bundler-audit 0.5.0 → 0.6.0

data/spec/cli_spec.rb

@@ -2,43 +2,98 @@ require 'spec_helper'
 require 'bundler/audit/cli'
 
 describe Bundler::Audit::CLI do
+  describe "#update" do
+    context "not --quiet (the default)" do
+      context "when update succeeds" do
 
-  context "when update succeeds" do
+        before { expect(Bundler::Audit::Database).to receive(:update!).and_return(true) }
 
-    before { expect(Bundler::Audit::Database).to receive(:update!).and_return(true) }
+        it "prints updated message" do
+          expect { subject.update }.to output(/Updated ruby-advisory-db/).to_stdout
+        end
 
-    it "prints updated message" do
-      expect { subject.update }.to output(/Updated ruby-advisory-db/).to_stdout
-    end
+        it "prints total advisory count" do
+          database = double
+          expect(database).to receive(:size).and_return(1234)
+          expect(Bundler::Audit::Database).to receive(:new).and_return(database)
 
-    it "prints total advisory count" do
-      database = double
-      expect(database).to receive(:size).and_return(1234)
-      expect(Bundler::Audit::Database).to receive(:new).and_return(database)
+          expect { subject.update }.to output(/ruby-advisory-db: 1234 advisories/).to_stdout
+        end
+      end
 
-      expect { subject.update }.to output(/ruby-advisory-db: 1234 advisories/).to_stdout
-    end
-  end
+      context "when update fails" do
 
-  context "when update fails" do
+        before { expect(Bundler::Audit::Database).to receive(:update!).and_return(false) }
 
-    before { expect(Bundler::Audit::Database).to receive(:update!).and_return(false) }
+        it "prints failure message" do
+          expect do
+            begin
+              subject.update
+            rescue SystemExit
+            end
+          end.to output(/Failed updating ruby-advisory-db!/).to_stdout
+        end
 
-    it "prints failure message" do
-      expect do
-        begin
-          subject.update
-        rescue SystemExit
+        it "exits with error status code" do
+          expect {
+            # Capture output of `update` only to keep spec output clean.
+            # The test regarding specific output is above.
+            expect { subject.update }.to output.to_stdout
+          }.to raise_error(SystemExit) do |error|
+            expect(error.success?).to eq(false)
+            expect(error.status).to eq(1)
+          end
         end
-      end.to output(/Failed updating ruby-advisory-db!/).to_stdout
-    end
 
-    it "exits with error status code" do
-      expect { subject.update }.to raise_error(SystemExit) do |error|
-        expect(error.success?).to eq(false)
-        expect(error.status).to eq(1)
       end
     end
 
+    context "--quiet" do
+      before do
+        allow(subject).to receive(:options).and_return(double("Options", quiet?: true))
+      end
+
+      context "when update succeeds" do
+
+        before do
+          expect(Bundler::Audit::Database).to(
+            receive(:update!).with(quiet: true).and_return(true)
+          )
+        end
+
+        it "does not print any output" do
+          expect { subject.update }.to_not output.to_stdout
+        end
+      end
+
+      context "when update fails" do
+
+        before do
+          expect(Bundler::Audit::Database).to(
+            receive(:update!).with(quiet: true).and_return(false)
+          )
+        end
+
+        it "prints failure message" do
+          expect do
+            begin
+              subject.update
+            rescue SystemExit
+            end
+          end.to output(/Failed updating ruby-advisory-db!/).to_stdout
+        end
+
+        it "exits with error status code" do
+          expect {
+            # Capture output of `update` only to keep spec output clean.
+            # The test regarding specific output is above.
+            expect { subject.update }.to output.to_stdout
+          }.to raise_error(SystemExit) do |error|
+            expect(error.success?).to eq(false)
+            expect(error.status).to eq(1)
+          end
+        end
+      end
+    end
   end
 end

data/spec/database_spec.rb

@@ -4,7 +4,7 @@ require 'tmpdir'
 
 describe Bundler::Audit::Database do
   let(:vendored_advisories) do
-    Dir[File.join(Bundler::Audit::Database::VENDORED_PATH, '**/*.yml')].sort
+    Dir[File.join(Bundler::Audit::Database::VENDORED_PATH, 'gems/*/*.yml')].sort
   end
 
   describe "path" do
@@ -15,7 +15,7 @@ describe Bundler::Audit::Database do
     end
 
     it "should prefer the user repo, iff it's as up to date, or more up to date than the vendored one" do
-      Bundler::Audit::Database.update!
+      Bundler::Audit::Database.update!(quiet: false)
 
