RubyGems - bundler-audit - Versions diffs - 0.7.0.1 → 0.9.0 - Mend

bundler-audit 0.7.0.1 → 0.9.0

Files changed (612) hide show

data/spec/cli/formats_spec.rb ADDED Viewed

@@ -0,0 +1,86 @@
+require 'spec_helper'
+require 'bundler/audit/cli/formats'
+describe Bundler::Audit::CLI::Formats do
+  describe ".[]" do
+    context "when given the name of a registered format" do
+      it "should return the format" do
+        expect(subject[:text]).to be described_class::Text
+      end
+    end
+    context "when given an unknown name" do
+      it { expect(subject[:foo]).to be(nil) }
+    end
+  end
+  describe ".register" do
+    context "when given a valid format module" do
+      module GoodModule
+        def print_report(report)
+        end
+      end
+      let(:name)   { :good_module }
+      let(:format) { GoodModule   }
+      it "should register the module" do
+        subject.register name, format
+        expect(subject[name]).to be format
+      end
+    end
+    context "when given a format module that does not define #print_report" do
+      module BadModule
+        def pront_report(report)
+        end
+      end
+      let(:name)   { :bad_module }
+      let(:format) { BadModule   }
+      it do
+        expect { subject.register(name,format) }.to raise_error(
+          NotImplementedError, "#{format.inspect} does not define #print_report"
+        )
+      end
+    end
+  end
+  describe ".load" do
+    LIB_DIR = File.expand_path('../fixtures/lib',File.dirname(__FILE__))
+    before(:all) { $LOAD_PATH.unshift(LIB_DIR) }
+    context "when given the name of a valid format" do
+      let(:name) { :good }
+      it "should require and return the format" do
+        expect(subject.load(name)).to be described_class::Good
+      end
+    end
+    context "when given the name of a non-existant format" do
+      let(:name) { :foo }
+      it do
+        expect { subject.load(name) }.to raise_error(
+          described_class::FormatNotFound, "could not load format \"#{name}\""
+        )
+      end
+    end
+    context "when given the name of a printer which incorrectly registers itself" do
+      let(:name) { :bad }
+      it do
+        expect { subject.load(name) }.to raise_error(
+          described_class::FormatNotFound, "unknown format \"#{name}\""
+        )
+      end
+    end
+    after(:all) { $LOAD_PATH.delete(LIB_DIR) }
+  end
+end

