首頁 探索 說明
登入
bavier
/
guix
關註 1
讚好 0
複刻 1
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 0d1dc3f6fa
分支列表 標籤列表
guix
/
tests
/
cve.scm

cve.scm 2.3 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. ;;; GNU Guix --- Functional package management for GNU
    2. 

  2. ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
    3. 

  3. ;;;
    4. 

  4. ;;; This file is part of GNU Guix.
    5. 

  5. ;;;
    6. 

  6. ;;; GNU Guix is free software; you can redistribute it and/or modify it
    7. 

  7. ;;; under the terms of the GNU General Public License as published by
    8. 

  8. ;;; the Free Software Foundation; either version 3 of the License, or (at
    9. 

  9. ;;; your option) any later version.
    10. 

  10. ;;;
    11. 

  11. ;;; GNU Guix is distributed in the hope that it will be useful, but
    12. 

  12. ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. ;;; GNU General Public License for more details.
    15. 

  15. ;;;
    16. 

  16. ;;; You should have received a copy of the GNU General Public License
    17. 

  17. ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. 

  19. (define-module (test-cve)
    20. 

  20.   #:use-module (guix cve)
    21. 

  21.   #:use-module (srfi srfi-1)
    22. 

  22.   #:use-module (srfi srfi-64))
    23. 

  23. 

  24. (define %sample
    25. 

  25.   (search-path %load-path "tests/cve-sample.xml"))
    26. 

  26. 

  27. (define (vulnerability id packages)
    28. 

  28.   (make-struct (@@ (guix cve) <vulnerability>) 0 id packages))
    29. 

  29. 

  30. (define %expected-vulnerabilities
    31. 

  31.   ;; What we should get when reading %SAMPLE.
    32. 

  32.   (list
    33. 

  33.    ;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
    34. 

  34.    ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
    35. 

  35.    (vulnerability "CVE-2008-2335" '(("phpvid" "1.2" "1.1")))
    36. 

  36.    (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" "3.5")
    37. 

  37.                                     ("jasper" "1.900.1")))
    38. 

  38.    (vulnerability "CVE-2009-3301" '(("openoffice.org" "2.3.0" "2.2.1" "2.1.0")))
    39. 

  39.    ;; CVE-2015-8330 has no software list.
    40. 

  40.    ))
    41. 

  41. 

  42. 
    43. 

  43. (test-begin "cve")
    44. 

  44. 

  45. (test-equal "xml->vulnerabilities"
    46. 

  46.   %expected-vulnerabilities
    47. 

  47.   (call-with-input-file %sample xml->vulnerabilities))
    48. 

  48. 

  49. (test-equal "vulnerabilities->lookup-proc"
    50. 

  50.   (list (list (first %expected-vulnerabilities))
    51. 

  51.         '()
    52. 

  52.         '()
    53. 

  53.         (list (second %expected-vulnerabilities))
    54. 

  54.         (list (third %expected-vulnerabilities)))
    55. 

  55.   (let* ((vulns  (call-with-input-file %sample xml->vulnerabilities))
    56. 

  56.          (lookup (vulnerabilities->lookup-proc vulns)))
    57. 

  57.     (list (lookup "phpvid")
    58. 

  58.           (lookup "jasper" "2.0")
    59. 

  59.           (lookup "foobar")
    60. 

  60.           (lookup "jasper" "1.900.1")
    61. 

  61.           (lookup "openoffice.org" "2.3.0"))))
    62. 

  62. 

  63. (test-end "cve")
    64. 

  64.