legendary 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aefc6fb0972728426c4b38469b838777b894b75f
-  data.tar.gz: acd7ba7e9fd48ccd4e8a27e3c1b32ce28a7d77e4
+  metadata.gz: 5ac4b3cc8c9d05fbbff30808ba7771c78bc1f841
+  data.tar.gz: 14440bea8e2dcd757aab109d4d522c77483f61c2
 SHA512:
-  metadata.gz: d59631179eb07b3d1a4df5611fa58c3a4a222b90c020e5bdc42053de5d85af55c0e4b8ebc6b013c75243dc96850a178743b93fec72ebd6d0b06b4dd7830e426d
-  data.tar.gz: 841f9db731f28697c5fbdeeb8c24e99fd98db89fb8b29b54c7aed3e2f612975453a87eaa6dbf381a45c11a57cebb8ef1c42af090f1f8f74400e0684f69601e8d
+  metadata.gz: 5fe704860adfdabafb77c69a0ce1643f7058010432438f705638f1076221afa629350910fcf690ed2ff11e3678de13632ac60c80192c0002a20ab6b3bd193a7d
+  data.tar.gz: 1f4f4c7706692d6ca059e043165eb02606a5c8a60b8e75cfd89416269e2aad710eb5e8e21244ec9c52ed45cd3746cfd7d5ef1484f23a61cb8bf88f19398545a8

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 John D'Agostino
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -30,11 +30,11 @@ RSpec integration (in your spec/spec_helper.rb)
 
 in a spec file
 
-    ```ruby
-    describe Project::Application do
-      specify { is_expected.to be_secure }
-    end
-    ```
+```ruby
+  describe Project::Application do
+    specify { is_expected.to be_secure }
+  end
+```
 
 ## Development
 

data/lib/legendary/info.rb

@@ -31,8 +31,8 @@ module Legendary
     def vulnerable?
       # FIXME: speeds things up, but in theory a
       # a gem might not have a release, but have vulnerable
-      return false unless (outdated? || git_outdated?)
-      return vulnerabilities.any?
+      # return false unless (outdated? || git_outdated?)
+      return vulnerabilities.to_a.size > 0
     end
 
     def vulnerabilities

data/lib/legendary/repository.rb

@@ -4,8 +4,8 @@ module Legendary
 
     attr_accessor :path
 
-    def initialize(path)
-      @path = path
+    def initialize(path=nil)
+      @path = path || '/tmp/.legendary-repo'
     end
 
     def repo_exists?

data/lib/legendary/rspec.rb

@@ -1,13 +1,23 @@
 require 'rspec/matchers'
 
+$GEMS = Legendary::Gems.new
 
 RSpec::Matchers.define :be_secure do
-  match do
-    gems = Legendary::Gems.new
-    vulnerable_gems = gems.collect do |gem|
+  match do |thing|
+    vulnerable_gems = $GEMS.collect do |gem|
       gem.vulnerable?
     end
 
-    expect(vulnerable_gems.nil?).to be_truthy
+    expect(vulnerable_gems.empty?).to be_truthy
+  end
+end
+
+RSpec::Matchers.define :be_updated do
+  match do |thing|
+    outdated = $GEMS.collect do |gem|
+      gem.outdated?
+    end
+
+    expect(outdated.empty?).to be_truthy
   end
 end

data/lib/legendary/runner.rb

@@ -1,6 +1,6 @@
 module Legendary
   class Runner
-    def initialize(path='/tmp/.legendary-repo')
+    def initialize(path=nil)
       Legendary.repository = Repository.new(path)
     end
 

data/lib/legendary/version.rb

@@ -1,3 +1,3 @@
 module Legendary
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/lib/legendary/vulnerabilities.rb

@@ -8,7 +8,7 @@ module Legendary
 
     def path
       @path ||= File.join(Legendary.repository.path,
-                          @info.name)
+                          "/gems/#{@info.name}")
     end
 
     def exists?
@@ -21,24 +21,22 @@ module Legendary
       Legendary.logger.info("#{@info.name} : #{path}")
 
       Dir.foreach(path) do |yaml_file|
-        info = YAML.load(yaml_file)
+        next if yaml_file =~ /\A\./
 
-        Legendary.logger.info("#{@info.name}: #{info}")
+        info = YAML.load(File.read(File.join(path, yaml_file)))
 
-        affected = (vulnerability.patched_versions || []).none?(satisfied_version)
-        patched = (vulnerability.unaffected_versions || []).none?(satisfied_version)
+        satisfied_version = lambda do |version|
+          Gem::Requirement.new(version.split(',')).satisfied_by?(@info.version)
+        end
+
+        affected = (info["patched_versions"] || []).none?(&satisfied_version)
+        patched = (info["unaffected_versions"] || []).none?(&satisfied_version)
 
         if affected || patched
           yield info
         end
       end
     end
-
-    private
-
-    def satisfied_version(version)
-      Gem::Requirement.new(version.split(',')).satisfied_by?(@info.version)
-    end
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: legendary
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - John D'Agostino
@@ -107,6 +107,7 @@ files:
 - ".rspec"
 - ".travis.yml"
 - Gemfile
+- LICENSE.txt
 - README.md
 - Rakefile
 - bin/console