summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-04-28 17:48:47 +0200
committerLudovic Courtès <ludo@gnu.org>2016-04-28 18:03:01 +0200
commit5c6a062d48e36d6f086c0308d57c65df87b3c518 (patch)
tree0aa4c2b0261dd4d3360c7f4f4b32bbfa01ae2112
parent158f5734cfa34ffda8bc714e47eb68c8312346d5 (diff)
downloadguix-5c6a062d48e36d6f086c0308d57c65df87b3c518.tar.gz
lint: 'check-vulnerabilities' follows package replacements.
* guix/scripts/lint.scm (check-vulnerabilities): Check the replacement
of PACKAGE.
* tests/lint.scm ("cve: patched vulnerability in replacement"): New test.
-rw-r--r--guix/scripts/lint.scm3
-rw-r--r--tests/lint.scm19
2 files changed, 21 insertions, 1 deletions
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm
index a8023a5b1e..c581586ac3 100644
--- a/guix/scripts/lint.scm
+++ b/guix/scripts/lint.scm
@@ -644,7 +644,8 @@ from ~s: ~a (~s)~%")
     (()
      #t)
     ((vulnerabilities ...)
-     (let* ((patches   (filter-map patch-file-name
+     (let* ((package   (or (package-replacement package) package))
+            (patches   (filter-map patch-file-name
                                    (or (and=> (package-source package)
                                               origin-patches)
                                        '())))
diff --git a/tests/lint.scm b/tests/lint.scm
index 9bc42990ef..1f1b0c95e9 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -559,6 +559,25 @@ requests."
                              (patches
                               (list "/a/b/pi-CVE-2015-1234.patch"))))))))))
 
+(test-assert "cve: patched vulnerability in replacement"
+  (mock ((guix scripts lint) package-vulnerabilities
+         (lambda (package)
+           (list (make-struct (@@ (guix cve) <vulnerability>) 0
+                              "CVE-2015-1234"
+                              (list (cons (package-name package)
+                                          (package-version package)))))))
+        (string-null?
+         (with-warnings
+           (check-vulnerabilities
+            (dummy-package
+             "pi" (version "3.14") (source (dummy-origin))
+             (replacement (dummy-package
+                           "pi" (version "3.14")
+                           (source
+                            (dummy-origin
+                             (patches
+                              (list "/a/b/pi-CVE-2015-1234.patch"))))))))))))
+
 (test-assert "formatting: lonely parentheses"
   (string-contains
    (with-warnings