guix/tests/cve.scm
Mathieu Lirzin a9edb211e7 build: Add a Guile custom test driver using SRFI-64.
Before that '.log' files for scheme tests were fragmented and not
included in test-suite.log.  This unifies the semantics of SRFI-64 API
with Automake test suite.

* build-aux/test-driver.scm: New file.
* Makefile.am (SCM_LOG_DRIVER, AM_SCM_LOG_DRIVER_FLAGS): New variables.
(SCM_LOG_COMPILER, AM_SCM_LOG_FLAGS): Delete variables.
(AM_TESTS_ENVIRONMENT): Set GUILE_AUTO_COMPILE to 0.
* test-env.in: Silence guix-daemon.
* doc/guix.texi (Running the Test Suite): Describe how to display the
detailed results.  Bug reports require only 'test-suite.log' file.
* tests/base32.scm, tests/build-utils.scm, tests/builders.scm,
tests/challenge.scm, tests/cpan.scm, tests/cpio.scm, tests/cran.scm,
tests/cve.scm, tests/derivations.scm, tests/elpa.scm,
tests/file-systems.scm, tests/gem.scm, tests/gexp.scm,
tests/gnu-maintenance.scm, tests/grafts.scm, tests/graph.scm,
tests/gremlin.scm, tests/hackage.scm, tests/hash.scm,
tests/import-utils.scm, tests/lint.scm, tests/monads.scm, tests/nar.scm,
tests/packages.scm, tests/pk-crypto.scm, tests/pki.scm,
tests/profiles.scm, tests/publish.scm, tests/pypi.scm,
tests/records.scm, tests/scripts-build.scm, tests/scripts.scm,
tests/services.scm, tests/sets.scm, tests/size.scm, tests/snix.scm,
tests/store.scm, tests/substitute.scm, tests/syscalls.scm,
tests/system.scm, tests/ui.scm, tests/union.scm, tests/upstream.scm,
tests/utils.scm: Don't exit at the end of test groups.
* tests/containers.scm: Likewise.  Use 'test-skip' instead of exiting
with error code 77.
2016-04-03 14:19:09 +02:00

67 lines
2.4 KiB
Scheme
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (test-cve)
#:use-module (guix cve)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-64))
(define %sample
(search-path %load-path "tests/cve-sample.xml"))
(define (vulnerability id packages)
(make-struct (@@ (guix cve) <vulnerability>) 0 id packages))
(define %expected-vulnerabilities
;; What we should get when reading %SAMPLE.
(list
;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
(vulnerability "CVE-2008-2335" '(("phpvid" . "1.1") ("phpvid" . "1.2")))
(vulnerability "CVE-2008-3522" '(("enterprise_virtualization" . "3.5")
("jasper" . "1.900.1")))
(vulnerability "CVE-2009-3301" '(("openoffice.org" . "2.1.0")
("openoffice.org" . "2.3.0")
("openoffice.org" . "2.2.1")))
;; CVE-2015-8330 has no software list.
))
(test-begin "cve")
(test-equal "xml->vulnerabilities"
%expected-vulnerabilities
(call-with-input-file %sample xml->vulnerabilities))
(test-equal ""
(list `(("1.1" . ,(first %expected-vulnerabilities))
("1.2" . ,(first %expected-vulnerabilities)))
'()
'()
(list (second %expected-vulnerabilities))
(list (third %expected-vulnerabilities)))
(let* ((vulns (call-with-input-file %sample xml->vulnerabilities))
(lookup (vulnerabilities->lookup-proc vulns)))
(list (lookup "phpvid")
(lookup "jasper" "2.0")
(lookup "foobar")
(lookup "jasper" "1.900.1")
(lookup "openoffice.org" "2.3.0"))))
(test-end "cve")