bundler-audit 0.6.1 → 0.8.0

data/spec/cli/formats_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+require 'bundler/audit/cli/formats'
+
+describe Bundler::Audit::CLI::Formats do
+  describe ".[]" do
+    context "when given the name of a registered format" do
+      it "should return the format" do
+        expect(subject[:text]).to be described_class::Text
+      end
+    end
+
+    context "when given an unknown name" do
+      it { expect(subject[:foo]).to be(nil) }
+    end
+  end
+
+  describe ".register" do
+    context "when given a valid format module" do
+      module GoodModule
+        def print_report(report)
+        end
+      end
+
+      let(:name)   { :good_module }
+      let(:format) { GoodModule   }
+
+      it "should register the module" do
+        subject.register name, format
+
+        expect(subject[name]).to be format
+      end
+    end
+
+    context "when given a format module that does not define #print_report" do
+      module BadModule
+        def pront_report(report)
+        end
+      end
+
+      let(:name)   { :bad_module }
+      let(:format) { BadModule   }
+
+      it do
+        expect { subject.register(name,format) }.to raise_error(
+          NotImplementedError, "#{format.inspect} does not define #print_report"
+        )
+      end
+    end
+  end
+
+  describe ".load" do
+    LIB_DIR = File.expand_path('../fixtures/lib',File.dirname(__FILE__))
+
+    before(:all) { $LOAD_PATH.unshift(LIB_DIR) }
+
+    context "when given the name of a valid format" do
+      let(:name) { :good }
+
+      it "should require and return the format" do
+        expect(subject.load(name)).to be described_class::Good
+      end
+    end
+
+    context "when given the name of a non-existant format" do
+      let(:name) { :foo }
+
+      it do
+        expect { subject.load(name) }.to raise_error(
+          described_class::FormatNotFound, "could not load format \"#{name}\""
+        )
+      end
+    end
+
+    context "when given the name of a printer which incorrectly registers itself" do
+      let(:name) { :bad }
+
+      it do
+        expect { subject.load(name) }.to raise_error(
+          described_class::FormatNotFound, "unknown format \"#{name}\""
+        )
+      end
+    end
+
+    after(:all) { $LOAD_PATH.delete(LIB_DIR) }
+  end
+end

data/spec/cli_spec.rb

@@ -2,28 +2,70 @@ require 'spec_helper'
 require 'bundler/audit/cli'
 
 describe Bundler::Audit::CLI do
+  describe ".start" do
+    context "with wrong arguments" do
+      it "exits with error status code" do
+        expect {
+          described_class.start ["check", "foo/bar/baz"]
+        }.to raise_error(SystemExit) do |error|
+          expect(error.success?).to eq(false)
+          expect(error.status).to eq(1)
+        end
+      end
+    end
+  end
+
   describe "#update" do
     context "not --quiet (the default)" do
       context "when update succeeds" do
-
-        before { expect(Bundler::Audit::Database).to receive(:update!).and_return(true) }
+        before do
+          expect_any_instance_of(Bundler::Audit::Database).to receive(:update!).and_return(true)
+        end
 
         it "prints updated message" do
           expect { subject.update }.to output(/Updated ruby-advisory-db/).to_stdout
         end
 
         it "prints total advisory count" do
-          database = double
-          expect(database).to receive(:size).and_return(1234)
-          expect(Bundler::Audit::Database).to receive(:new).and_return(database)
+          size = 1234
+          expect_any_instance_of(Bundler::Audit::Database).to receive(:size).and_return(size)
 
-          expect { subject.update }.to output(/ruby-advisory-db: 1234 advisories/).to_stdout
+          expect { subject.update }.to output(/advisories:\t#{size} advisories/).to_stdout
         end
       end
 
       context "when update fails" do
+        before do
+          expect_any_instance_of(Bundler::Audit::Database).to receive(:update!).and_return(false)
+        end
+
+        it "prints failure message" do
+          expect {
+            begin
+              subject.update
+            rescue SystemExit
+            end
+          }.to output(/Failed updating ruby-advisory-db!/).to_stderr
+        end
+
+        it "exits with error status code" do
+          expect {
+            # Capture output of `update` only to keep spec output clean.
+            # The test regarding specific output is above.
+            expect { subject.update }.to output.to_stdout
+          }.to raise_error(SystemExit) do |error|
+            expect(error.success?).to eq(false)
+            expect(error.status).to eq(1)
+          end
+        end
 