data/spec/cli_spec.rb CHANGED Viewed

@@ -2,36 +2,90 @@ require 'spec_helper'
 require 'bundler/audit/cli'
 describe Bundler::Audit::CLI do
+  describe ".start" do
+    context "with wrong arguments" do
+      it "exits with error status code" do
+        expect {
+          described_class.start ["check", "foo/bar/baz"]
+        }.to raise_error(SystemExit) do |error|
+          expect(error.success?).to eq(false)
+          expect(error.status).to eq(1)
+        end
+      end
+    end
+  end
+  describe "#stats" do
+    let(:size) { 1234 }
+    let(:last_updated_at) { Time.now }
+    let(:commit_id) { 'f0f97c4c493b853319e029d226e96f2c2f0dc539' }
+    let(:database) { double(Bundler::Audit::Database) }
+    before do
+      expect(Bundler::Audit::Database).to receive(:new).and_return(database)
+      expect(database).to receive(:size).and_return(size)
+      expect(database).to receive(:last_updated_at).and_return(last_updated_at)
+      expect(database).to receive(:commit_id).and_return(commit_id)
+    end
+    it "prints total advisory count" do
+      expect { subject.stats }.to output(
+        include(
+          "advisories:\t#{size} advisories",
+          "last updated:\t#{last_updated_at}",
+          "commit:\t#{commit_id}"
+        )
+      ).to_stdout
+    end
+  end
   describe "#update" do
+    let(:database) { double(Bundler::Audit::Database) }
+    before do
+      allow(Bundler::Audit::Database).to receive(:new).and_return(database)
+    end
     context "not --quiet (the default)" do
       context "when update succeeds" do
+        let(:size) { 1234 }
+        let(:last_updated_at) { Time.now }
+        let(:commit_id) { 'f0f97c4c493b853319e029d226e96f2c2f0dc539' }
-        before { expect(Bundler::Audit::Database).to receive(:update!).and_return(true) }
-        it "prints updated message" do
-          expect { subject.update }.to output(/Updated ruby-advisory-db/).to_stdout
+        before do
+          expect(database).to receive(:update!).and_return(true)
+          expect(database).to receive(:size).and_return(size)
+          expect(database).to receive(:last_updated_at).and_return(last_updated_at)
+          expect(database).to receive(:commit_id).and_return(commit_id)
         end
-        it "prints total advisory count" do
-          database = double
-          expect(database).to receive(:size).and_return(1234)
-          expect(Bundler::Audit::Database).to receive(:new).and_return(database)
-          expect { subject.update }.to output(/ruby-advisory-db: 1234 advisories/).to_stdout
+        it "prints updated message and then the stats" do
+          expect { subject.update }.to output(
+            include(
+              "Updated ruby-advisory-db",
+              "ruby-advisory-db:",
+              "  advisories:\t#{size} advisories",
+              "  last updated:\t#{last_updated_at}",
+              "  commit:\t#{commit_id}"
+            )
+          ).to_stdout
         end
       end
       context "when update fails" do
-        before { expect(Bundler::Audit::Database).to receive(:update!).and_return(false) }
+        before do
+          expect(database).to receive(:update!).and_return(false)
+        end
         it "prints failure message" do
-          expect do
+          expect {
             begin
               subject.update
             rescue SystemExit
             end
-          end.to output(/Failed updating ruby-advisory-db!/).to_stdout
+          }.to output(/Failed updating ruby-advisory-db!/).to_stderr
         end
         it "exits with error status code" do
@@ -44,22 +98,22 @@ describe Bundler::Audit::CLI do
             expect(error.status).to eq(1)
           end
         end
       end
       context "when git is not installed" do
         before do
-          expect(Bundler::Audit::Database).to receive(:update!).and_return(nil)
+          expect(database).to receive(:update!).and_return(nil)
           expect(Bundler).to receive(:git_present?).and_return(false)
         end
         it "prints failure message" do
-          expect do
+          expect {
             begin
               subject.update
             rescue SystemExit
             end
-          end.to output(/Git is not installed!/).to_stdout
+          }.to output(/Git is not installed!/).to_stderr
         end
         it "exits with error status code" do
@@ -76,14 +130,13 @@ describe Bundler::Audit::CLI do
     end
     context "--quiet" do
-      before do
-        allow(subject).to receive(:options).and_return(double("Options", quiet?: true))
+      subject do
+        described_class.new([], {quiet: true})
       end
       context "when update succeeds" do
         before do
-          expect(Bundler::Audit::Database).to(
+          expect(database).to(
             receive(:update!).with(quiet: true).and_return(true)
           )
         end
@@ -94,20 +147,19 @@ describe Bundler::Audit::CLI do
       end
       context "when update fails" do
         before do
-          expect(Bundler::Audit::Database).to(
+          expect(database).to(
             receive(:update!).with(quiet: true).and_return(false)
           )
         end
         it "prints failure message" do
-          expect do
+          expect {
             begin
               subject.update
             rescue SystemExit
             end
-          end.to output(/Failed updating ruby-advisory-db!/).to_stdout
+          }.to_not output.to_stderr
         end
         it "exits with error status code" do

