bundler-leak 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d7c920e493d02e31ba834c6997c45e488e8deb494fdc4a99447372f8ee7fb5ca
-  data.tar.gz: f93ad32dc249b544123d383a6fcde59ab76b8f2db4cf681120a8eac1e397366b
+  metadata.gz: d6a7260a91e09321434a8b2ce2106896144db3a27a7fe32cf519f904bbbabf86
+  data.tar.gz: 6b1dbb00bf846c7e52c5a24be5f46048b7ca9b61ecec3c801c2c40eb78516516
 SHA512:
-  metadata.gz: be78021ea400192744e91cddf7de982bdd47fec4154dcd6ab7df47445045069a9c49c95ea46e85b0b33d92d300b6db493cb58ed49acd4e3b25fa66d2b1d61daa
-  data.tar.gz: f0931d5cfb7d8219679e67ec45f061f2381874ff6bf4731a949a09b5bbdf9e16783eb54c5e78d244108b683a32c5e21752c05c18f61436de2cff954d661a7363
+  metadata.gz: 1d9523794f9ee066976bf5ba73bfc072ac2291cfa8c3e53c3f2021f2449bccc4d3d6a3497114e210168d8114239a00b60b1b25c40f18057ee503f3447ae5bd5d
+  data.tar.gz: 4d7e7319fc73914ae027c00c7f5d578030fdc3966cc69e6d07014b13a02b900c6eaa8f5d1e1e94b7844444a10119fa1925b26aba8777292a236dad4535886c20

data/README.md

@@ -3,7 +3,7 @@
 * [Homepage](https://github.com/rubymem/bundler-leak#readme)
 * [Issues](https://github.com/rubymem/bundler-leak/issues)
 * [Documentation](http://rubydoc.info/gems/bundler-leak/frames)
-* [Email](mailto:hello at ombulabs.com)
+* [Email](mailto:oss at ombulabs.com)
 * [![Build Status](https://travis-ci.org/rubymem/bundler-leak.svg?branch=master)](https://travis-ci.org/rubymem/bundler-leak)
 * [![Code Climate](https://codeclimate.com/github/rubymem/bundler-leak.svg)](https://codeclimate.com/github/rubymem/bundler-leak)
 

data/Rakefile

@@ -42,7 +42,7 @@ namespace :spec do
 
     %w[unpatched_gems].each do |bundle|
       chdir(File.join(root,bundle)) do
-        sh 'unset BUNDLE_BIN_PATH BUNDLE_GEMFILE RUBYOPT && bundle install --path ../../../vendor/bundle'
+        sh "unset BUNDLE_BIN_PATH BUNDLE_GEMFILE RUBYOPT && bundle config set --local path '../../../vendor/bundle' && bundle install"
       end
     end
   end

data/gemspec.yml

@@ -10,5 +10,5 @@ required_ruby_version: ">= 1.9.3"
 required_rubygems_version: ">= 1.8.0"
 
 dependencies:
-  thor: ~> 0.18
+  thor: ">= 0.18, < 2"
   bundler:  ">= 1.2.0, < 3"

data/lib/bundler/plumber/advisory.rb

@@ -20,14 +20,17 @@ require 'yaml'
 
 module Bundler
   module Plumber
-    class Advisory < Struct.new(:path,
-                                :id,
-                                :url,
-                                :title,
-                                :date,
-                                :description,
-                                :unaffected_versions,
-                                :patched_versions)
+    class Advisory < Struct.new(
+      :gem,
+      :path,
+      :id,
+      :url,
+      :title,
+      :date,
+      :description,
+      :unaffected_versions,
+      :patched_versions
+    )
 
       #
       # Loads the advisory from a YAML file.
@@ -54,6 +57,7 @@ module Bundler
         }
 
         return new(
+          data['gem'],
           path,
           id,
           data['url'],

data/lib/bundler/plumber/cli.rb

@@ -33,6 +33,7 @@ module Bundler
       desc 'check', 'Checks the Gemfile.lock for known memory leaks'
       method_option :quiet, :type => :boolean, :aliases => '-q'
       method_option :verbose, :type => :boolean, :aliases => '-v'
+      method_option :ignore, :type => :array, :aliases => '-i'
       method_option :update, :type => :boolean, :aliases => '-u'
 
       def check
@@ -41,7 +42,7 @@ module Bundler
         scanner    = Scanner.new
         leaky = false
 
-        scanner.scan do |result|
+        scanner.scan(ignore: options.ignore) do |result|
           leaky = true
 
           case result

data/lib/bundler/plumber/database.rb

@@ -101,7 +101,7 @@ module Bundler
           if File.directory?(File.join(USER_PATH, ".git"))
             Dir.chdir(USER_PATH) do
               command = "git fetch --all; git reset --hard origin/master"
-              command << '--quiet' if options[:quiet]
+              command << ' --quiet' if options[:quiet]
 
               system *command
             end

data/lib/bundler/plumber/scanner.rb

@@ -80,9 +80,6 @@ module Bundler
       def scan(options={},&block)
         return enum_for(__method__, options) unless block
 