-        before { expect(Bundler::Audit::Database).to receive(:update!).and_return(false) }
+      end
+
+      context "when git is not installed" do
+        before do
+          expect_any_instance_of(Bundler::Audit::Database).to receive(:update!).and_return(nil)
+          expect(Bundler).to receive(:git_present?).and_return(false)
+        end
 
         it "prints failure message" do
           expect do
@@ -31,7 +73,7 @@ describe Bundler::Audit::CLI do
               subject.update
             rescue SystemExit
             end
-          end.to output(/Failed updating ruby-advisory-db!/).to_stdout
+          end.to output(/Git is not installed!/).to_stderr
         end
 
         it "exits with error status code" do
@@ -44,19 +86,17 @@ describe Bundler::Audit::CLI do
             expect(error.status).to eq(1)
           end
         end
-
       end
     end
 
     context "--quiet" do
-      before do
-        allow(subject).to receive(:options).and_return(double("Options", quiet?: true))
+      subject do
+        described_class.new([], {quiet: true})
       end
 
       context "when update succeeds" do
-
         before do
-          expect(Bundler::Audit::Database).to(
+          expect_any_instance_of(Bundler::Audit::Database).to(
             receive(:update!).with(quiet: true).and_return(true)
           )
         end
@@ -67,20 +107,19 @@ describe Bundler::Audit::CLI do
       end
 
       context "when update fails" do
-
         before do
-          expect(Bundler::Audit::Database).to(
+          expect_any_instance_of(Bundler::Audit::Database).to(
             receive(:update!).with(quiet: true).and_return(false)
           )
         end
 
         it "prints failure message" do
-          expect do
+          expect {
             begin
               subject.update
             rescue SystemExit
             end
-          end.to output(/Failed updating ruby-advisory-db!/).to_stdout
+          }.to_not output.to_stderr
         end
 
         it "exits with error status code" do

data/spec/configuration_spec.rb

@@ -0,0 +1,78 @@
+require 'spec_helper'
+require 'bundler/audit/configuration'
+
+describe Bundler::Audit::Configuration do
+  describe "when building from a yaml file" do
+    let(:fixtures_dir) { File.expand_path('../fixtures/config',__FILE__) }
+
+    subject { described_class.load(path) }
+
+    context "when the file does not exist" do
+      let(:path) { File.join(fixtures_dir,'bad','does_not_exist.yml') }
+
+      it 'raises an error' do
+        expect { subject }.to raise_error(described_class::FileNotFound, /Configuration file '.*' does not exist/)
+      end
+    end
+
+    context "when the file does exist" do
+      let(:path) { File.join(fixtures_dir,'valid.yml')   }
+
+      it { should be_a(described_class) }
+    end
+
+    context "validations" do
+      context "when the file is empty" do
+        let(:path) { File.join(fixtures_dir,'bad','empty.yml') }
+
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(described_class::InvalidConfigurationError)
+        end
+      end
+
+      context "when ignore is not an array" do
+        let(:path) { File.join(fixtures_dir,'bad','ignore_is_not_an_array.yml') }
+
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(described_class::InvalidConfigurationError)
+        end
+      end
+
+      context 'when ignore is an array' do
+        context 'when ignore only contains strings' do
+          let(:path) { File.join(fixtures_dir,'valid.yml')   }
+
+          it { should be_a(described_class) }
+        end
+
+        describe "when ignore contains non-strings" do
+          let(:path) { File.join(fixtures_dir,'bad','ignore_contains_a_non_string.yml') }
+
+          it "raises a validation error" do
+            expect { subject }.to raise_error(described_class::InvalidConfigurationError)
+          end
+        end
+      end
+    end
+  end
+
+  describe "#initialize" do
+    context "when given no arguments" do
+      it "must set @ignore to an empty Set" do
+        expect(subject.ignore).to be_kind_of(Set)
+        expect(subject.ignore).to be_empty
+      end
+    end
+
+    context "when given :ignore" do
+      let(:advisory_ids) { %w[CVE-123 CVE-456] }
+
+      subject { described_class.new(ignore: advisory_ids) }
+
+      it "must initialize @ignore to contain :ignore" do
+        expect(subject.ignore).to be_kind_of(Set)
+        expect(subject.ignore).to be == Set.new(advisory_ids)
+      end
+    end
+  end
+end

data/spec/database_spec.rb

@@ -4,50 +4,163 @@ require 'tmpdir'
 
 describe Bundler::Audit::Database do
   let(:vendored_advisories) do
-    Dir[File.join(Bundler::Audit::Database::VENDORED_PATH, 'gems/*/*.yml')].sort
+    Dir[File.join(Fixtures::Database::PATH, 'gems/*/*.yml')].sort
   end
 
