bundler-audit 0.8.0 → 0.9.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE/bug-report.md +44 -0
- data/.github/workflows/ruby.yml +14 -1
- data/.rubocop.yml +83 -0
- data/COPYING.txt +4 -4
- data/ChangeLog.md +30 -0
- data/Gemfile +7 -3
- data/README.md +16 -10
- data/Rakefile +7 -3
- data/bundler-audit.gemspec +3 -4
- data/lib/bundler/audit/advisory.rb +23 -2
- data/lib/bundler/audit/cli/formats/json.rb +16 -2
- data/lib/bundler/audit/cli/formats/junit.rb +127 -0
- data/lib/bundler/audit/cli/formats/text.rb +11 -7
- data/lib/bundler/audit/cli/formats.rb +7 -3
- data/lib/bundler/audit/cli.rb +32 -15
- data/lib/bundler/audit/configuration.rb +7 -4
- data/lib/bundler/audit/database.rb +20 -4
- data/lib/bundler/audit/results/insecure_source.rb +4 -1
- data/lib/bundler/audit/results/unpatched_gem.rb +6 -2
- data/lib/bundler/audit/results.rb +1 -1
- data/lib/bundler/audit/scanner.rb +8 -2
- data/lib/bundler/audit/task.rb +20 -5
- data/lib/bundler/audit/version.rb +2 -2
- data/lib/bundler/audit.rb +1 -1
- data/spec/advisory_spec.rb +9 -1
- data/spec/bundle/insecure_sources/Gemfile.lock +69 -71
- data/spec/bundle/secure/Gemfile.lock +51 -53
- data/spec/cli/formats/json_spec.rb +1 -0
- data/spec/cli/formats/junit_spec.rb +284 -0
- data/spec/cli/formats/text_spec.rb +87 -17
- data/spec/cli_spec.rb +57 -17
- data/spec/database_spec.rb +25 -1
- data/spec/fixtures/advisory/CVE-2020-1234.yml +1 -0
- data/spec/fixtures/lib/bundler/audit/cli/formats/bad.rb +0 -2
- data/spec/fixtures/lib/bundler/audit/cli/formats/good.rb +0 -2
- data/spec/results/unpatched_gem_spec.rb +2 -2
- data/spec/scanner_spec.rb +25 -1
- data/spec/spec_helper.rb +5 -1
- metadata +10 -6
data/spec/database_spec.rb
CHANGED
@@ -174,7 +174,7 @@ describe Bundler::Audit::Database do
|
|
174
174
|
end
|
175
175
|
|
176
176
|
context "when given a directory" do
|
177
|
-
let(:path
|
177
|
+
let(:path) { Dir.tmpdir }
|
178
178
|
|
179
179
|
subject { described_class.new(path) }
|
180
180
|
|
@@ -263,6 +263,30 @@ describe Bundler::Audit::Database do
|
|
263
263
|
end
|
264
264
|
end
|
265
265
|
|
266
|
+
describe "#commit_id" do
|
267
|
+
context "when the database is a git repository" do
|
268
|
+
let(:last_commit) { Fixtures::Database::COMMIT }
|
269
|
+
|
270
|
+
it "should return the last commit ID" do
|
271
|
+
expect(subject.commit_id).to be == last_commit
|
272
|
+
end
|
273
|
+
end
|
274
|
+
|
275
|
+
context "when the database is a bare directory" do
|
276
|
+
let(:path) { Fixtures.join('mock-database-dir') }
|
277
|
+
|
278
|
+
before { FileUtils.mkdir(path) }
|
279
|
+
|
280
|
+
subject { described_class.new(path) }
|
281
|
+
|
282
|
+
it "should return the mtime of the directory" do
|
283
|
+
expect(subject.commit_id).to be(nil)
|
284
|
+
end
|
285
|
+
|
286
|
+
after { FileUtils.rmdir(path) }
|
287
|
+
end
|
288
|
+
end
|
289
|
+
|
266
290
|
describe "#last_updated_at" do
|
267
291
|
context "when the database is a git repository" do
|
268
292
|
let(:last_commit) { Fixtures::Database::COMMIT }
|
@@ -89,9 +89,10 @@ describe Bundler::Audit::Results::UnpatchedGem do
|
|
89
89
|
subject { super().to_h }
|
90
90
|
|
91
91
|
let(:advisory_hash) { {id: advisory.id} }
|
92
|
+
|
92
93
|
before { expect(advisory).to receive(:to_h).and_return(advisory_hash) }
|
93
94
|
|
94
|
-
it "must
|
95
|
+
it "must include type: :unpatched_gem" do
|
95
96
|
expect(subject[:type]).to be :unpatched_gem
|
96
97
|
end
|
97
98
|
|
@@ -110,7 +111,6 @@ describe Bundler::Audit::Results::UnpatchedGem do
|
|
110
111
|
end
|
111
112
|
|
112
113
|
it "must include a :advisory key containing a Hash of the advisory" do
|
113
|
-
|
114
114
|
expect(subject[:advisory]).to be == advisory_hash
|
115
115
|
end
|
116
116
|
end
|
data/spec/scanner_spec.rb
CHANGED
@@ -36,7 +36,7 @@ describe Scanner do
|
|
36
36
|
end
|
37
37
|
|
38
38
|
context "when the :ignore option is given" do
|
39
|
-
subject { super().scan(:
|
39
|
+
subject { super().scan(ignore: ['OSVDB-89026']) }
|
40
40
|
|
41
41
|
it "should ignore the specified advisories" do
|
42
42
|
ids = subject.map { |result| result.advisory.id }
|
@@ -79,6 +79,30 @@ describe Scanner do
|
|
79
79
|
|
80
80
|
expect(ids).not_to include('OSVDB-89025')
|
81
81
|
end
|
82
|
+
|
83
|
+
context "when config path is absolute" do
|
84
|
+
let(:bundle) { 'unpatched_gems' }
|
85
|
+
let(:absolute_config_path) { File.absolute_path(File.join('spec','bundle','unpatched_gems_with_dot_configuration', '.bundler-audit.yml')) }
|
86
|
+
let(:scanner) { described_class.new(directory,'Gemfile.lock',Database.new,absolute_config_path) }
|
87
|
+
|
88
|
+
it "should read the config just fine" do
|
89
|
+
ids = subject.map { |result| result.advisory.id }
|
90
|
+
|
91
|
+
expect(ids).not_to include('OSVDB-89025')
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
context "when config path is relative" do
|
96
|
+
let(:bundle) { 'unpatched_gems' }
|
97
|
+
let(:relative_config_path) { File.join('..', 'unpatched_gems_with_dot_configuration', '.bundler-audit.yml') }
|
98
|
+
let(:scanner) { described_class.new(directory,'Gemfile.lock',Database.new,relative_config_path) }
|
99
|
+
|
100
|
+
it "should read the config just fine" do
|
101
|
+
ids = subject.map { |result| result.advisory.id }
|
102
|
+
|
103
|
+
expect(ids).not_to include('OSVDB-89025')
|
104
|
+
end
|
105
|
+
end
|
82
106
|
end
|
83
107
|
end
|
84
108
|
|
data/spec/spec_helper.rb
CHANGED
@@ -33,7 +33,11 @@ end
|
|
33
33
|
module Helpers
|
34
34
|
def sh(command, options={})
|
35
35
|
result = `#{command} 2>&1`
|
36
|
-
|
36
|
+
|
37
|
+
if $?.success? == !!options[:fail]
|
38
|
+
raise "FAILED #{command}\n#{result}"
|
39
|
+
end
|
40
|
+
|
37
41
|
result
|
38
42
|
end
|
39
43
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler-audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Postmodern
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-08-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -57,9 +57,11 @@ extra_rdoc_files:
|
|
57
57
|
files:
|
58
58
|
- ".document"
|
59
59
|
- ".github/FUNDING.yml"
|
60
|
+
- ".github/ISSUE_TEMPLATE/bug-report.md"
|
60
61
|
- ".github/workflows/ruby.yml"
|
61
62
|
- ".gitignore"
|
62
63
|
- ".rspec"
|
64
|
+
- ".rubocop.yml"
|
63
65
|
- ".yardopts"
|
64
66
|
- COPYING.txt
|
65
67
|
- ChangeLog.md
|
@@ -75,6 +77,7 @@ files:
|
|
75
77
|
- lib/bundler/audit/cli.rb
|
76
78
|
- lib/bundler/audit/cli/formats.rb
|
77
79
|
- lib/bundler/audit/cli/formats/json.rb
|
80
|
+
- lib/bundler/audit/cli/formats/junit.rb
|
78
81
|
- lib/bundler/audit/cli/formats/text.rb
|
79
82
|
- lib/bundler/audit/cli/thor_ext/shell/basic/say_error.rb
|
80
83
|
- lib/bundler/audit/configuration.rb
|
@@ -99,6 +102,7 @@ files:
|
|
99
102
|
- spec/bundle/unpatched_gems_with_dot_configuration/Gemfile
|
100
103
|
- spec/bundle/unpatched_gems_with_dot_configuration/Gemfile.lock
|
101
104
|
- spec/cli/formats/json_spec.rb
|
105
|
+
- spec/cli/formats/junit_spec.rb
|
102
106
|
- spec/cli/formats/text_spec.rb
|
103
107
|
- spec/cli/formats_spec.rb
|
104
108
|
- spec/cli_spec.rb
|
@@ -123,7 +127,7 @@ homepage: https://github.com/rubysec/bundler-audit#readme
|
|
123
127
|
licenses:
|
124
128
|
- GPL-3.0+
|
125
129
|
metadata: {}
|
126
|
-
post_install_message:
|
130
|
+
post_install_message:
|
127
131
|
rdoc_options: []
|
128
132
|
require_paths:
|
129
133
|
- lib
|
@@ -138,8 +142,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
138
142
|
- !ruby/object:Gem::Version
|
139
143
|
version: 1.8.0
|
140
144
|
requirements: []
|
141
|
-
rubygems_version: 3.
|
142
|
-
signing_key:
|
145
|
+
rubygems_version: 3.2.22
|
146
|
+
signing_key:
|
143
147
|
specification_version: 4
|
144
148
|
summary: Patch-level verification for Bundler
|
145
149
|
test_files: []
|