabilities of the original package while pretending they are the vulnerabilities of the replacement. * guix/scripts/lint.scm (check-vulnerabilities): Consider the package replacement before calling 'package-vulnerabilities'. * tests/lint.scm ("cve: vulnerability fixed in replacement version"): New test.
author: Ludovic Courtès <ludo@gnu.org> 2016-10-03 23:30:49 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2016-10-03 23:30:49 +0200
commit: 9bee2bd1b02c7ef91cc7232e8647bd07525d3382 (patch)
tree: e55a12a00b9cdf6041063598324ead5cb0ac7251 /tests/lint.scm
parent: 0f7cd95b8138f120bf0bc0593e772ed8c373f994 (diff)
download: patches-9bee2bd1b02c7ef91cc7232e8647bd07525d3382.tar
patches-9bee2bd1b02c7ef91cc7232e8647bd07525d3382.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/lint.scm b/tests/lint.scm
index df69d2b4b1..d692b42f93 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -36,6 +36,7 @@
   #:use-module (web server)
   #:use-module (web server http)
   #:use-module (web response)
+  #:use-module (ice-9 match)
   #:use-module (ice-9 threads)
   #:use-module (srfi srfi-9 gnu)
   #:use-module (srfi srfi-64))
@@ -613,6 +614,28 @@ string) on HTTP requests."
                              (patches
                               (list "/a/b/pi-CVE-2015-1234.patch"))))))))))
 
+(test-assert "cve: vulnerability fixed in replacement version"
+  (mock ((guix scripts lint) package-vulnerabilities
+         (lambda (package)
+           (match (package-version package)
+             ("0"
+              (list (make-struct (@@ (guix cve) <vulnerability>) 0
+                                 "CVE-2015-1234"
+                                 (list (cons (package-name package)
+                                             (package-version package))))))
+             ("1"
+              '()))))
+        (and (not (string-null?
+                   (with-warnings
+                     (check-vulnerabilities
+                      (dummy-package "foo" (version "0"))))))
+             (string-null?
+              (with-warnings
+                (check-vulnerabilities
+                 (dummy-package
+                  "foo" (version "0")
+                  (replacement (dummy-package "foo" (version "1"))))))))))
+
 (test-assert "cve: patched vulnerability in replacement"
   (mock ((guix scripts lint) package-vulnerabilities
          (lambda (package)
author	Ludovic Courtès <ludo@gnu.org>	2016-10-03 23:30:49 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2016-10-03 23:30:49 +0200
commit	9bee2bd1b02c7ef91cc7232e8647bd07525d3382 (patch)
tree	e55a12a00b9cdf6041063598324ead5cb0ac7251 /tests/lint.scm
parent	0f7cd95b8138f120bf0bc0593e772ed8c373f994 (diff)
download	patches-9bee2bd1b02c7ef91cc7232e8647bd07525d3382.tar patches-9bee2bd1b02c7ef91cc7232e8647bd07525d3382.tar.gz