HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
lint: 'cve' checker reports the replacement's vulnerabilities.
[jackhill/guix/guix.git] / tests / lint.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013 Cyril Roelandt <tipecaml@gmail.com>
3 ;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
4 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
5 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
6 ;;;
7 ;;; This file is part of GNU Guix.
8 ;;;
9 ;;; GNU Guix is free software; you can redistribute it and/or modify it
10 ;;; under the terms of the GNU General Public License as published by
11 ;;; the Free Software Foundation; either version 3 of the License, or (at
12 ;;; your option) any later version.
13 ;;;
14 ;;; GNU Guix is distributed in the hope that it will be useful, but
15 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
16 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ;;; GNU General Public License for more details.
18 ;;;
19 ;;; You should have received a copy of the GNU General Public License
20 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
21
22 ;; Avoid interference.
23 (unsetenv "http_proxy")
24
25 (define-module (test-lint)
26 #:use-module (guix tests)
27 #:use-module (guix download)
28 #:use-module (guix git-download)
29 #:use-module (guix build-system gnu)
30 #:use-module (guix packages)
31 #:use-module (guix scripts lint)
32 #:use-module (guix ui)
33 #:use-module (gnu packages)
34 #:use-module (gnu packages glib)
35 #:use-module (gnu packages pkg-config)
36 #:use-module (web server)
37 #:use-module (web server http)
38 #:use-module (web response)
39 #:use-module (ice-9 match)
40 #:use-module (ice-9 threads)
41 #:use-module (srfi srfi-9 gnu)
42 #:use-module (srfi srfi-64))
43
44 ;; Test the linter.
45
46 (define %http-server-port
47 ;; TCP port to use for the stub HTTP server.
48 9999)
49
50 (define %local-url
51 ;; URL to use for 'home-page' tests.
52 (string-append "http://localhost:" (number->string %http-server-port)
53 "/foo/bar"))
54
55 (define %null-sha256
56 ;; SHA256 of the empty string.
57 (base32
58 "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73"))
59
60 (define %http-server-socket
61 ;; Socket used by the Web server.
62 (catch 'system-error
63 (lambda ()
64 (let ((sock (socket PF_INET SOCK_STREAM 0)))
65 (setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
66 (bind sock
67 (make-socket-address AF_INET INADDR_LOOPBACK
68 %http-server-port))
69 sock))
70 (lambda args
71 (let ((err (system-error-errno args)))
72 (format (current-error-port)
73 "warning: cannot run Web server for tests: ~a~%"
74 (strerror err))
75 #f))))
76
77 (define (http-write server client response body)
78 "Write RESPONSE."
79 (let* ((response (write-response response client))
80 (port (response-port response)))
81 (cond
82 ((not body)) ;pass
83 (else
84 (write-response-body response body)))
85 (close-port port)
86 (quit #t) ;exit the server thread
87 (values)))
88
89 ;; Mutex and condition variable to synchronize with the HTTP server.
90 (define %http-server-lock (make-mutex))
91 (define %http-server-ready (make-condition-variable))
92
93 (define (http-open . args)
94 "Start listening for HTTP requests and signal %HTTP-SERVER-READY."
95 (with-mutex %http-server-lock
96 (let ((result (apply (@@ (web server http) http-open) args)))
97 (signal-condition-variable %http-server-ready)
98 result)))
99
100 (define-server-impl stub-http-server
101 ;; Stripped-down version of Guile's built-in HTTP server.
102 http-open
103 (@@ (web server http) http-read)
104 http-write
105 (@@ (web server http) http-close))
106
107 (define (call-with-http-server code data thunk)
108 "Call THUNK with an HTTP server running and returning CODE and DATA (a
109 string) on HTTP requests."
110 (define (server-body)
111 (define (handle request body)
112 (values (build-response #:code code
113 #:reason-phrase "Such is life")
114 data))
115
116 (catch 'quit
117 (lambda ()
118 (run-server handle stub-http-server
119 `(#:socket ,%http-server-socket)))
120 (const #t)))
121
122 (with-mutex %http-server-lock
123 (let ((server (make-thread server-body)))
124 (wait-condition-variable %http-server-ready %http-server-lock)
125 ;; Normally SERVER exits automatically once it has received a request.
126 (thunk))))
127
128 (define-syntax-rule (with-http-server code data body ...)
129 (call-with-http-server code data (lambda () body ...)))
130
131 (define %long-string
132 (make-string 2000 #\a))
133
134 \f
135 (test-begin "lint")
136
137 (define (call-with-warnings thunk)
138 (let ((port (open-output-string)))
139 (parameterize ((guix-warning-port port))
140 (thunk))
141 (get-output-string port)))
142
143 (define-syntax-rule (with-warnings body ...)