data/spec/configuration_spec.rb ADDED Viewed

@@ -0,0 +1,78 @@
+require 'spec_helper'
+require 'bundler/audit/configuration'
+describe Bundler::Audit::Configuration do
+  describe "when building from a yaml file" do
+    let(:fixtures_dir) { File.expand_path('../fixtures/config',__FILE__) }
+    subject { described_class.load(path) }
+    context "when the file does not exist" do
+      let(:path) { File.join(fixtures_dir,'bad','does_not_exist.yml') }
+      it 'raises an error' do
+        expect { subject }.to raise_error(described_class::FileNotFound, /Configuration file '.*' does not exist/)
+      end
+    end
+    context "when the file does exist" do
+      let(:path) { File.join(fixtures_dir,'valid.yml')   }
+      it { should be_a(described_class) }
+    end
+    context "validations" do
+      context "when the file is empty" do
+        let(:path) { File.join(fixtures_dir,'bad','empty.yml') }
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(described_class::InvalidConfigurationError)
+        end
+      end
+      context "when ignore is not an array" do
+        let(:path) { File.join(fixtures_dir,'bad','ignore_is_not_an_array.yml') }
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(described_class::InvalidConfigurationError)
+        end
+      end
+      context 'when ignore is an array' do
+        context 'when ignore only contains strings' do
+          let(:path) { File.join(fixtures_dir,'valid.yml')   }
+          it { should be_a(described_class) }
+        end
+        describe "when ignore contains non-strings" do
+          let(:path) { File.join(fixtures_dir,'bad','ignore_contains_a_non_string.yml') }
+          it "raises a validation error" do
+            expect { subject }.to raise_error(described_class::InvalidConfigurationError)
+          end
+        end
+      end
+    end
+  end
+  describe "#initialize" do
+    context "when given no arguments" do
+      it "must set @ignore to an empty Set" do
+        expect(subject.ignore).to be_kind_of(Set)
+        expect(subject.ignore).to be_empty
+      end
+    end
+    context "when given :ignore" do
+      let(:advisory_ids) { %w[CVE-123 CVE-456] }
+      subject { described_class.new(ignore: advisory_ids) }
+      it "must initialize @ignore to contain :ignore" do
+        expect(subject.ignore).to be_kind_of(Set)
+        expect(subject.ignore).to be == Set.new(advisory_ids)
+      end
+    end
+  end
+end

