bundler-leak 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/Rakefile +1 -1
  4. data/gemspec.yml +1 -1
  5. data/lib/bundler/plumber/advisory.rb +12 -8
  6. data/lib/bundler/plumber/cli.rb +2 -1
  7. data/lib/bundler/plumber/database.rb +1 -1
  8. data/lib/bundler/plumber/scanner.rb +2 -9
  9. data/lib/bundler/plumber/version.rb +1 -1
  10. data/spec/database_spec.rb +21 -7
  11. data/spec/integration_spec.rb +17 -0
  12. data/spec/scanner_spec.rb +3 -3
  13. data/spec/spec_helper.rb +23 -5
  14. metadata +10 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d7c920e493d02e31ba834c6997c45e488e8deb494fdc4a99447372f8ee7fb5ca
4
- data.tar.gz: f93ad32dc249b544123d383a6fcde59ab76b8f2db4cf681120a8eac1e397366b
3
+ metadata.gz: d6a7260a91e09321434a8b2ce2106896144db3a27a7fe32cf519f904bbbabf86
4
+ data.tar.gz: 6b1dbb00bf846c7e52c5a24be5f46048b7ca9b61ecec3c801c2c40eb78516516
5
5
  SHA512:
6
- metadata.gz: be78021ea400192744e91cddf7de982bdd47fec4154dcd6ab7df47445045069a9c49c95ea46e85b0b33d92d300b6db493cb58ed49acd4e3b25fa66d2b1d61daa
7
- data.tar.gz: f0931d5cfb7d8219679e67ec45f061f2381874ff6bf4731a949a09b5bbdf9e16783eb54c5e78d244108b683a32c5e21752c05c18f61436de2cff954d661a7363
6
+ metadata.gz: 1d9523794f9ee066976bf5ba73bfc072ac2291cfa8c3e53c3f2021f2449bccc4d3d6a3497114e210168d8114239a00b60b1b25c40f18057ee503f3447ae5bd5d
7
+ data.tar.gz: 4d7e7319fc73914ae027c00c7f5d578030fdc3966cc69e6d07014b13a02b900c6eaa8f5d1e1e94b7844444a10119fa1925b26aba8777292a236dad4535886c20
data/README.md CHANGED
@@ -3,7 +3,7 @@
3
3
  * [Homepage](https://github.com/rubymem/bundler-leak#readme)
4
4
  * [Issues](https://github.com/rubymem/bundler-leak/issues)
5
5
  * [Documentation](http://rubydoc.info/gems/bundler-leak/frames)
6
- * [Email](mailto:hello at ombulabs.com)
6
+ * [Email](mailto:oss at ombulabs.com)
7
7
  * [![Build Status](https://travis-ci.org/rubymem/bundler-leak.svg?branch=master)](https://travis-ci.org/rubymem/bundler-leak)
8
8
  * [![Code Climate](https://codeclimate.com/github/rubymem/bundler-leak.svg)](https://codeclimate.com/github/rubymem/bundler-leak)
9
9
 
data/Rakefile CHANGED
@@ -42,7 +42,7 @@ namespace :spec do
42
42
 
43
43
  %w[unpatched_gems].each do |bundle|
44
44
  chdir(File.join(root,bundle)) do
45
- sh 'unset BUNDLE_BIN_PATH BUNDLE_GEMFILE RUBYOPT && bundle install --path ../../../vendor/bundle'
45
+ sh "unset BUNDLE_BIN_PATH BUNDLE_GEMFILE RUBYOPT && bundle config set --local path '../../../vendor/bundle' && bundle install"
46
46
  end
47
47
  end
48
48
  end
data/gemspec.yml CHANGED
@@ -10,5 +10,5 @@ required_ruby_version: ">= 1.9.3"
10
10
  required_rubygems_version: ">= 1.8.0"
11
11
 
12
12
  dependencies:
13
- thor: ~> 0.18
13
+ thor: ">= 0.18, < 2"
14
14
  bundler: ">= 1.2.0, < 3"
data/lib/bundler/plumber/advisory.rb CHANGED
@@ -20,14 +20,17 @@ require 'yaml'
20
20
 
21
21
  module Bundler
22
22
  module Plumber
23
- class Advisory < Struct.new(:path,
24
- :id,
25
- :url,
26
- :title,
27
- :date,
28
- :description,
29
- :unaffected_versions,
30
- :patched_versions)
23
+ class Advisory < Struct.new(
24
+ :gem,
25
+ :path,
26
+ :id,
27
+ :url,
28
+ :title,
29
+ :date,
30
+ :description,
31
+ :unaffected_versions,
32
+ :patched_versions
33
+ )
31
34
 
