mrjoy-bundler-audit 0.3.4 → 0.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog.md +5 -0
- data/lib/bundler/audit/cli.rb +29 -3
- data/lib/bundler/audit/version.rb +1 -1
- data/spec/integration_spec.rb +21 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3960f49194360e5a5f36eec308bab61e5345e3bc
|
|
4
|
+
data.tar.gz: 65196e264e5b6d57fa4b614aabe3186bc21b3fdf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 234b6d8519148b7678e6054f254a0424ad5e8afdb1692a30960f69da57fcbe336db9a1a7ad6466e4660d0498fd1ae74749188241897d0d58e7f40f447f78c270
|
|
7
|
+
data.tar.gz: 54ee313243314ce7605c7d794d955adbadb694288308248faaa1d8d5e7fb8a44b2b690a3d73430644bc3a0f3351ccf51fc7fadd742e23f72979d07fe022e367a
|
data/ChangeLog.md
CHANGED
data/lib/bundler/audit/cli.rb
CHANGED
|
@@ -36,7 +36,12 @@ module Bundler
|
|
|
36
36
|
method_option :ignore, :type => :array, :aliases => '-i'
|
|
37
37
|
|
|
38
38
|
def check
|
|
39
|
-
|
|
39
|
+
begin
|
|
40
|
+
scanner = Scanner.new
|
|
41
|
+
rescue ArgumentError
|
|
42
|
+
print_setup_instructions
|
|
43
|
+
exit 1
|
|
44
|
+
end
|
|
40
45
|
vulnerable = false
|
|
41
46
|
|
|
42
47
|
# attempt update the database before doing a scan
|
|
@@ -71,9 +76,20 @@ module Bundler
|
|
|
71
76
|
|
|
72
77
|
desc 'version', 'Prints the bundler-audit version'
|
|
73
78
|
def version
|
|
74
|
-
|
|
79
|
+
cmd = File.basename($0)
|
|
80
|
+
advisories = nil
|
|
81
|
+
begin
|
|
82
|
+
database = Database.new
|
|
83
|
+
advisories = " (advisories: #{database.size})"
|
|
84
|
+
rescue ArgumentError
|
|
85
|
+
# Don't have a database yet.
|
|
86
|
+
end
|
|
75
87
|
|
|
76
|
-
|
|
88
|
+
say "#{cmd} #{VERSION}#{advisories}", :bold
|
|
89
|
+
if advisories.nil?
|
|
90
|
+
print_setup_instructions
|
|
91
|
+
exit 1
|
|
92
|
+
end
|
|
77
93
|
end
|
|
78
94
|
|
|
79
95
|
protected
|
|
@@ -106,6 +122,16 @@ module Bundler
|
|
|
106
122
|
end
|
|
107
123
|
|
|
108
124
|
protected
|
|
125
|
+
|
|
126
|
+
def print_setup_instructions
|
|
127
|
+
say ""
|
|
128
|
+
print_warning "You don't have a copy of the Ruby vulnerabilities database yet."
|
|
129
|
+
print_warning "To get the database, please run:"
|
|
130
|
+
say ""
|
|
131
|
+
print_warning " #{$0} update"
|
|
132
|
+
say ""
|
|
133
|
+
end
|
|
134
|
+
|
|
109
135
|
def print_affected_gem(gem)
|
|
110
136
|
say "Name: ", :red
|
|
111
137
|
say gem.name
|
data/spec/integration_spec.rb
CHANGED
|
@@ -60,6 +60,27 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
|
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
+
context "when displaying bundler-audit version" do
|
|
64
|
+
let(:bundle) { 'unpatched_gems' }
|
|
65
|
+
let(:directory) { File.join('spec','bundle',bundle) }
|
|
66
|
+
|
|
67
|
+
let(:command) do
|
|
68
|
+
File.expand_path('../bundle/wrapper.rb', __FILE__) + " version"
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
subject do
|
|
72
|
+
# Ignoring failure here as bundle-audit version seems to return a
|
|
73
|
+
# non-zero status, and
|
|
74
|
+
Dir.chdir(directory) { sh(command, :fail => false) }
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
it "should show the version and number of known advisories" do
|
|
78
|
+
# It prints a name based on $0, so our wrapper mucks up the display in a
|
|
79
|
+
# predictable way.
|
|
80
|
+
subject.should match(/^wrapper\.rb #{Regexp.quote('0.3.4')} \(advisories: \d+\)/)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
63
84
|
context "when auditing a bundle with ignored gems" do
|
|
64
85
|
let(:bundle) { 'unpatched_gems' }
|
|
65
86
|
let(:directory) { File.join('spec','bundle',bundle) }
|