144 (call-with-warnings (lambda () body ...)))
145
146 (test-assert "description: not a string"
147 (->bool
148 (string-contains (with-warnings
149 (let ((pkg (dummy-package "x"
150 (description 'foobar))))
151 (check-description-style pkg)))
152 "invalid description")))
153
154 (test-assert "description: not empty"
155 (->bool
156 (string-contains (with-warnings
157 (let ((pkg (dummy-package "x"
158 (description ""))))
159 (check-description-style pkg)))
160 "description should not be empty")))
161
162 (test-assert "description: valid Texinfo markup"
163 (->bool
164 (string-contains
165 (with-warnings
166 (check-description-style (dummy-package "x" (description "f{oo}b@r"))))
167 "Texinfo markup in description is invalid")))
168
169 (test-assert "description: does not start with an upper-case letter"
170 (->bool
171 (string-contains (with-warnings
172 (let ((pkg (dummy-package "x"
173 (description "bad description."))))
174 (check-description-style pkg)))
175 "description should start with an upper-case letter")))
176
177 (test-assert "description: may start with a digit"
178 (string-null?
179 (with-warnings
180 (let ((pkg (dummy-package "x"
181 (description "2-component library."))))
182 (check-description-style pkg)))))
183
184 (test-assert "description: may start with lower-case package name"
185 (string-null?
186 (with-warnings
187 (let ((pkg (dummy-package "x"
188 (description "x is a dummy package."))))
189 (check-description-style pkg)))))
190
191 (test-assert "description: two spaces after end of sentence"
192 (->bool
193 (string-contains (with-warnings
194 (let ((pkg (dummy-package "x"
195 (description "Bad. Quite bad."))))
196 (check-description-style pkg)))
197 "sentences in description should be followed by two spaces")))
198
199 (test-assert "description: end-of-sentence detection with abbreviations"
200 (string-null?
201 (with-warnings
202 (let ((pkg (dummy-package "x"
203 (description
204 "E.g. Foo, i.e. Bar resp. Baz (a.k.a. DVD)."))))
205 (check-description-style pkg)))))
206
207 (test-assert "description: may not contain trademark signs"
208 (and (->bool
209 (string-contains (with-warnings
210 (let ((pkg (dummy-package "x"
211 (description "Does The Right Thing™"))))
212 (check-description-style pkg)))
213 "should not contain trademark sign"))
214 (->bool
215 (string-contains (with-warnings
216 (let ((pkg (dummy-package "x"
217 (description "Works with Format®"))))
218 (check-description-style pkg)))
219 "should not contain trademark sign"))))
220
221 (test-assert "synopsis: not a string"
222 (->bool
223 (string-contains (with-warnings
224 (let ((pkg (dummy-package "x"
225 (synopsis #f))))
226 (check-synopsis-style pkg)))
227 "invalid synopsis")))
228
229 (test-assert "synopsis: not empty"
230 (->bool
231 (string-contains (with-warnings
232 (let ((pkg (dummy-package "x"
233 (synopsis ""))))
234 (check-synopsis-style pkg)))
235 "synopsis should not be empty")))
236
237 (test-assert "synopsis: does not start with an upper-case letter"
238 (->bool
239 (string-contains (with-warnings
240 (let ((pkg (dummy-package "x"
241 (synopsis "bad synopsis."))))
242 (check-synopsis-style pkg)))
243 "synopsis should start with an upper-case letter")))
244
245 (test-assert "synopsis: may start with a digit"
246 (string-null?
247 (with-warnings
248 (let ((pkg (dummy-package "x"
249 (synopsis "5-dimensional frobnicator"))))
250 (check-synopsis-style pkg)))))
251
252 (test-assert "synopsis: ends with a period"
253 (->bool
254 (string-contains (with-warnings
255 (let ((pkg (dummy-package "x"
256 (synopsis "Bad synopsis."))))
257 (check-synopsis-style pkg)))
258 "no period allowed at the end of the synopsis")))
259
260 (test-assert "synopsis: ends with 'etc.'"
261 (string-null? (with-warnings
262 (let ((pkg (dummy-package "x"
263 (synopsis "Foo, bar, etc."))))
