Commit | Line | Data |
---|---|---|
0eef7551 LC |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> | |
3 | ;;; | |
4 | ;;; This file is part of GNU Guix. | |
5 | ;;; | |
6 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
7 | ;;; under the terms of the GNU General Public License as published by | |
8 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
9 | ;;; your option) any later version. | |
10 | ;;; | |
11 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
12 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | ;;; GNU General Public License for more details. | |
15 | ;;; | |
16 | ;;; You should have received a copy of the GNU General Public License | |
17 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
18 | ||
19 | (define-module (test-cve) | |
20 | #:use-module (guix cve) | |
21 | #:use-module (srfi srfi-1) | |
22 | #:use-module (srfi srfi-64)) | |
23 | ||
24 | (define %sample | |
25 | (search-path %load-path "tests/cve-sample.xml")) | |
26 | ||
27 | (define (vulnerability id packages) | |
28 | (make-struct (@@ (guix cve) <vulnerability>) 0 id packages)) | |
29 | ||
30 | (define %expected-vulnerabilities | |
31 | ;; What we should get when reading %SAMPLE. | |
32 | (list | |
33 | ;; CVE-2003-0001 has no "/a" in its product list so it is omitted. | |
34 | ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number. | |
35 | (vulnerability "CVE-2008-2335" '(("phpvid" . "1.1") ("phpvid" . "1.2"))) | |
36 | (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" . "3.5") | |
37 | ("jasper" . "1.900.1"))) | |
38 | (vulnerability "CVE-2009-3301" '(("openoffice.org" . "2.1.0") | |
39 | ("openoffice.org" . "2.3.0") | |
40 | ("openoffice.org" . "2.2.1"))) | |
41 | ;; CVE-2015-8330 has no software list. | |
42 | )) | |
43 | ||
44 | \f | |
45 | (test-begin "cve") | |
46 | ||
47 | (test-equal "xml->vulnerabilities" | |
48 | %expected-vulnerabilities | |
49 | (call-with-input-file %sample xml->vulnerabilities)) | |
50 | ||
51 | (test-equal "" | |
52 | (list `(("1.1" . ,(first %expected-vulnerabilities)) | |
53 | ("1.2" . ,(first %expected-vulnerabilities))) | |
54 | '() | |
55 | '() | |
56 | (list (second %expected-vulnerabilities)) | |
57 | (list (third %expected-vulnerabilities))) | |
58 | (let* ((vulns (call-with-input-file %sample xml->vulnerabilities)) | |
59 | (lookup (vulnerabilities->lookup-proc vulns))) | |
60 | (list (lookup "phpvid") | |
61 | (lookup "jasper" "2.0") | |
62 | (lookup "foobar") | |
63 | (lookup "jasper" "1.900.1") | |
64 | (lookup "openoffice.org" "2.3.0")))) | |
65 | ||
66 | (test-end "cve") | |
67 | ||
68 | \f | |
69 | (exit (= (test-runner-fail-count (test-runner-current)) 0)) |