       Dir.chdir(Bundler::Audit::Database::USER_PATH) do
         puts "Timestamp:"
@@ -36,17 +36,17 @@ describe Bundler::Audit::Database do
 
   describe "update!" do
     it "should create the USER_PATH path as needed" do
-      Bundler::Audit::Database.update!
+      Bundler::Audit::Database.update!(quiet: false)
       expect(File.directory?(mocked_user_path)).to be true
     end
 
     it "should create the repo, then update it given multple successive calls." do
       expect_update_to_clone_repo!
-      Bundler::Audit::Database.update!
+      Bundler::Audit::Database.update!(quiet: false)
       expect(File.directory?(mocked_user_path)).to be true
 
       expect_update_to_update_repo!
-      Bundler::Audit::Database.update!
+      Bundler::Audit::Database.update!(quiet: false)
       expect(File.directory?(mocked_user_path)).to be true
     end
   end

data/spec/integration_spec.rb

@@ -4,7 +4,7 @@ describe "CLI" do
   include Helpers
 
   let(:command) do
-    File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit'))
+    File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundler-audit'))
   end
 
   context "when auditing a bundle with unpatched gems" do
@@ -38,7 +38,7 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
     let(:directory) { File.join('spec','bundle',bundle) }
 
     let(:command) do
-      File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit -i OSVDB-89026'))
+      File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundler-audit -i OSVDB-89026'))
     end
 
