From 4e70fe4d0efbb29d47e3d83d36d6c15f92baebb0 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Sat, 28 Nov 2015 16:15:31 +0100
Subject: lint: Do not report already-patched vulnerabilities.

* guix/scripts/lint.scm (patch-file-name): New procedure.
(check-vulnerabilities): Use it to filter out patched vulnerabilities.
* tests/lint.scm ("cve: one patched vulnerability"): New test.
---
 tests/lint.scm | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'tests/lint.scm')

diff --git a/tests/lint.scm b/tests/lint.scm
index 50316ade9a..df82593a9e 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -529,6 +529,23 @@ requests."
            (check-vulnerabilities (dummy-package "pi" (version "3.14"))))
          "vulnerable to CVE-2015-1234")))
 
+(test-assert "cve: one patched vulnerability"
+  (mock ((guix scripts lint) package-vulnerabilities
+         (lambda (package)
+           (list (make-struct (@@ (guix cve) <vulnerability>) 0
+                              "CVE-2015-1234"
+                              (list (cons (package-name package)
+                                          (package-version package)))))))
+        (string-null?
+         (with-warnings
+           (check-vulnerabilities
+            (dummy-package "pi"
+                           (version "3.14")
+                           (source
+                            (dummy-origin
+                             (patches
+                              (list "/a/b/pi-CVE-2015-1234.patch"))))))))))
+
 (test-assert "formatting: lonely parentheses"
   (string-contains
    (with-warnings
-- 
cgit v1.2.3