-        ignore = Set[]
-        ignore += options[:ignore] if options[:ignore]
-
         scan_specs(options, &block)
 
         return self
@@ -118,12 +115,8 @@ module Bundler
 
         @lockfile.specs.each do |gem|
           @database.check_gem(gem) do |advisory|
-
-            # TODO this logic should be modified for rubymem
-            #unless (ignore.include?(advisory.cve_id) || ignore.include?(advisory.osvdb_id))
-            #  yield UnpatchedGem.new(gem,advisory)
-            #end
-            yield UnpatchedGem.new(gem, advisory)
+            gem_and_id = "#{advisory.gem}-#{advisory.id}"
+            yield UnpatchedGem.new(gem,advisory) unless ignore.include?(gem_and_id)
           end
         end
       end

data/lib/bundler/plumber/version.rb

@@ -19,6 +19,6 @@
 module Bundler
   module Plumber
     # bundler-leak version
-    VERSION = '0.1.1'
+    VERSION = '0.2.0'
   end
 end

data/spec/database_spec.rb

@@ -41,14 +41,28 @@ describe Bundler::Plumber::Database do
       expect(File.directory?(mocked_user_path)).to be true
     end
 
-    it "should create the repo, then update it given multple successive calls." do
-      expect_update_to_clone_repo!
-      Bundler::Plumber::Database.update!(quiet: false)
-      expect(File.directory?(mocked_user_path)).to be true
+    context "when the :quiet option is false" do
+      it "should create the repo, then update it given multiple successive calls." do
+        expect_update_to_clone_repo!
+        Bundler::Plumber::Database.update!(quiet: false)
+        expect(File.directory?(mocked_user_path)).to be true
+
+        expect_update_to_update_repo!
+        Bundler::Plumber::Database.update!(quiet: false)
+        expect(File.directory?(mocked_user_path)).to be true
+      end
+    end
 
-      expect_update_to_update_repo!
-      Bundler::Plumber::Database.update!(quiet: false)
-      expect(File.directory?(mocked_user_path)).to be true
+    context "when the :quiet option is true" do
+      it "should create the repo, then update it given multiple successive calls." do
+        expect_update_to_clone_repo!(quiet: true)
+        Bundler::Plumber::Database.update!(quiet: true)
+        expect(File.directory?(mocked_user_path)).to be true
+
+        expect_update_to_update_repo!(quiet: true)
+        Bundler::Plumber::Database.update!(quiet: true)
+        expect(File.directory?(mocked_user_path)).to be true
+      end
     end
   end
 

data/spec/integration_spec.rb

@@ -31,6 +31,23 @@ Solution: upgrade to (~>|>=) \d+\.\d+\.\d+(\.\d+)?(, (~>|>=) \d+\.\d+\.\d+(\.\d+
     end
   end
 
+  context "when auditing a bundle with ignored gems" do
+    let(:bundle)    { 'unpatched_gems' }
+    let(:directory) { File.join('spec','bundle', bundle) }
+
+    let(:command) do
+      File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundler-leak -i celluloid-670'))
+    end
+
+    subject do
+      Dir.chdir(directory) { sh(command, :fail => true) }
+    end
+
+    it "should not print advisory information for ignored gem" do
+      expect(subject).not_to include("Name: celluloid\nVersion: 0.17.0\n")
+    end
+  end
+
   describe "update" do
 
     let(:update_command) { "#{command} update" }

data/spec/scanner_spec.rb

@@ -37,12 +37,12 @@ describe Scanner do
     end
 
     context "when the :ignore option is given" do
-      subject { scanner.scan(:ignore => ['OSVDB-89026']) }
+      subject { scanner.scan(:ignore => ['celluloid-670']) }
 
-      it "should ignore the specified advisories" do
+      it "should ignore the specified leaky gems" do
         ids = subject.map { |result| result.advisory.id }
 
-        expect(ids).not_to include('OSVDB-89026')
+        expect(ids).not_to include('670')
       end
     end
   end

data/spec/spec_helper.rb

@@ -7,7 +7,7 @@ require 'bundler/plumber/database'
 
 module Helpers
   def sh(command, options={})
-    Bundler.with_clean_env do
+    with_unbundled_env do
       result = `#{command} 2>&1`
       raise "FAILED #{command}\n#{result}" if $?.success? == !!options[:fail]
       result
@@ -22,17 +22,24 @@ module Helpers
     File.expand_path('../../tmp/ruby-mem-advisory-db', __FILE__)
   end
 
-  def expect_update_to_clone_repo!
+  def expect_update_to_clone_repo!(quiet: false)
+    with = ['git', 'clone']
+    with << '--quiet' if quiet
+    with << Bundler::Plumber::Database::VENDORED_PATH << mocked_user_path
+
     expect(Bundler::Plumber::Database).
       to receive(:system).
-      with('git', 'clone', Bundler::Plumber::Database::VENDORED_PATH, mocked_user_path).
+      with(*with).
       and_call_original
   end
 
-  def expect_update_to_update_repo!
+  def expect_update_to_update_repo!(quiet: false)
+    with = 'git fetch --all; git reset --hard origin/master'
+    with << " --quiet" if quiet
+
     expect(Bundler::Plumber::Database).
       to receive(:system).
-      with("git fetch --all; git reset --hard origin/master").
+      with(with).
       and_call_original
   end
 
@@ -47,6 +54,17 @@ module Helpers
       system 'git', 'reset', '--hard', "HEAD~#{num_commits}"
     end
   end
+
+  private
+
+  def with_unbundled_env
+    bundler_ver = Gem::Version.new(Bundler::VERSION)
+    if bundler_ver < Gem::Version.new('2.1.0')
+      Bundler.with_clean_env { yield }
+    else
+      Bundler.with_unbundled_env { yield }
+    end
+  end
 end
 
 include Bundler::Plumber

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: bundler-leak
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Ombulabs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-28 00:00:00.000000000 Z
+date: 2020-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.18'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.18'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement