diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2017-11-30 23:41:29 +0200 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2017-12-10 21:59:07 +0200 |
commit | f4007b25476dfd97885f358d2dabbd463f6f6017 (patch) | |
tree | cc50563d23c77d455fc5e03cc7cb8cc0a61c7ac5 /tests | |
parent | 308b8f79c5267ae442e4a8874cfed80f3c5a8831 (diff) |
lint: 'check-vulnerabilities' also checks package properties.
* guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs
listed as mitigated in the package properties.
* tests/lint.scm ("cve: known safe from vulnerability"): New test.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/lint.scm | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/tests/lint.scm b/tests/lint.scm index 064f3d177e..ab0e8b9a8c 100644 --- a/tests/lint.scm +++ b/tests/lint.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Alex Kost <alezost@gmail.com> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -702,6 +703,20 @@ (patches (list "/a/b/pi-CVE-2015-1234.patch")))))))))) +(test-assert "cve: known safe from vulnerability" + (mock ((guix scripts lint) package-vulnerabilities + (lambda (package) + (list (make-struct (@@ (guix cve) <vulnerability>) 0 + "CVE-2015-1234" + (list (cons (package-name package) + (package-version package))))))) + (string-null? + (with-warnings + (check-vulnerabilities + (dummy-package "pi" + (version "3.14") + (properties `((lint-hidden-cve . ("CVE-2015-1234")))))))))) + (test-assert "cve: vulnerability fixed in replacement version" (mock ((guix scripts lint) package-vulnerabilities (lambda (package) |