32
35
  #
33
36
  # Loads the advisory from a YAML file.
@@ -54,6 +57,7 @@ module Bundler
54
57
  }
55
58
 
56
59
  return new(
60
+ data['gem'],
57
61
  path,
58
62
  id,
59
63
  data['url'],
data/lib/bundler/plumber/cli.rb CHANGED
@@ -33,6 +33,7 @@ module Bundler
33
33
  desc 'check', 'Checks the Gemfile.lock for known memory leaks'
34
34
  method_option :quiet, :type => :boolean, :aliases => '-q'
35
35
  method_option :verbose, :type => :boolean, :aliases => '-v'
36
+ method_option :ignore, :type => :array, :aliases => '-i'
36
37
  method_option :update, :type => :boolean, :aliases => '-u'
37
38
 
38
39
  def check
@@ -41,7 +42,7 @@ module Bundler
41
42
  scanner = Scanner.new
42
43
  leaky = false
43
44
 
44
- scanner.scan do |result|
45
+ scanner.scan(ignore: options.ignore) do |result|
45
46
  leaky = true
46
47
 
47
48
  case result
data/lib/bundler/plumber/database.rb CHANGED
@@ -101,7 +101,7 @@ module Bundler
101
101
  if File.directory?(File.join(USER_PATH, ".git"))
102
102
  Dir.chdir(USER_PATH) do
103
103
  command = "git fetch --all; git reset --hard origin/master"
104
- command << '--quiet' if options[:quiet]
104
+ command << ' --quiet' if options[:quiet]
105
105
 
106
106
  system *command
107
107
  end
data/lib/bundler/plumber/scanner.rb CHANGED
@@ -80,9 +80,6 @@ module Bundler
80
80
  def scan(options={},&block)
81
81
  return enum_for(__method__, options) unless block
82
82
 
83
- ignore = Set[]
84
- ignore += options[:ignore] if options[:ignore]
85
-
86
83
  scan_specs(options, &block)
87
84
 
88
85
  return self
@@ -118,12 +115,8 @@ module Bundler
118
115
 
119
116
  @lockfile.specs.each do |gem|
120
117
  @database.check_gem(gem) do |advisory|
121
-
122
- # TODO this logic should be modified for rubymem
123
- #unless (ignore.include?(advisory.cve_id) || ignore.include?(advisory.osvdb_id))
124
- # yield UnpatchedGem.new(gem,advisory)
125
- #end
126
- yield UnpatchedGem.new(gem, advisory)
118
+ gem_and_id = "#{advisory.gem}-#{advisory.id}"
119
+ yield UnpatchedGem.new(gem,advisory) unless ignore.include?(gem_and_id)
127
120
  end
128
121
  end
129
122
  end
data/lib/bundler/plumber/version.rb CHANGED
@@ -19,6 +19,6 @@
19
19
  module Bundler
20
20
  module Plumber
21
21
  # bundler-leak version
22
- VERSION = '0.1.1'
22
+ VERSION = '0.2.0'
23
23
  end
24
24
  end
data/spec/database_spec.rb CHANGED
@@ -41,14 +41,28 @@ describe Bundler::Plumber::Database do
41
41
  expect(File.directory?(mocked_user_path)).to be true
42
42
  end
43
43
 
44
- it "should create the repo, then update it given multple successive calls." do
45
- expect_update_to_clone_repo!
46
- Bundler::Plumber::Database.update!(quiet: false)
47
- expect(File.directory?(mocked_user_path)).to be true
44
+ context "when the :quiet option is false" do
45
+ it "should create the repo, then update it given multiple successive calls." do
46
+ expect_update_to_clone_repo!
47
+ Bundler::Plumber::Database.update!(quiet: false)
48
+ expect(File.directory?(mocked_user_path)).to be true
49
+
50
+ expect_update_to_update_repo!
51
+ Bundler::Plumber::Database.update!(quiet: false)
52
+ expect(File.directory?(mocked_user_path)).to be true
53
+ end
54
+ end
48
55
 
49
- expect_update_to_update_repo!
50
- Bundler::Plumber::Database.update!(quiet: false)
51
- expect(File.directory?(mocked_user_path)).to be true
56
+ context "when the :quiet option is true" do
57
+ it "should create the repo, then update it given multiple successive calls." do
58
+ expect_update_to_clone_repo!(quiet: true)
59
+ Bundler::Plumber::Database.update!(quiet: true)
60
+ expect(File.directory?(mocked_user_path)).to be true
61
+
62
+ expect_update_to_update_repo!(quiet: true)
63
+ Bundler::Plumber::Database.update!(quiet: true)
64
+ expect(File.directory?(mocked_user_path)).to be true
65
+ end
52
66
  end
53
67
  end
54
68
 
data/spec/integration_spec.rb CHANGED
@@ -31,6 +31,23 @@ Solution: upgrade to (~>|>=) \d+\.\d+\.\d+(\.\d+)?(, (~>|>=) \d+\.\d+\.\d+(\.\d+
31
31
  end
32
32
  end
33
33
 