data/spec/database_spec.rb CHANGED Viewed

@@ -4,75 +4,162 @@ require 'tmpdir'
 describe Bundler::Audit::Database do
   let(:vendored_advisories) do
-    Dir[File.join(Bundler::Audit::Database::VENDORED_PATH, 'gems/*/*.yml')].sort
+    Dir[File.join(Fixtures::Database::PATH, 'gems/*/*.yml')].sort
   end
-  describe "path" do
+  describe ".path" do
     subject { described_class.path }
     it "it should be a directory" do
-      expect(File.directory?(subject)).to be_truthy
+      expect(described_class.path).to be_truthy
     end
+  end
+  describe ".exists?" do
+    subject { described_class }
+    context "when the directory does not exist" do
+      let(:path) { '/does/not/exist' }
+      it { expect(subject.exists?(path)).to be(false) }
+    end
+    context "when the directory does exist" do
+      context "but is empty" do
+        let(:path) { Fixtures.join('empty_dir') }
+        before { FileUtils.mkdir(path) }
+        it { expect(subject.exists?(path)).to be(false) }
+        after { FileUtils.rmdir(path) }
+      end
+      context "and there are files within the directory" do
+        let(:path) { Fixtures.join('not_empty_dir') }
+        before do
+          FileUtils.mkdir(path)
+          FileUtils.touch(File.join(path,'file.txt'))
+        end
+        it { expect(subject.exists?(path)).to be(true) }
+        after { FileUtils.rm_r(path) }
+      end
+    end
+  end
-    it "should prefer the user repo, iff it's as up to date, or more up to date than the vendored one" do
-      described_class.update!(quiet: false)
+  describe ".download" do
+    subject { described_class }
-      ts_const = described_class::VENDORED_TIMESTAMP
+    let(:url)  { described_class::URL          }
+    let(:path) { described_class::DEFAULT_PATH }
-      current_user_ts = Dir.chdir(described_class::USER_PATH) do
-        Time.parse(`git log --date=iso8601 --pretty="%cd" -1`).utc
+    it "should execute `git clone` with URL and DEFAULT_PATH" do
+      expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(true)
+      expect(subject).to receive(:new)
+      subject.download
+    end
+    context "with :path" do
+      let(:url)  { described_class::URL          }
+      let(:path) { Fixtures.join('new-database') }
+      it "should execute `git clone` with the given output path" do
+        expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(true)
+        expect(subject).to receive(:new)
+        subject.download(path: path)
       end
+    end
-      puts "Timestamp: #{current_user_ts}"
+    context "with :quiet" do
+      it "should execute `git clone` with the `--quiet` option" do
+        expect(subject).to receive(:system).with('git', 'clone', '--quiet', url, path).and_return(true)
+        expect(subject).to receive(:new)
-      # As up to date...
-      expect do
-        # Stub the vendor copy to be the exact same as the user path copy
-        stub_const(ts_const, current_user_ts)
-        # When they are the exact same, prefer the user copy
-        expect(subject).to eq mocked_user_path
+        subject.download(quiet: true)
       end
+    end
+    context "when the command fails" do
+      it do
+        expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(false)
-      # Prefer the newest; in this case, user copy
-      expect do
-        # Stub the vendor copy to be older than the user path copy
-        stub_const(ts_const, current_user_ts-1)
-        # When vendor copy is older, prefer the user copy
-        expect(subject).to eq mocked_user_path
+        expect {
+          subject.download
+        }.to raise_error(described_class::DownloadFailed)
       end
+    end
-      # Prefer the newest; in this case, vendor copy
-      expect do
-        # Stub the vendor copy to be newer than the user path copy
-        stub_const(ts_const, current_user_ts+1)
-        # When user copy is older, prefer the vendor copy
-        expect(subject).to eq described_class::VENDORED_PATH
+    context "with an unknown option" do
+      it do
+        expect {
+          subject.download(foo: true)
+        }.to raise_error(ArgumentError)
       end
     end
   end
-  describe "update!" do
+  describe ".update!" do
     subject { described_class }
-    it "should create the USER_PATH path as needed" do
-      subject.update!(quiet: false)
+    context "when :path does not yet exist" do
+      let(:dest_dir) { Fixtures.join('new-ruby-advisory-db') }
-      expect(File.directory?(mocked_user_path)).to be true
+      before { stub_const("#{described_class}::DEFAULT_PATH",dest_dir) }
+      let(:url)  { described_class::URL          }
+      let(:path) { described_class::DEFAULT_PATH }
+      it "should execute `git clone` and call .new" do
+        expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(true)
+        expect(subject).to receive(:new)
+        subject.update!(quiet: false)
+      end
+      context "when the `git clone` fails" do
+        before { stub_const("#{described_class}::URL",'https://example.com/') }
+        it do
+          expect(subject).to receive(:system).with('git', 'clone', url, path).and_return(false)
+          expect(subject.update!(quiet: false)).to eq(false)
+        end
+      end
+      after { FileUtils.rm_rf(dest_dir) }
     end
-    it "should create the repo, then update it given multiple successive calls." do
-      expect_update_to_clone_repo!
-      subject.update!(quiet: false)
-      expect(File.directory?(mocked_user_path)).to be true
+    context "when :path already exists" do
+      let(:dest_dir) { Fixtures.join('existing-ruby-advisory-db') }
+      before { FileUtils.cp_r(Fixtures::Database::PATH,dest_dir) }
+      before { stub_const("#{described_class}::DEFAULT_PATH",dest_dir) }
+      it "should execute `git pull`" do
+        expect_any_instance_of(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(true)