-  describe "path" do
+  describe ".path" do
     subject { described_class.path }
 
     it "it should be a directory" do
-      expect(File.directory?(subject)).to be_truthy
+      expect(described_class.path).to be_truthy
     end
+  end
+
+  describe ".exists?" do
+    subject { described_class }
+
+    context "when the directory does not exist" do
+      let(:path) { '/does/not/exist' }
+
+      it { expect(subject.exists?(path)).to be(false) }
+    end
+
+    context "when the directory does exist" do
+      context "but is empty" do
+        let(:path) { Fixtures.join('empty_dir') }
+
+        before { FileUtils.mkdir(path) }
+
+        it { expect(subject.exists?(path)).to be(false) }
+
+        after { FileUtils.rmdir(path) }
+      end
+
+      context "and there are files within the directory" do
+        let(:path) { Fixtures.join('not_empty_dir') }
+
+        before do
+          FileUtils.mkdir(path)
+          FileUtils.touch(File.join(path,'file.txt'))
+        end
+
+        it { expect(subject.exists?(path)).to be(true) }
+
+        after { FileUtils.rm_r(path) }
+      end
+    end
+  end
+
+  describe ".download" do
+    subject { described_class }
+
+    let(:url)  { described_class::URL          }
+    let(:path) { described_class::DEFAULT_PATH }
+
+    it "should execute `git clone` with URL and DEFAULT_PATH" do
+      expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(true)
+      expect(subject).to receive(:new)
+
+      subject.download
+    end
+
+    context "with :path" do
+      let(:url)  { described_class::URL          }
+      let(:path) { Fixtures.join('new-database') }
 
-    it "should prefer the user repo, iff it's as up to date, or more up to date than the vendored one" do
-      Bundler::Audit::Database.update!(quiet: false)
+      it "should execute `git clone` with the given output path" do
+        expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(true)
+        expect(subject).to receive(:new)
 
-      Dir.chdir(Bundler::Audit::Database::USER_PATH) do
-        puts "Timestamp:"
-        system 'git log --pretty="%cd" -1'
+        subject.download(path: path)
       end
+    end
+
+    context "with :quiet" do
+      it "should execute `git clone` with the `--quiet` option" do
+        expect(subject).to receive(:system).with('git', 'clone', '--quiet', url, path).and_return(true)
+        expect(subject).to receive(:new)
+
+        subject.download(quiet: true)
+      end
+    end
 
-      # As up to date...
-      expect(Bundler::Audit::Database.path).to eq mocked_user_path
+    context "when the command fails" do
+      it do
+        expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(false)
 
-      # More up to date...
-      fake_a_commit_in_the_user_repo
-      expect(Bundler::Audit::Database.path).to eq mocked_user_path
+        expect {
+          subject.download
+        }.to raise_error(described_class::DownloadFailed)
+      end
+    end
 
-      roll_user_repo_back(20)
-      expect(Bundler::Audit::Database.path).to eq Bundler::Audit::Database::VENDORED_PATH
+    context "with an unknown option" do
+      it do
+        expect {
+          subject.download(foo: true)
+        }.to raise_error(ArgumentError)
+      end
     end
   end
 
-  describe "update!" do
-    it "should create the USER_PATH path as needed" do
-      Bundler::Audit::Database.update!(quiet: false)
-      expect(File.directory?(mocked_user_path)).to be true
+  describe ".update!" do
+    subject { described_class }
+
+    context "when :path does not yet exist" do
+      let(:dest_dir) { Fixtures.join('new-ruby-advisory-db') }
+
+      before { stub_const("#{described_class}::DEFAULT_PATH",dest_dir) }
+
+      let(:url)  { described_class::URL          }
+      let(:path) { described_class::DEFAULT_PATH }
+
+      it "should execute `git clone` and call .new" do
+        expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(true)
+        expect(subject).to receive(:new)
+
+        subject.update!(quiet: false)
+      end
+
+      context "when the `git clone` fails" do
+        before { stub_const("#{described_class}::URL",'https://example.com/') }
+
+        it do
+          expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(false)
+
+          expect(subject.update!(quiet: false)).to eq(false)
+        end
+      end
+
+      after { FileUtils.rm_rf(dest_dir) }
     end
 
-    it "should create the repo, then update it given multple successive calls." do
-      expect_update_to_clone_repo!
-      Bundler::Audit::Database.update!(quiet: false)
-      expect(File.directory?(mocked_user_path)).to be true
+    context "when :path already exists" do
+      let(:dest_dir) { Fixtures.join('existing-ruby-advisory-db') }
+
+      before { FileUtils.cp_r(Fixtures::Database::PATH,dest_dir) }
+      before { stub_const("#{described_class}::DEFAULT_PATH",dest_dir) }
 
-      expect_update_to_update_repo!
-      Bundler::Audit::Database.update!(quiet: false)
-      expect(File.directory?(mocked_user_path)).to be true
+      it "should execute `git pull`" do
+        expect_any_instance_of(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(true)
+
+        subject.update!(quiet: false)
+      end
+
+      after { FileUtils.rm_rf(dest_dir) }
+
+      context "when the `git pull` fails" do
+        it do
+          expect_any_instance_of(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(false)
+
+          expect(subject.update!(quiet: false)).to eq(false)
+        end
+      end
+    end
+
+    context "when given an invalid option" do
+      it do
+        expect { subject.update!(foo: 1) }.to raise_error(RuntimeError)
+      end
     end
   end
 
