all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
blob 0b6346a4d45b9b3fb05e7f7a02a3606792abfd03 3794 bytes (raw)
name: tests/cve.scm 	 # note: path name is non-authoritative(*)

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
 
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-19)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.json"))

(define (vulnerability id packages)
  (make-struct/no-tail (@@ (guix cve) <vulnerability>) id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   (vulnerability "CVE-2019-0001"
                  ;; Only the "a" CPE configurations are kept; the "o"
                  ;; configurations are discarded.
                  '(("juniper:junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
   (vulnerability "CVE-2019-0005"
                  '(("juniper:junos" (or "18.11" "18.1"))))
   ;; CVE-2019-0005 has no "a" configurations.
   (vulnerability "CVE-2019-14811"
                  '(("artifex:ghostscript" (< "9.28"))))
   (vulnerability "CVE-2019-17365"
                  '(("nixos:nix" (<= "2.3"))))
   (vulnerability "CVE-2019-1010180"
                  '(("gnu:gdb" _)))                   ;any version
   (vulnerability "CVE-2019-1010204"
                  '(("gnu:binutils" (and (>= "2.21") (<= "2.31.1")))
                    ("gnu:binutils_gold" (and (>= "1.11") (<= "1.16")))))
   ;; CVE-2019-18192 has no associated configurations.
   ))

\f
(test-begin "cve")

(test-equal "json->cve-items"
  '("CVE-2019-0001"
    "CVE-2019-0005"
    "CVE-2019-14811"
    "CVE-2019-17365"
    "CVE-2019-1010180"
    "CVE-2019-1010204"
    "CVE-2019-18192")
  (map (compose cve-id cve-item-cve)
       (call-with-input-file %sample json->cve-items)))

(test-equal "cve-item-published-date"
  '(2019)
  (delete-duplicates
   (map (compose date-year cve-item-published-date)
        (call-with-input-file %sample json->cve-items))))

(test-equal "json->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample json->vulnerabilities))

(test-equal "vulnerabilities->lookup-proc"
  (list (list (third %expected-vulnerabilities))  ;ghostscript
        (list (third %expected-vulnerabilities))
        '()

        (list (fifth %expected-vulnerabilities))  ;gdb
        (list (fifth %expected-vulnerabilities))

        (list (fourth %expected-vulnerabilities)) ;nix
        '()

        (list (sixth %expected-vulnerabilities))  ;binutils
        '()
        (list (sixth %expected-vulnerabilities))
        '())
  (let* ((vulns  (call-with-input-file %sample json->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "ghostscript")
          (lookup "ghostscript" #:version "9.27")
          (lookup "ghostscript" #:version "9.28")
          (lookup "gdb")
          (lookup "gdb" #:version "42.0")
          (lookup "nix")
          (lookup "nix" #:version "2.4")
          (lookup "binutils" #:version "2.31.1")
          (lookup "binutils" #:version "2.10")
          (lookup "binutils_gold" #:version "1.11")
          (lookup "binutils" #:version "2.32"))))

(test-end "cve")

debug log:

solving 0b6346a4d4 ...
found 0b6346a4d4 in https://yhetil.org/guix/20241027182029.25707-1-ngraves@ngraves.fr/ ||
	https://yhetil.org/guix/20241027181946.25348-2-ngraves@ngraves.fr/
found b69da0e120 in https://git.savannah.gnu.org/cgit/guix.git
preparing index
index prepared:
100644 b69da0e1204c9c9ee20e77087718f8981ece369b	tests/cve.scm

applying [1/1] https://yhetil.org/guix/20241027182029.25707-1-ngraves@ngraves.fr/
diff --git a/tests/cve.scm b/tests/cve.scm
index b69da0e120..0b6346a4d4 100644

Checking patch tests/cve.scm...
Applied patch tests/cve.scm cleanly.

skipping https://yhetil.org/guix/20241027181946.25348-2-ngraves@ngraves.fr/ for 0b6346a4d4
index at:
100644 0b6346a4d45b9b3fb05e7f7a02a3606792abfd03	tests/cve.scm

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.