RubyGems - mrjoy-bundler-audit - Versions diffs - 0.3.3 → 0.3.4 - Mend

mrjoy-bundler-audit 0.3.3 → 0.3.4

Files changed (121) hide show

data/spec/bundle/unpatched_gems/Gemfile.lock ADDED Viewed

@@ -0,0 +1,92 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (3.2.10)
+      actionpack (= 3.2.10)
+      mail (~> 2.4.4)
+    actionpack (3.2.10)
+      activemodel (= 3.2.10)
+      activesupport (= 3.2.10)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.10)
+      activesupport (= 3.2.10)
+      builder (~> 3.0.0)
+    activerecord (3.2.10)
+      activemodel (= 3.2.10)
+      activesupport (= 3.2.10)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.10)
+      activemodel (= 3.2.10)
+      activesupport (= 3.2.10)
+    activesupport (3.2.10)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    arel (3.0.3)
+    builder (3.0.4)
+    erubis (2.7.0)
+    hike (1.2.3)
+    i18n (0.6.9)
+    journey (1.0.4)
+    jquery-rails (3.1.0)
+      railties (>= 3.0, < 5.0)
+      thor (>= 0.14, < 2.0)
+    json (1.8.1)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.25.1)
+    multi_json (1.9.2)
+    polyglot (0.3.4)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.10)
+      actionmailer (= 3.2.10)
+      actionpack (= 3.2.10)
+      activerecord (= 3.2.10)
+      activeresource (= 3.2.10)
+      activesupport (= 3.2.10)
+      bundler (~> 1.0)
+      railties (= 3.2.10)
+    railties (3.2.10)
+      actionpack (= 3.2.10)
+      activesupport (= 3.2.10)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.3.0)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    tilt (1.4.1)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.39)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  jquery-rails
+  rails (= 3.2.10)
+  sqlite3

data/spec/bundle/wrapper.rb ADDED Viewed

@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+version = RUBY_VERSION.split(/\./).map(&:to_i)
+if((version[0] == 1 && version[1] >= 9) || (version[0] >= 2))
+  require 'simplecov'
+  require 'json'
+  # Be silent so we don't muck up test runs that look at output.
+  class NullFormatter; def format(result); ""; end; end
+  SimpleCov.formatter = NullFormatter
+  # Use the project-level root despite executing in a sub-dir of it.
+  SimpleCov.root(File.expand_path('../../..', __FILE__))
+  SimpleCov.start do
+    # Being in a sub-dir may cause us some filtering issues...
+    filters.clear
+    add_filter do |src|
+      !(src.filename =~ /^#{SimpleCov.root}/)
+    end
+    command_name "RSpec/#{ENV["SIMPLECOV_COMMAND_NAME"]}"
+  end
+end
+root_dir = File.expand_path('../../..', __FILE__)
+$LOAD_PATH << root_dir unless $LOAD_PATH.include?(root_dir)
+lib_dir = File.join(root_dir, 'lib')
+$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+require 'tmpdir'
+require 'bundler/audit/database'
+Bundler::Audit::Database.path = Dir.mktmpdir('ruby-advisory-db')
+Bundler::Audit::Database.update!
+load 'bin/bundle-audit'

data/spec/database_spec.rb CHANGED Viewed

@@ -4,46 +4,37 @@ require 'tmpdir'
 require 'rake/file_list'
 describe Bundler::Audit::Database do
-  let(:vendored_advisories) do
-    Rake::FileList[File.join(Bundler::Audit::Database::VENDORED_PATH, '**/*.yml')].sort
-  end
+  describe "update!" do
+    context "when PATH does not exist yet" do
+      before do
+        FileUtils.rm_rf(described_class.path)
+      end
-  describe "path" do
-    subject { described_class.path }
+      it "should create the path as needed" do
+        described_class.update!
-    it "it should be a directory" do
-      File.directory?(subject).should be_true
+        expect(File.directory?(described_class.path)).to be_true
+      end
     end
-    it "should prefer the user repo, iff it's as up to date, or more up to date than the vendored one" do
-      Bundler::Audit::Database.update!
+    context "when PATH does exist" do
+      before(:all) do
+        @t1 = Dir.chdir(described_class.path) do
+          system 'git', 'reset', '--hard', 'HEAD^1'
-      # As up to date...
-      expect(Bundler::Audit::Database.path).to eq mocked_user_path
-      # More up to date...
-      fake_a_commit_in_the_user_repo
-      expect(Bundler::Audit::Database.path).to eq mocked_user_path
-      roll_user_repo_back(2)
-      expect(Bundler::Audit::Database.path).to eq Bundler::Audit::Database::VENDORED_PATH
-    end
-  end
+          Time.parse(`git log -1 --format=%ad`)
+        end
-  describe "update!" do
-    it "should create the USER_PATH path as needed" do
-      Bundler::Audit::Database.update!
-      expect(File.directory?(mocked_user_path)).to be true
-    end
+        described_class.update!
-    it "should create the repo, then update it given multple successive calls." do
-      expect_update_to_clone_repo!
-      Bundler::Audit::Database.update!
-      expect(File.directory?(mocked_user_path)).to be true
+        @t2 = Dir.chdir(described_class.path) do
+          Time.parse(`git log -1 --format=%ad`)
+        end
+      end
-      expect_update_to_update_repo!
-      Bundler::Audit::Database.update!
-      expect(File.directory?(mocked_user_path)).to be true
+      it "should update the git repository" do
+        expect(@t2).to be > @t1
+      end
     end
   end
@@ -51,8 +42,8 @@ describe Bundler::Audit::Database do
     context "when given no arguments" do
       subject { described_class.new }
-      it "should default path to path" do
-        subject.path.should == described_class.path
+      it "should set path to the default path" do
+        expect(subject.path).to be == described_class.path
       end
     end
@@ -75,6 +66,36 @@ describe Bundler::Audit::Database do
     end
   end
+  describe "#update!" do
+    before do
+      @t1 = Dir.chdir(subject.path) do
+        system 'git', 'reset', '--hard', 'HEAD^1'
+        Time.parse(`git log -1 --format=%ad`)
+      end
+      described_class.update!
+      @t2 = Dir.chdir(subject.path) do
+        Time.parse(`git log -1 --format=%ad`)
+      end
+    end
+    it "should update the git repository" do
+      expect(@t2).to be > @t1
+    end
+  end
+  describe "#last_updated" do
+    let(:timestamp) do
+      Dir.chdir(subject.path) { Time.parse(`git log -1 --format=%ad`) }
+    end
+    it "should return the time of the last update" do
+      expect(subject.last_updated).to be == timestamp
+    end
+  end
   describe "#check_gem" do
     let(:gem) do
       Gem::Specification.new do |s|
@@ -106,17 +127,16 @@ describe Bundler::Audit::Database do
   end
   describe "#size" do
-    it { expect(subject.size).to eq vendored_advisories.count }
+    it "should return > 0" do
+      expect(subject.size).to be > 0
+    end
   end
   describe "#advisories" do
-    it "should return a list of all advisories." do
-      actual_advisories = Bundler::Audit::Database.new.
-        advisories.
-        map(&:path).
-        sort
+    let(:glob) { File.join(subject.path,'gems','*','*.yml') }
-      expect(actual_advisories).to eq vendored_advisories
+    it "should return a list of all advisories" do
+      expect(subject.advisories.map(&:path)).to eq Dir[glob]
     end
   end
@@ -128,7 +148,7 @@ describe Bundler::Audit::Database do
   describe "#inspect" do
     it "should produce a Ruby-ish instance descriptor" do
-      expect(Bundler::Audit::Database.new.inspect).to eq("#<Bundler::Audit::Database:#{Bundler::Audit::Database::VENDORED_PATH}>")
+      expect(subject.inspect).to eq("#<Bundler::Audit::Database:#{subject.path}>")
     end
   end
 end

data/{data/ruby-advisory-db/gems/actionpack → spec/fixtures}/OSVDB-84243.yml RENAMED Viewed

File without changes

data/spec/integration_spec.rb CHANGED Viewed

@@ -4,23 +4,24 @@ describe "CLI" do
   include Helpers
   let(:command) do
-    File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit'))
+    File.expand_path('../bundle/wrapper.rb', __FILE__)
   end
   context "when auditing a bundle with unpatched gems" do
     let(:bundle)    { 'unpatched_gems' }
     let(:directory) { File.join('spec','bundle',bundle) }
-    subject do
-      Dir.chdir(directory) { sh(command, :fail => true) }
-    end
+    context "in default display mode" do
+      subject do
+        Dir.chdir(directory) { sh(command, :fail => true) }
+      end
-    it "should print a warning" do
-      subject.should include("Unpatched versions found!")
-    end
+      it "should print a warning" do
+        subject.should include("Unpatched versions found!")
+      end
-    it "should print advisory information for the vulnerable gems" do
-      advisory_pattern = /(Name: [^\n]+
+      it "should print advisory information for the vulnerable gems" do
+        advisory_pattern = /(Name: [^\n]+
 Version: \d+.\d+.\d+
 Advisory: OSVDB-\d+
 Criticality: (High|Medium)
@@ -28,8 +29,34 @@ URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
 Title: [^\n]*?
 Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
-      expect(subject).to match(advisory_pattern)
-      expect(subject).to include("Unpatched versions found!")
+        expect(subject).to match(advisory_pattern)
+        expect(subject).to include("Unpatched versions found!")
+      end
+    end
+    context "in verbose display mode" do
+      subject do
+        Dir.chdir(directory) { sh(command + " --verbose", :fail => true) }
+      end
+      it "should print a warning" do
+        subject.should include("Unpatched versions found!")
+      end
+      it "should print advisory information for the vulnerable gems" do
+        advisory_pattern = /(Name: [^\n]+
+Version: \d+.\d+.\d+
+Advisory: OSVDB-\d+
+Criticality: (High|Medium)
+URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
+Description:
+((  .*?)?\n)+
+Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
+        expect(subject).to match(advisory_pattern)
+        expect(subject).to include("Unpatched versions found!")
+      end
     end
   end
@@ -38,7 +65,7 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
     let(:directory) { File.join('spec','bundle',bundle) }
     let(:command) do
-      File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit -i OSVDB-89026'))
+      File.expand_path('../bundle/wrapper.rb', __FILE__) + " -i OSVDB-89026"
     end
     subject do
@@ -70,12 +97,23 @@ Insecure Source URI found: http://rubygems.org/
     let(:bundle)    { 'secure' }
     let(:directory) { File.join('spec','bundle',bundle) }
+# Skip this test on any Ruby below 1.9.3.
+version = RUBY_VERSION.split(/\./).map(&:to_i)
+if((version[0] == 1 && version[1] >= 9 && version[2] >= 3) || (version[0] >= 2))
     subject do
       Dir.chdir(directory) { sh(command) }
     end
-    it "should print nothing when everything is fine" do
-      subject.strip.should == "No unpatched versions found"
+    it "should notify us properly when everything is fine" do
+      # We check the end of the output because a DB install/update "may" (
+      # _will_, in the case of the test but _may_ in the real world) have been
+      # performed.
+      subject.strip.should =~ /No unpatched versions found\Z/
     end
+else
+    it "should notify us properly when everything is fine" do
+      pending "Requires ActiveSupport 4.x, which requires Ruby >= 1.9.3."
+    end
+end
   end
 end

data/spec/spec_helper.rb CHANGED Viewed

@@ -10,12 +10,14 @@ if((version[0] == 1 && version[1] >= 9) || (version[0] >= 2))
 end
 require 'rspec'
+require 'tmpdir'
 require 'bundler/audit'
 require 'bundler/audit/version'
 module Helpers
   def sh(command, options={})
     Bundler.with_clean_env do
+      ENV["SIMPLECOV_COMMAND_NAME"] = example.full_description
       result = `#{command} 2>&1`
       raise "FAILED #{command}\n#{result}" if $?.success? == !!options[:fail]
       result
@@ -25,56 +27,14 @@ module Helpers
   def decolorize(string)
     string.gsub(/\e\[\d+m/, "")
   end
-  def executable
-    File.expand_path(File.join('..','..','bin','bundle-audit'), __FILE__)
-  end
-  def audit_in_directory(additions, directory, options={})
-    Dir.chdir(directory) { decolorize(sh([executable, additions].compact.join(' '), options)) }
-  end
-  def mocked_user_path
-    File.expand_path('../../tmp/data', __FILE__)
-  end
-  def expect_update_to_clone_repo!
-    Bundler::Audit::Database.
-      should_receive(:system).
-      with('git', 'clone', Bundler::Audit::Database::VENDORED_PATH, mocked_user_path).
-      and_call_original
-  end
-  def expect_update_to_update_repo!
-    Bundler::Audit::Database.
-      should_receive(:system).
-      with('git', 'pull', 'origin', 'master').
-      and_call_original
-  end
-  def fake_a_commit_in_the_user_repo
-    Dir.chdir(mocked_user_path) do
-      system 'git', 'commit', '--allow-empty', '-m', 'Dummy commit.'
-    end
-  end
-  def roll_user_repo_back(num_commits)
-    Dir.chdir(mocked_user_path) do
-      system 'git', 'checkout', "HEAD~#{num_commits}"
-      system 'git', 'branch', '-f', 'master', 'HEAD'
-      system 'git', 'checkout', 'master'
-    end
-  end
 end
 include Bundler::Audit
 RSpec.configure do |config|
-  include Helpers
+  config.include Helpers
-  config.before(:each) do
-    stub_const("Bundler::Audit::Database::URL", Bundler::Audit::Database::VENDORED_PATH)
-    stub_const("Bundler::Audit::Database::USER_PATH", mocked_user_path)
-    FileUtils.rm_rf mocked_user_path if(File.exist?(mocked_user_path))
+  config.before(:suite) do
+    Database.path = Dir.mktmpdir('ruby-advisory-db')
   end
 end