@@ -79,6 +192,127 @@ describe Bundler::Audit::Database do
     end
   end
 
+  describe "#git?" do
+    subject { described_class.new(path) }
+
+    context "when a '.git' directory exists within the database" do
+      let(:path) { Fixtures.join('mock-git-database') }
+
+      before do
+        FileUtils.mkdir(path)
+        FileUtils.mkdir(File.join(path,'.git'))
+      end
+
+      it { expect(subject.git?).to be(true) }
+
+      after { FileUtils.rm_rf(path) }
+    end
+
+    context "when no '.git' directory exists within the database" do
+      let(:path) { Fixtures.join('mock-bare-database') }
+
+      before do
+        FileUtils.mkdir(path)
+      end
+
+      it { expect(subject.git?).to be(false) }
+
+      after { FileUtils.rm_rf(path) }
+    end
+  end
+
+  describe "#update!" do
+    context "when the database is a git repository" do
+      it do
+        expect(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(true)
+
+        subject.update!
+      end
+
+      context "when the :quiet option is given" do
+        it do
+          expect(subject).to receive(:system).with('git', 'pull', '--quiet', 'origin', 'master').and_return(true)
+
+          subject.update!(quiet: true)
+        end
+      end
+
+      context "when the `git pull` command fails" do
+        it do
+          expect(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(false)
+
+          expect {
+            subject.update!
+          }.to raise_error(described_class::UpdateFailed)
+        end
+      end
+    end
+
+    context "when the database is a bare directory" do
+      let(:path) { Fixtures.join('mock-bare-database') }
+
+      before { FileUtils.mkdir(path) }
+
+      subject { described_class.new(path) }
+
+      it do
+        expect(subject.update!).to be(nil)
+      end
+
+      after { FileUtils.rmdir(path) }
+    end
+  end
+
+  describe "#last_updated_at" do
+    context "when the database is a git repository" do
+      let(:last_commit) { Fixtures::Database::COMMIT }
+      let(:last_commit_timestamp) do
+        Dir.chdir(Fixtures::Database::PATH) do
+          Time.parse(`git log --date=iso8601 --pretty="%cd" #{last_commit}`)
+        end
+      end
+
+      it "should return the timestamp of the last commit" do
+        expect(subject.last_updated_at).to be == last_commit_timestamp
+      end
+    end
+
+    context "when the database is a bare directory" do
+      let(:path) { Fixtures.join('mock-database-dir') }
+
+      before { FileUtils.mkdir(path) }
+
+      subject { described_class.new(path) }
+
+      it "should return the mtime of the directory" do
+        expect(subject.last_updated_at).to be == File.mtime(path)
+      end
+
+      after { FileUtils.rmdir(path) }
+    end
+  end
+
+  describe "#advisories" do
+    subject { super().advisories }
+
+    it "should return a list of all advisories." do
+      expect(subject.map(&:path)).to match_array(vendored_advisories)
+    end
+  end
+
+  describe "#advisories_for" do
+    let(:gem) { 'activesupport' }
+    let(:vendored_advisories_for) do
+      Dir[File.join(Fixtures::Database::PATH, "gems/#{gem}/*.yml")].sort
+    end
+
+    subject { super().advisories_for(gem) }
+
+    it "should return a list of all advisories." do
+      expect(subject.map(&:path)).to match_array(vendored_advisories_for)
+    end
+  end
+
   describe "#check_gem" do
     let(:gem) do
       Gem::Specification.new do |s|
@@ -113,17 +347,6 @@ describe Bundler::Audit::Database do
     it { expect(subject.size).to eq vendored_advisories.count }
   end
 
-  describe "#advisories" do
-    it "should return a list of all advisories." do
-      actual_advisories = Bundler::Audit::Database.new.
-        advisories.
-        map(&:path).
-        sort
-
-      expect(actual_advisories).to eq vendored_advisories
-    end
-  end
-
   describe "#to_s" do
     it "should return the Database path" do
       expect(subject.to_s).to eq(subject.path)
@@ -132,7 +355,7 @@ describe Bundler::Audit::Database do
 
   describe "#inspect" do
     it "should produce a Ruby-ish instance descriptor" do
-      expect(Bundler::Audit::Database.new.inspect).to eq("#<Bundler::Audit::Database:#{Bundler::Audit::Database::VENDORED_PATH}>")
+      expect(subject.inspect).to eq("#<#{described_class}:#{subject.path}>")
     end
   end
 end