     subject do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundler-audit
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Postmodern
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-29 00:00:00.000000000 Z
+date: 2017-07-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -42,6 +42,7 @@ description: bundler-audit provides patch-level verification for Bundled apps.
 email: postmodern.mod3@gmail.com
 executables:
 - bundle-audit
+- bundler-audit
 extensions: []
 extra_rdoc_files:
 - COPYING.txt
@@ -60,6 +61,7 @@ files:
 - README.md
 - Rakefile
 - bin/bundle-audit
+- bin/bundler-audit
 - bundler-audit.gemspec
 - data/ruby-advisory-db.ts
 - data/ruby-advisory-db/.gitignore
@@ -68,11 +70,12 @@ files:
 - data/ruby-advisory-db/CONTRIBUTING.md
 - data/ruby-advisory-db/CONTRIBUTORS.md
 - data/ruby-advisory-db/Gemfile
+- data/ruby-advisory-db/Gemfile.lock
 - data/ruby-advisory-db/LICENSE.txt
 - data/ruby-advisory-db/README.md
 - data/ruby-advisory-db/Rakefile
 - data/ruby-advisory-db/gems/Arabic-Prawn/OSVDB-104365.yml
-- data/ruby-advisory-db/gems/RedCloth/OSVDB-115941.yml
+- data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml
 - data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4995.yml
 - data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml
 - data/ruby-advisory-db/gems/actionmailer/OSVDB-98629.yml
@@ -82,6 +85,10 @@ files:
 - data/ruby-advisory-db/gems/actionpack/CVE-2015-7576.yml
 - data/ruby-advisory-db/gems/actionpack/CVE-2015-7581.yml
 - data/ruby-advisory-db/gems/actionpack/CVE-2016-0751.yml
+- data/ruby-advisory-db/gems/actionpack/CVE-2016-0752.yml
+- data/ruby-advisory-db/gems/actionpack/CVE-2016-2097.yml
+- data/ruby-advisory-db/gems/actionpack/CVE-2016-2098.yml
+- data/ruby-advisory-db/gems/actionpack/CVE-2016-6316.yml
 - data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
 - data/ruby-advisory-db/gems/actionpack/OSVDB-100525.yml
 - data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml
@@ -99,11 +106,14 @@ files:
 - data/ruby-advisory-db/gems/actionpack/OSVDB-91452.yml
 - data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
 - data/ruby-advisory-db/gems/actionview/CVE-2016-0752.yml
+- data/ruby-advisory-db/gems/actionview/CVE-2016-2097.yml
+- data/ruby-advisory-db/gems/actionview/CVE-2016-6316.yml
 - data/ruby-advisory-db/gems/activemodel/CVE-2016-0753.yml
 - data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
 - data/ruby-advisory-db/gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
 - data/ruby-advisory-db/gems/activerecord/CVE-2014-3514.yml
 - data/ruby-advisory-db/gems/activerecord/CVE-2015-7577.yml
+- data/ruby-advisory-db/gems/activerecord/CVE-2016-6317.yml
 - data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
 - data/ruby-advisory-db/gems/activerecord/OSVDB-108664.yml
 - data/ruby-advisory-db/gems/activerecord/OSVDB-108665.yml
@@ -121,6 +131,9 @@ files:
 - data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
 - data/ruby-advisory-db/gems/activesupport/OSVDB-89594.yml
 - data/ruby-advisory-db/gems/activesupport/OSVDB-91451.yml
+- data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml
+- data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml
+- data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml
 - data/ruby-advisory-db/gems/as/OSVDB-112683.yml
 - data/ruby-advisory-db/gems/authlogic/OSVDB-89064.yml
 - data/ruby-advisory-db/gems/auto_awesomplete/OSVDB-132800.yml
@@ -158,6 +171,7 @@ files:
 - data/ruby-advisory-db/gems/devise/OSVDB-114435.yml
 - data/ruby-advisory-db/gems/devise/OSVDB-89642.yml
 - data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml
+- data/ruby-advisory-db/gems/doorkeeper/CVE-2016-6582.yml
 - data/ruby-advisory-db/gems/doorkeeper/OSVDB-118830.yml
 - data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml
 - data/ruby-advisory-db/gems/dragonfly/OSVDB-90647.yml
@@ -172,6 +186,7 @@ files:
 - data/ruby-advisory-db/gems/ember-source/CVE-2015-1866.yml
 - data/ruby-advisory-db/gems/ember-source/CVE-2015-7565.yml
 - data/ruby-advisory-db/gems/enum_column3/OSVDB-94679.yml
+- data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml
 - data/ruby-advisory-db/gems/extlib/OSVDB-90740.yml
 - data/ruby-advisory-db/gems/fastreader/OSVDB-91232.yml
 - data/ruby-advisory-db/gems/fat_free_crm/OSVDB-101445.yml
@@ -182,6 +197,7 @@ files:
 - data/ruby-advisory-db/gems/fat_free_crm/OSVDB-110420.yml
 - data/ruby-advisory-db/gems/fat_free_crm/OSVDB-118465.yml
 - data/ruby-advisory-db/gems/features/OSVDB-96975.yml
+- data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml
 - data/ruby-advisory-db/gems/fileutils/OSVDB-90715.yml
 - data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml
 - data/ruby-advisory-db/gems/fileutils/OSVDB-90717.yml
@@ -194,6 +210,8 @@ files:
 - data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-96798.yml
 - data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-97854.yml
 - data/ruby-advisory-db/gems/ftpd/OSVDB-90784.yml
+- data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8968.yml
+- data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8969.yml
 - data/ruby-advisory-db/gems/gitlab-grit/OSVDB-99370.yml
 - data/ruby-advisory-db/gems/gnms/OSVDB-108594.yml
 - data/ruby-advisory-db/gems/gollum-grit_adapter/CVE-2014-9489.yml
@@ -236,6 +254,7 @@ files:
 - data/ruby-advisory-db/gems/mapbox-rails/OSVDB-132871.yml
 - data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
 - data/ruby-advisory-db/gems/mini_magick/OSVDB-91231.yml
+- data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml
 - data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml
 - data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
 - data/ruby-advisory-db/gems/mustache-js-rails/OSVDB-131671.yml
@@ -244,6 +263,9 @@ files:
 - data/ruby-advisory-db/gems/nokogiri/CVE-2015-1819.yml
 - data/ruby-advisory-db/gems/nokogiri/CVE-2015-5312.yml
 - data/ruby-advisory-db/gems/nokogiri/CVE-2015-7499.yml
+- data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml
+- data/ruby-advisory-db/gems/nokogiri/CVE-2016-4658.yml
+- data/ruby-advisory-db/gems/nokogiri/CVE-2017-5029.yml
 - data/ruby-advisory-db/gems/nokogiri/OSVDB-101179.yml
 - data/ruby-advisory-db/gems/nokogiri/OSVDB-101458.yml
 - data/ruby-advisory-db/gems/nokogiri/OSVDB-118481.yml
@@ -260,6 +282,7 @@ files:
 - data/ruby-advisory-db/gems/passenger/CVE-2014-1831.yml
 - data/ruby-advisory-db/gems/passenger/CVE-2014-1832.yml
 - data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml
+- data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml
 - data/ruby-advisory-db/gems/passenger/OSVDB-90738.yml
 - data/ruby-advisory-db/gems/passenger/OSVDB-93752.yml
 - data/ruby-advisory-db/gems/passenger/OSVDB-94074.yml
@@ -268,6 +291,7 @@ files:
 - data/ruby-advisory-db/gems/quick_magick/OSVDB-106954.yml
 - data/ruby-advisory-db/gems/rack-attack/OSVDB-132234.yml
 - data/ruby-advisory-db/gems/rack-cache/OSVDB-83077.yml
+- data/ruby-advisory-db/gems/rack-mini-profiler/CVE-2016-4442.yml
 - data/ruby-advisory-db/gems/rack-ssl/OSVDB-104734.yml
 - data/ruby-advisory-db/gems/rack/CVE-2015-3225.yml
 - data/ruby-advisory-db/gems/rack/OSVDB-78121.yml
@@ -288,10 +312,13 @@ files:
 - data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml
 - data/ruby-advisory-db/gems/rest-client/OSVDB-117461.yml
 - data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
+- data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml
 - data/ruby-advisory-db/gems/ruby-saml/OSVDB-117903.yml
 - data/ruby-advisory-db/gems/ruby-saml/OSVDB-124383.yml
 - data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml
 - data/ruby-advisory-db/gems/ruby_parser/OSVDB-90561.yml
+- data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml
+- data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml
 - data/ruby-advisory-db/gems/screen_capture/OSVDB-107783.yml
 - data/ruby-advisory-db/gems/sentry-raven/OSVDB-115654.yml
 - data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml
@@ -303,6 +330,7 @@ files:
 - data/ruby-advisory-db/gems/sidekiq/OSVDB-125676.yml
 - data/ruby-advisory-db/gems/sidekiq/OSVDB-125678.yml
 - data/ruby-advisory-db/gems/sounder/OSVDB-96278.yml
+- data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml
 - data/ruby-advisory-db/gems/spree/OSVDB-119205.yml
 - data/ruby-advisory-db/gems/spree/OSVDB-125699.yml
 - data/ruby-advisory-db/gems/spree/OSVDB-125701.yml
@@ -367,7 +395,9 @@ files:
 - data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml
 - data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml
 - data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml
+- data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml
 - data/ruby-advisory-db/rubies/ruby/CVE-2015-7551.yml
+- data/ruby-advisory-db/rubies/ruby/CVE-2015-9096.yml
 - data/ruby-advisory-db/rubies/ruby/OSVDB-100113.yml
 - data/ruby-advisory-db/rubies/ruby/OSVDB-105027.yml
 - data/ruby-advisory-db/rubies/ruby/OSVDB-107478.yml
@@ -424,7 +454,7 @@ files:
 - spec/spec_helper.rb
 homepage: https://github.com/rubysec/bundler-audit#readme
 licenses:
-- GPLv3
+- GPL-3.0+
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -442,7 +472,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.8.0
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.7
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: Patch-level verification for Bundler