+(test-assert "cve: one patched vulnerability"
+ (mock ((guix scripts lint) package-vulnerabilities
+ (lambda (package)
+ (list (make-struct (@@ (guix cve) <vulnerability>) 0
+ "CVE-2015-1234"
+ (list (cons (package-name package)
+ (package-version package)))))))
+ (string-null?
+ (with-warnings
+ (check-vulnerabilities
+ (dummy-package "pi"
+ (version "3.14")
+ (source
+ (dummy-origin
+ (patches
+ (list "/a/b/pi-CVE-2015-1234.patch"))))))))))
+
+(test-assert "cve: vulnerability fixed in replacement version"
+ (mock ((guix scripts lint) package-vulnerabilities
+ (lambda (package)
+ (match (package-version package)
+ ("0"
+ (list (make-struct (@@ (guix cve) <vulnerability>) 0
+ "CVE-2015-1234"
+ (list (cons (package-name package)
+ (package-version package))))))
+ ("1"
+ '()))))
+ (and (not (string-null?
+ (with-warnings
+ (check-vulnerabilities
+ (dummy-package "foo" (version "0"))))))
+ (string-null?
+ (with-warnings
+ (check-vulnerabilities
+ (dummy-package
+ "foo" (version "0")
+ (replacement (dummy-package "foo" (version "1"))))))))))
+
+(test-assert "cve: patched vulnerability in replacement"
+ (mock ((guix scripts lint) package-vulnerabilities
+ (lambda (package)
+ (list (make-struct (@@ (guix cve) <vulnerability>) 0
+ "CVE-2015-1234"
+ (list (cons (package-name package)
+ (package-version package)))))))
+ (string-null?
+ (with-warnings
+ (check-vulnerabilities
+ (dummy-package
+ "pi" (version "3.14") (source (dummy-origin))
+ (replacement (dummy-package
+ "pi" (version "3.14")
+ (source
+ (dummy-origin
+ (patches
+ (list "/a/b/pi-CVE-2015-1234.patch"))))))))))))
+