bundler-audit 0.8.0 → 0.9.0.1

data/spec/database_spec.rb

@@ -174,7 +174,7 @@ describe Bundler::Audit::Database do
     end
 
     context "when given a directory" do
-      let(:path ) { Dir.tmpdir }
+      let(:path) { Dir.tmpdir }
 
       subject { described_class.new(path) }
 
@@ -263,6 +263,30 @@ describe Bundler::Audit::Database do
     end
   end
 
+  describe "#commit_id" do
+    context "when the database is a git repository" do
+      let(:last_commit) { Fixtures::Database::COMMIT }
+
+      it "should return the last commit ID" do
+        expect(subject.commit_id).to be == last_commit
+      end
+    end
+
+    context "when the database is a bare directory" do
+      let(:path) { Fixtures.join('mock-database-dir') }
+
+      before { FileUtils.mkdir(path) }
+
+      subject { described_class.new(path) }
+
+      it "should return the mtime of the directory" do
+        expect(subject.commit_id).to be(nil)
+      end
+
+      after { FileUtils.rmdir(path) }
+    end
+  end
+
   describe "#last_updated_at" do
     context "when the database is a git repository" do
       let(:last_commit) { Fixtures::Database::COMMIT }

data/spec/fixtures/advisory/CVE-2020-1234.yml

@@ -10,6 +10,7 @@ description: |
   This is a test advisory.
 
 cvss_v2: 10.0
+cvss_v3: 9.8
 
 unaffected_versions:
   - "< 0.1.0"

data/spec/fixtures/lib/bundler/audit/cli/formats/bad.rb

@@ -5,11 +5,9 @@ module Bundler
     class CLI < ::Thor
       module Formats
         module Bad
-
           def print_report(report,output=$stdout)
             say "I am a bad format!", :red
           end
-
         end
 
         Formats.register :incorrect, Bad

data/spec/fixtures/lib/bundler/audit/cli/formats/good.rb

@@ -5,11 +5,9 @@ module Bundler
     class CLI < ::Thor
       module Formats
         module Good
-
           def print_report(report,output=$stdout)
             say "I am a good format.", :green
           end
-
         end
 
         Formats.register :good, Good

data/spec/results/unpatched_gem_spec.rb

@@ -89,9 +89,10 @@ describe Bundler::Audit::Results::UnpatchedGem do
     subject { super().to_h }
 
     let(:advisory_hash) { {id: advisory.id} }
+
     before { expect(advisory).to receive(:to_h).and_return(advisory_hash) }
 
-    it "must inclide type: :unpatched_gem" do
+    it "must include type: :unpatched_gem" do
       expect(subject[:type]).to be :unpatched_gem
     end
 
@@ -110,7 +111,6 @@ describe Bundler::Audit::Results::UnpatchedGem do
     end
 
     it "must include a :advisory key containing a Hash of the advisory" do
-
       expect(subject[:advisory]).to be == advisory_hash
     end
   end

data/spec/scanner_spec.rb

@@ -36,7 +36,7 @@ describe Scanner do
       end
 
       context "when the :ignore option is given" do
-        subject { super().scan(:ignore => ['OSVDB-89026']) }
+        subject { super().scan(ignore: ['OSVDB-89026']) }
 
         it "should ignore the specified advisories" do
           ids = subject.map { |result| result.advisory.id }
@@ -79,6 +79,30 @@ describe Scanner do
 
         expect(ids).not_to include('OSVDB-89025')
       end
+
+      context "when config path is absolute" do
+        let(:bundle) { 'unpatched_gems' }
+        let(:absolute_config_path) { File.absolute_path(File.join('spec','bundle','unpatched_gems_with_dot_configuration', '.bundler-audit.yml')) }
+        let(:scanner) { described_class.new(directory,'Gemfile.lock',Database.new,absolute_config_path) }
+
+        it "should read the config just fine" do
+          ids = subject.map { |result| result.advisory.id }
+
+          expect(ids).not_to include('OSVDB-89025')
+        end
+      end
+
+      context "when config path is relative" do
+        let(:bundle) { 'unpatched_gems' }
+        let(:relative_config_path) { File.join('..', 'unpatched_gems_with_dot_configuration', '.bundler-audit.yml') }
+        let(:scanner) { described_class.new(directory,'Gemfile.lock',Database.new,relative_config_path) }
+
+        it "should read the config just fine" do
+          ids = subject.map { |result| result.advisory.id }
+
+          expect(ids).not_to include('OSVDB-89025')
+        end
+      end
     end
   end
 

data/spec/spec_helper.rb

@@ -33,7 +33,11 @@ end
 module Helpers
   def sh(command, options={})
     result = `#{command} 2>&1`
-    raise "FAILED #{command}\n#{result}" if $?.success? == !!options[:fail]
+
+    if $?.success? == !!options[:fail]
+      raise "FAILED #{command}\n#{result}"
+    end
+
     result
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundler-audit
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0.1
 platform: ruby
 authors:
 - Postmodern
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -57,9 +57,11 @@ extra_rdoc_files:
 files:
 - ".document"
 - ".github/FUNDING.yml"
+- ".github/ISSUE_TEMPLATE/bug-report.md"
 - ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".yardopts"
 - COPYING.txt
 - ChangeLog.md
@@ -75,6 +77,7 @@ files:
 - lib/bundler/audit/cli.rb
 - lib/bundler/audit/cli/formats.rb
 - lib/bundler/audit/cli/formats/json.rb
+- lib/bundler/audit/cli/formats/junit.rb
 - lib/bundler/audit/cli/formats/text.rb
 - lib/bundler/audit/cli/thor_ext/shell/basic/say_error.rb
 - lib/bundler/audit/configuration.rb
@@ -99,6 +102,7 @@ files:
 - spec/bundle/unpatched_gems_with_dot_configuration/Gemfile
 - spec/bundle/unpatched_gems_with_dot_configuration/Gemfile.lock
 - spec/cli/formats/json_spec.rb
+- spec/cli/formats/junit_spec.rb
 - spec/cli/formats/text_spec.rb
 - spec/cli/formats_spec.rb
 - spec/cli_spec.rb
@@ -123,7 +127,7 @@ homepage: https://github.com/rubysec/bundler-audit#readme
 licenses:
 - GPL-3.0+
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -138,8 +142,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.8.0
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: Patch-level verification for Bundler
 test_files: []