summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--guix/lint.scm7
-rw-r--r--tests/lint.scm18
2 files changed, 15 insertions, 10 deletions
diff --git a/guix/lint.scm b/guix/lint.scm
index 697bd24a1e..24fbf05202 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1029,8 +1029,11 @@ the NIST server non-fatal."
                          (package-version package))))
         ((force lookup) name version)))))
 
-(define (check-vulnerabilities package)
-  "Check for known vulnerabilities for PACKAGE."
+(define* (check-vulnerabilities package
+                                #:optional (package-vulnerabilities
+                                            package-vulnerabilities))
+  "Check for known vulnerabilities for PACKAGE.  Obtain the list of
+vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
   (let ((package (or (package-replacement package) package)))
     (match (package-vulnerabilities package)
       (()
diff --git a/tests/lint.scm b/tests/lint.scm
index 3a9b539a24..4ce45b4a70 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
@@ -756,14 +756,16 @@
 
 (test-equal "cve: one vulnerability"
   "probably vulnerable to CVE-2015-1234"
-  (mock ((guix lint) package-vulnerabilities
+  (let ((dummy-vulnerabilities
          (lambda (package)
-           (list (make-struct/no-tail (@@ (guix cve) <vulnerability>)
-                                      "CVE-2015-1234"
-                                      (list (cons (package-name package)
-                                                  (package-version package)))))))
-        (single-lint-warning-message
-         (check-vulnerabilities (dummy-package "pi" (version "3.14"))))))
+           (list (make-struct/no-tail
+                  (@@ (guix cve) <vulnerability>)
+                  "CVE-2015-1234"
+                  (list (cons (package-name package)
+                              (package-version package))))))))
+    (single-lint-warning-message
+     (check-vulnerabilities (dummy-package "pi" (version "3.14"))
+                            dummy-vulnerabilities))))
 
 (test-equal "cve: one patched vulnerability"
   '()