tests/cve.scm

   1 ;;; GNU Guix --- Functional package management for GNU
   2 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
   3 ;;;
   4 ;;; This file is part of GNU Guix.
   5 ;;;
   6 ;;; GNU Guix is free software; you can redistribute it and/or modify it
   7 ;;; under the terms of the GNU General Public License as published by
   8 ;;; the Free Software Foundation; either version 3 of the License, or (at
   9 ;;; your option) any later version.
  10 ;;;
  11 ;;; GNU Guix is distributed in the hope that it will be useful, but
  12 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
  13 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 ;;; GNU General Public License for more details.
  15 ;;;
  16 ;;; You should have received a copy of the GNU General Public License
  17 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
  18
  19 (define-module (test-cve)
  20   #:use-module (guix cve)
  21   #:use-module (srfi srfi-1)
  22   #:use-module (srfi srfi-64))
  23
  24 (define %sample
  25   (search-path %load-path "tests/cve-sample.xml"))
  26
  27 (define (vulnerability id packages)
  28   (make-struct (@@ (guix cve) <vulnerability>) 0 id packages))
  29
  30 (define %expected-vulnerabilities
  31   ;; What we should get when reading %SAMPLE.
  32   (list
  33    ;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
  34    ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
  35    (vulnerability "CVE-2008-2335" '(("phpvid" . "1.1") ("phpvid" . "1.2")))
  36    (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" . "3.5")
  37                                     ("jasper" . "1.900.1")))
  38    (vulnerability "CVE-2009-3301" '(("openoffice.org" . "2.1.0")
  39                                     ("openoffice.org" . "2.3.0")
  40                                     ("openoffice.org" . "2.2.1")))
  41    ;; CVE-2015-8330 has no software list.
  42    ))
  43
  44 \f
  45 (test-begin "cve")
  46
  47 (test-equal "xml->vulnerabilities"
  48   %expected-vulnerabilities
  49   (call-with-input-file %sample xml->vulnerabilities))
  50
  51 (test-equal ""
  52   (list `(("1.1" . ,(first %expected-vulnerabilities))
  53           ("1.2" . ,(first %expected-vulnerabilities)))
  54         '()
  55         '()
  56         (list (second %expected-vulnerabilities))
  57         (list (third %expected-vulnerabilities)))
  58   (let* ((vulns  (call-with-input-file %sample xml->vulnerabilities))
  59          (lookup (vulnerabilities->lookup-proc vulns)))
  60     (list (lookup "phpvid")
  61           (lookup "jasper" "2.0")
  62           (lookup "foobar")
  63           (lookup "jasper" "1.900.1")
  64           (lookup "openoffice.org" "2.3.0"))))
  65
  66 (test-end "cve")
  67
  68 \f
  69 (exit (= (test-runner-fail-count (test-runner-current)) 0))