summary refs log tree commit diff
path: root/tests
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2017-11-30 23:41:29 +0200
committerEfraim Flashner <efraim@flashner.co.il>2017-12-10 21:59:07 +0200
commitf4007b25476dfd97885f358d2dabbd463f6f6017 (patch)
treecc50563d23c77d455fc5e03cc7cb8cc0a61c7ac5 /tests
parent308b8f79c5267ae442e4a8874cfed80f3c5a8831 (diff)
downloadguix-f4007b25476dfd97885f358d2dabbd463f6f6017.tar.gz
lint: 'check-vulnerabilities' also checks package properties.
* guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs
listed as mitigated in the package properties.
* tests/lint.scm ("cve: known safe from vulnerability"): New test.
Diffstat (limited to 'tests')
-rw-r--r--tests/lint.scm15
1 files changed, 15 insertions, 0 deletions
diff --git a/tests/lint.scm b/tests/lint.scm
index 064f3d177e..ab0e8b9a8c 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -702,6 +703,20 @@
                              (patches
                               (list "/a/b/pi-CVE-2015-1234.patch"))))))))))
 
+(test-assert "cve: known safe from vulnerability"
+  (mock ((guix scripts lint) package-vulnerabilities
+         (lambda (package)
+           (list (make-struct (@@ (guix cve) <vulnerability>) 0
+                              "CVE-2015-1234"
+                              (list (cons (package-name package)
+                                          (package-version package)))))))
+        (string-null?
+         (with-warnings
+           (check-vulnerabilities
+            (dummy-package "pi"
+                           (version "3.14")
+                           (properties `((lint-hidden-cve . ("CVE-2015-1234"))))))))))
+
 (test-assert "cve: vulnerability fixed in replacement version"
   (mock ((guix scripts lint) package-vulnerabilities
          (lambda (package)