34
+ context "when auditing a bundle with ignored gems" do
35
+ let(:bundle) { 'unpatched_gems' }
36
+ let(:directory) { File.join('spec','bundle', bundle) }
37
+
38
+ let(:command) do
39
+ File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundler-leak -i celluloid-670'))
40
+ end
41
+
42
+ subject do
43
+ Dir.chdir(directory) { sh(command, :fail => true) }
44
+ end
45
+
46
+ it "should not print advisory information for ignored gem" do
47
+ expect(subject).not_to include("Name: celluloid\nVersion: 0.17.0\n")
48
+ end
49
+ end
50
+
34
51
  describe "update" do
35
52
 
36
53
  let(:update_command) { "#{command} update" }
data/spec/scanner_spec.rb CHANGED
@@ -37,12 +37,12 @@ describe Scanner do
37
37
  end
38
38
 
39
39
  context "when the :ignore option is given" do
40
- subject { scanner.scan(:ignore => ['OSVDB-89026']) }
40
+ subject { scanner.scan(:ignore => ['celluloid-670']) }
41
41
 
42
- it "should ignore the specified advisories" do
42
+ it "should ignore the specified leaky gems" do
43
43
  ids = subject.map { |result| result.advisory.id }
44
44
 
45
- expect(ids).not_to include('OSVDB-89026')
45
+ expect(ids).not_to include('670')
46
46
  end
47
47
  end
48
48
  end
data/spec/spec_helper.rb CHANGED
@@ -7,7 +7,7 @@ require 'bundler/plumber/database'
7
7
 
8
8
  module Helpers
9
9
  def sh(command, options={})
10
- Bundler.with_clean_env do
10
+ with_unbundled_env do
11
11
  result = `#{command} 2>&1`
12
12
  raise "FAILED #{command}\n#{result}" if $?.success? == !!options[:fail]
13
13
  result
@@ -22,17 +22,24 @@ module Helpers
22
22
  File.expand_path('../../tmp/ruby-mem-advisory-db', __FILE__)
23
23
  end
24
24
 
25
- def expect_update_to_clone_repo!
25
+ def expect_update_to_clone_repo!(quiet: false)
26
+ with = ['git', 'clone']
27
+ with << '--quiet' if quiet
28
+ with << Bundler::Plumber::Database::VENDORED_PATH << mocked_user_path
29
+
26
30
  expect(Bundler::Plumber::Database).
27
31
  to receive(:system).
28
- with('git', 'clone', Bundler::Plumber::Database::VENDORED_PATH, mocked_user_path).
32
+ with(*with).
29
33
  and_call_original
30
34
  end
31
35
 
32
- def expect_update_to_update_repo!
36
+ def expect_update_to_update_repo!(quiet: false)
37
+ with = 'git fetch --all; git reset --hard origin/master'
38
+ with << " --quiet" if quiet
39
+
33
40
  expect(Bundler::Plumber::Database).
34
41
  to receive(:system).
35
- with("git fetch --all; git reset --hard origin/master").
42
+ with(with).
36
43
  and_call_original
37
44
  end
38
45
 
@@ -47,6 +54,17 @@ module Helpers
47
54
  system 'git', 'reset', '--hard', "HEAD~#{num_commits}"
48
55
  end
49
56
  end
57
+
58
+ private
59
+
60
+ def with_unbundled_env
61
+ bundler_ver = Gem::Version.new(Bundler::VERSION)
62
+ if bundler_ver < Gem::Version.new('2.1.0')
63
+ Bundler.with_clean_env { yield }
64
+ else
65
+ Bundler.with_unbundled_env { yield }
66
+ end
67
+ end
50
68
  end
51
69
 
52
70
  include Bundler::Plumber
metadata CHANGED
@@ -1,29 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler-leak
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ombulabs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-28 00:00:00.000000000 Z
11
+ date: 2020-04-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: '0.18'
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: '2'
20
23
  type: :runtime
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
23
26
  requirements:
24
- - - "~>"
27
+ - - ">="
25
28
  - !ruby/object:Gem::Version
26
29
  version: '0.18'
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '2'
27
33
  - !ruby/object:Gem::Dependency
28
34
  name: bundler
29
35
  requirement: !ruby/object:Gem::Requirement