264 (check-synopsis-style pkg)))))
265
266 (test-assert "synopsis: starts with 'A'"
267 (->bool
268 (string-contains (with-warnings
269 (let ((pkg (dummy-package "x"
270 (synopsis "A bad synopŝis"))))
271 (check-synopsis-style pkg)))
272 "no article allowed at the beginning of the synopsis")))
273
274 (test-assert "synopsis: starts with 'An'"
275 (->bool
276 (string-contains (with-warnings
277 (let ((pkg (dummy-package "x"
278 (synopsis "An awful synopsis"))))
279 (check-synopsis-style pkg)))
280 "no article allowed at the beginning of the synopsis")))
281
282 (test-assert "synopsis: starts with 'a'"
283 (->bool
284 (string-contains (with-warnings
285 (let ((pkg (dummy-package "x"
286 (synopsis "a bad synopsis"))))
287 (check-synopsis-style pkg)))
288 "no article allowed at the beginning of the synopsis")))
289
290 (test-assert "synopsis: starts with 'an'"
291 (->bool
292 (string-contains (with-warnings
293 (let ((pkg (dummy-package "x"
294 (synopsis "an awful synopsis"))))
295 (check-synopsis-style pkg)))
296 "no article allowed at the beginning of the synopsis")))
297
298 (test-assert "synopsis: too long"
299 (->bool
300 (string-contains (with-warnings
301 (let ((pkg (dummy-package "x"
302 (synopsis (make-string 80 #\x)))))
303 (check-synopsis-style pkg)))
304 "synopsis should be less than 80 characters long")))
305
306 (test-assert "synopsis: start with package name"
307 (->bool
308 (string-contains (with-warnings
309 (let ((pkg (dummy-package "x"
310 (name "foo")
311 (synopsis "foo, a nice package"))))
312 (check-synopsis-style pkg)))
313 "synopsis should not start with the package name")))
314
315 (test-assert "synopsis: start with package name prefix"
316 (string-null?
317 (with-warnings
318 (let ((pkg (dummy-package "arb"
319 (synopsis "Arbitrary precision"))))
320 (check-synopsis-style pkg)))))
321
322 (test-assert "synopsis: start with abbreviation"
323 (string-null?
324 (with-warnings
325 (let ((pkg (dummy-package "uucp"
326 ;; Same problem with "APL interpreter", etc.
327 (synopsis "UUCP implementation")
328 (description "Imagine this is Taylor UUCP."))))
329 (check-synopsis-style pkg)))))
330
331 (test-assert "inputs: pkg-config is probably a native input"
332 (->bool
333 (string-contains
334 (with-warnings
335 (let ((pkg (dummy-package "x"
336 (inputs `(("pkg-config" ,pkg-config))))))
337 (check-inputs-should-be-native pkg)))
338 "'pkg-config' should probably be a native input")))
339
340 (test-assert "inputs: glib:bin is probably a native input"
341 (->bool
342 (string-contains
343 (with-warnings
344 (let ((pkg (dummy-package "x"
345 (inputs `(("glib" ,glib "bin"))))))
346 (check-inputs-should-be-native pkg)))
347 "'glib:bin' should probably be a native input")))
348
349 (test-assert "patches: file names"
350 (->bool
351 (string-contains
352 (with-warnings
353 (let ((pkg (dummy-package "x"
354 (source
355 (dummy-origin
356 (patches (list "/path/to/y.patch")))))))
357 (check-patch-file-names pkg)))
358 "file names of patches should start with the package name")))
359
360 (test-assert "patches: not found"
361 (->bool
362 (string-contains
363 (with-warnings
364 (let ((pkg (dummy-package "x"
365 (source
366 (dummy-origin
367 (patches
368 (list (search-patch "this-patch-does-not-exist!"))))))))
369 (check-patch-file-names pkg)))
370 "patch not found")))
371
372 (test-assert "derivation: invalid arguments"
373 (->bool
374 (string-contains
375 (with-warnings
376 (let ((pkg (dummy-package "x"
377 (arguments
378 '(#:imported-modules (invalid-module))))))
379 (check-derivation pkg)))
380 "failed to create derivation")))
381
382 (test-assert "license: invalid license"
383 (string-contains
384 (with-warnings
385 (check-license (dummy-package "x" (license #f))))
386 "invalid license"))
387
388 (test-assert "home-page: wrong home-page"
389 (->bool
390 (string-contains
391 (with-warnings
392 (let ((pkg (package
393 (inherit (dummy-package "x"))
394 (home-page #f))))
395 (check-home-page pkg)))
396 "invalid")))
397
398 (test-assert "home-page: invalid URI"
399 (->bool
400 (string-contains
401 (with-warnings
402 (let ((pkg (package
403 (inherit (dummy-package "x"))
404 (home-page "foobar"))))
405 (check-home-page pkg)))
406 "invalid home page URL")))
407
408 (test-assert "home-page: host not found"
409 (->bool
410 (string-contains
411 (with-warnings
412 (let ((pkg (package
413 (inherit (dummy-package "x"))
414 (home-page "http://does-not-exist"))))
415 (check-home-page pkg)))
416 "domain not found")))
417
418 (test-skip (if %http-server-socket 0 1))
419 (test-assert "home-page: Connection refused"
420 (->bool
421 (string-contains
422 (with-warnings
423 (let ((pkg (package
424 (inherit (dummy-package "x"))
425 (home-page %local-url))))
426 (check-home-page pkg)))
427 "Connection refused")))
428
429 (test-skip (if %http-server-socket 0 1))
430 (test-equal "home-page: 200"
431 ""
432 (with-warnings
433 (with-http-server 200 %long-string
434 (let ((pkg (package
435 (inherit (dummy-package "x"))
436 (home-page %local-url))))
437 (check-home-page pkg)))))
438
439 (test-skip (if %http-server-socket 0 1))
440 (test-assert "home-page: 200 but short length"
441 (->bool
442 (string-contains
443 (with-warnings
444 (with-http-server 200 "This is too small."
445 (let ((pkg (package
446 (inherit (dummy-package "x"))
447 (home-page %local-url))))
448 (check-home-page pkg))))
449 "suspiciously small")))
450
451 (test-skip (if %http-server-socket 0 1))
452 (test-assert "home-page: 404"
453 (->bool
454 (string-contains
455 (with-warnings
456 (with-http-server 404 %long-string
457 (let ((pkg (package
458 (inherit (dummy-package "x"))
459 (home-page %local-url))))
460 (check-home-page pkg))))
461 "not reachable: 404")))
462
463 (test-assert "source-file-name"
464 (->bool
465 (string-contains
466 (with-warnings
467 (let ((pkg (dummy-package "x"
468 (version "3.2.1")
469 (source
470 (origin
471 (method url-fetch)
472 (uri "http://www.example.com/3.2.1.tar.gz")
473 (sha256 %null-sha256))))))
474 (check-source-file-name pkg)))
475 "file name should contain the package name")))
476
477 (test-assert "source-file-name: v prefix"
478 (->bool
479 (string-contains
480 (with-warnings
481 (let ((pkg (dummy-package "x"
482 (version "3.2.1")
483 (source
484 (origin
485 (method url-fetch)
486 (uri "http://www.example.com/v3.2.1.tar.gz")
487 (sha256 %null-sha256))))))
488 (check-source-file-name pkg)))
489 "file name should contain the package name")))
490
491 (test-assert "source-file-name: bad checkout"
492 (->bool
493 (string-contains
494 (with-warnings
495 (let ((pkg (dummy-package "x"
496 (version "3.2.1")
497 (source
498 (origin
499 (method git-fetch)
500 (uri (git-reference
501 (url "http://www.example.com/x.git")
502 (commit "0")))
503 (sha256 %null-sha256))))))
504 (check-source-file-name pkg)))
505 "file name should contain the package name")))
506
507 (test-assert "source-file-name: good checkout"
508 (not
509 (->bool
510 (string-contains
511 (with-warnings
512 (let ((pkg (dummy-package "x"
513 (version "3.2.1")
514 (source
515 (origin
516 (method git-fetch)
517 (uri (git-reference
518 (url "http://git.example.com/x.git")
519 (commit "0")))
520 (file-name (string-append "x-" version))
521 (sha256 %null-sha256))))))
522 (check-source-file-name pkg)))
523 "file name should contain the package name"))))
524
525 (test-assert "source-file-name: valid"
526 (not
527 (->bool
528 (string-contains
529 (with-warnings
530 (let ((pkg (dummy-package "x"
531 (version "3.2.1")
532 (source
533 (origin
534 (method url-fetch)
535 (uri "http://www.example.com/x-3.2.1.tar.gz")
536 (sha256 %null-sha256))))))
537 (check-source-file-name pkg)))
538 "file name should contain the package name"))))
539
540 (test-skip (if %http-server-socket 0 1))
541 (test-equal "source: 200"
542 ""
543 (with-warnings
544 (with-http-server 200 %long-string
545 (let ((pkg (package
546 (inherit (dummy-package "x"))
547 (source (origin
548 (method url-fetch)
549 (uri %local-url)
550 (sha256 %null-sha256))))))
551 (check-source pkg)))))
552
553 (test-skip (if %http-server-socket 0 1))
554 (test-assert "source: 200 but short length"
555 (->bool
556 (string-contains
557 (with-warnings
558 (with-http-server 200 "This is too small."
559 (let ((pkg (package
560 (inherit (dummy-package "x"))
561 (source (origin
562 (method url-fetch)
563 (uri %local-url)
564 (sha256 %null-sha256))))))
565 (check-source pkg))))
566 "suspiciously small")))
567
568 (test-skip (if %http-server-socket 0 1))
569 (test-assert "source: 404"
570 (->bool
571 (string-contains
572 (with-warnings
573 (with-http-server 404 %long-string
574 (let ((pkg (package
575 (inherit (dummy-package "x"))
576 (source (origin
577 (method url-fetch)
578 (uri %local-url)
579 (sha256 %null-sha256))))))
580 (check-source pkg))))
581 "not reachable: 404")))
582
583 (test-assert "cve"
584 (mock ((guix scripts lint) package-vulnerabilities (const '()))
585 (string-null?
586 (with-warnings (check-vulnerabilities (dummy-package "x"))))))
587
588 (test-assert "cve: one vulnerability"
589 (mock ((guix scripts lint) package-vulnerabilities
590 (lambda (package)
591 (list (make-struct (@@ (guix cve) <vulnerability>) 0
592 "CVE-2015-1234"
593 (list (cons (package-name package)
594 (package-version package)))))))
595 (string-contains
596 (with-warnings
597 (check-vulnerabilities (dummy-package "pi" (version "3.14"))))
598 "vulnerable to CVE-2015-1234")))
599
600 (test-assert "cve: one patched vulnerability"
601 (mock ((guix scripts lint) package-vulnerabilities
602 (lambda (package)
603 (list (make-struct (@@ (guix cve) <vulnerability>) 0
604 "CVE-2015-1234"
605 (list (cons (package-name package)
606 (package-version package)))))))
607 (string-null?
608 (with-warnings
609 (check-vulnerabilities
610 (dummy-package "pi"
611 (version "3.14")
612 (source
613 (dummy-origin
614 (patches
615 (list "/a/b/pi-CVE-2015-1234.patch"))))))))))
616
617 (test-assert "cve: vulnerability fixed in replacement version"
618 (mock ((guix scripts lint) package-vulnerabilities
619 (lambda (package)
620 (match (package-version package)
621 ("0"
622 (list (make-struct (@@ (guix cve) <vulnerability>) 0
623 "CVE-2015-1234"
624 (list (cons (package-name package)
625 (package-version package))))))
626 ("1"
627 '()))))
628 (and (not (string-null?
629 (with-warnings
630 (check-vulnerabilities
631 (dummy-package "foo" (version "0"))))))
632 (string-null?
633 (with-warnings
634 (check-vulnerabilities
635 (dummy-package
636 "foo" (version "0")
637 (replacement (dummy-package "foo" (version "1"))))))))))
638
639 (test-assert "cve: patched vulnerability in replacement"
640 (mock ((guix scripts lint) package-vulnerabilities
641 (lambda (package)
642 (list (make-struct (@@ (guix cve) <vulnerability>) 0
643 "CVE-2015-1234"
644 (list (cons (package-name package)
645 (package-version package)))))))
646 (string-null?
647 (with-warnings
648 (check-vulnerabilities
649 (dummy-package
650 "pi" (version "3.14") (source (dummy-origin))
651 (replacement (dummy-package
652 "pi" (version "3.14")
653 (source
654 (dummy-origin
655 (patches
656 (list "/a/b/pi-CVE-2015-1234.patch"))))))))))))
657
658 (test-assert "formatting: lonely parentheses"
659 (string-contains
660 (with-warnings
661 (check-formatting
662 (
663 dummy-package "ugly as hell!"
664 )
665 ))
666 "lonely"))
667
668 (test-assert "formatting: tabulation"
669 (string-contains
670 (with-warnings
671 (check-formatting (dummy-package "leave the tab here: ")))
672 "tabulation"))
673
674 (test-assert "formatting: trailing white space"
675 (string-contains
676 (with-warnings
677 ;; Leave the trailing white space on the next line!
678 (check-formatting (dummy-package "x")))
679 "trailing white space"))
680
681 (test-assert "formatting: long line"
682 (string-contains
683 (with-warnings
684 (check-formatting
685 (dummy-package "x" ;here is a stupid comment just to make a long line
686 )))
687 "too long"))
688
689 (test-assert "formatting: alright"
690 (string-null?
691 (with-warnings
692 (check-formatting (dummy-package "x")))))
693
694 (test-end "lint")
695
696 ;; Local Variables:
697 ;; eval: (put 'with-http-server 'scheme-indent-function 2)
698 ;; eval: (put 'with-warnings 'scheme-indent-function 0)
699 ;; End:
jackhill's copy of GNU Guix: https://guix.gnu.org/