+        subject.update!(quiet: false)
+      end
+      after { FileUtils.rm_rf(dest_dir) }
-      expect_update_to_update_repo!
-      subject.update!(quiet: false)
-      expect(File.directory?(mocked_user_path)).to be true
+      context "when the `git pull` fails" do
+        it do
+          expect_any_instance_of(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(false)
+          expect(subject.update!(quiet: false)).to eq(false)
+        end
+      end
     end
     context "when given an invalid option" do
       it do
-        expect { subject.update!(foo: 1) }.to raise_error(ArgumentError)
+        expect { subject.update!(foo: 1) }.to raise_error(RuntimeError)
       end
     end
   end
@@ -87,7 +174,7 @@ describe Bundler::Audit::Database do
     end
     context "when given a directory" do
-      let(:path ) { Dir.tmpdir }
+      let(:path) { Dir.tmpdir }
       subject { described_class.new(path) }
@@ -105,6 +192,151 @@ describe Bundler::Audit::Database do
     end
   end
+  describe "#git?" do
+    subject { described_class.new(path) }
+    context "when a '.git' directory exists within the database" do
+      let(:path) { Fixtures.join('mock-git-database') }
+      before do
+        FileUtils.mkdir(path)
+        FileUtils.mkdir(File.join(path,'.git'))
+      end
+      it { expect(subject.git?).to be(true) }
+      after { FileUtils.rm_rf(path) }
+    end
+    context "when no '.git' directory exists within the database" do
+      let(:path) { Fixtures.join('mock-bare-database') }
+      before do
+        FileUtils.mkdir(path)
+      end
+      it { expect(subject.git?).to be(false) }
+      after { FileUtils.rm_rf(path) }
+    end
+  end
+  describe "#update!" do
+    context "when the database is a git repository" do
+      it do
+        expect(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(true)
+        subject.update!
+      end
+      context "when the :quiet option is given" do
+        it do
+          expect(subject).to receive(:system).with('git', 'pull', '--quiet', 'origin', 'master').and_return(true)
+          subject.update!(quiet: true)
+        end
+      end
+      context "when the `git pull` command fails" do
+        it do
+          expect(subject).to receive(:system).with('git', 'pull', 'origin', 'master').and_return(false)
+          expect {
+            subject.update!
+          }.to raise_error(described_class::UpdateFailed)
+        end
+      end
+    end
+    context "when the database is a bare directory" do
+      let(:path) { Fixtures.join('mock-bare-database') }
+      before { FileUtils.mkdir(path) }
+      subject { described_class.new(path) }
+      it do
+        expect(subject.update!).to be(nil)
+      end
+      after { FileUtils.rmdir(path) }
+    end
+  end
+  describe "#commit_id" do
+    context "when the database is a git repository" do
+      let(:last_commit) { Fixtures::Database::COMMIT }
+      it "should return the last commit ID" do
+        expect(subject.commit_id).to be == last_commit
+      end
+    end
+    context "when the database is a bare directory" do
+      let(:path) { Fixtures.join('mock-database-dir') }
+      before { FileUtils.mkdir(path) }
+      subject { described_class.new(path) }
+      it "should return the mtime of the directory" do
+        expect(subject.commit_id).to be(nil)
+      end
+      after { FileUtils.rmdir(path) }
+    end
+  end
+  describe "#last_updated_at" do
+    context "when the database is a git repository" do
+      let(:last_commit) { Fixtures::Database::COMMIT }
+      let(:last_commit_timestamp) do
+        Dir.chdir(Fixtures::Database::PATH) do
+          Time.parse(`git log --date=iso8601 --pretty="%cd" #{last_commit}`)
+        end
+      end
+      it "should return the timestamp of the last commit" do
+        expect(subject.last_updated_at).to be == last_commit_timestamp
+      end
+    end
+    context "when the database is a bare directory" do
+      let(:path) { Fixtures.join('mock-database-dir') }
+      before { FileUtils.mkdir(path) }
+      subject { described_class.new(path) }
+      it "should return the mtime of the directory" do
+        expect(subject.last_updated_at).to be == File.mtime(path)
+      end
+      after { FileUtils.rmdir(path) }
+    end
+  end
+  describe "#advisories" do
+    subject { super().advisories }
+    it "should return a list of all advisories." do
+      expect(subject.map(&:path)).to match_array(vendored_advisories)
+    end
+  end
+  describe "#advisories_for" do
+    let(:gem) { 'activesupport' }
+    let(:vendored_advisories_for) do
+      Dir[File.join(Fixtures::Database::PATH, "gems/#{gem}/*.yml")].sort
+    end
+    subject { super().advisories_for(gem) }
+    it "should return a list of all advisories." do
+      expect(subject.map(&:path)).to match_array(vendored_advisories_for)
+    end
+  end
   describe "#check_gem" do
     let(:gem) do
       Gem::Specification.new do |s|
@@ -139,17 +371,6 @@ describe Bundler::Audit::Database do
     it { expect(subject.size).to eq vendored_advisories.count }
   end
-  describe "#advisories" do
-    it "should return a list of all advisories." do
-      actual_advisories = Bundler::Audit::Database.new.
-        advisories.
-        map(&:path).
-        sort
-      expect(actual_advisories).to eq vendored_advisories
-    end
-  end
   describe "#to_s" do
     it "should return the Database path" do
       expect(subject.to_s).to eq(subject.path)
@@ -158,7 +379,7 @@ describe Bundler::Audit::Database do
   describe "#inspect" do
     it "should produce a Ruby-ish instance descriptor" do
-      expect(Bundler::Audit::Database.new.inspect).to eq("#<Bundler::Audit::Database:#{Bundler::Audit::Database::VENDORED_PATH}>")
+      expect(subject.inspect).to eq("#<#{described_class}:#{subject.path}>")
     end
   end
 end