mrjoy-bundler-audit 0.3.5 → 0.3.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3960f49194360e5a5f36eec308bab61e5345e3bc
4
- data.tar.gz: 65196e264e5b6d57fa4b614aabe3186bc21b3fdf
3
+ metadata.gz: efd968fefc4bf12f7a35f45ddd45f725a67e5e6e
4
+ data.tar.gz: 9e504d1ef5237d53857b8c97729661c9e4b73b9a
5
5
  SHA512:
6
- metadata.gz: 234b6d8519148b7678e6054f254a0424ad5e8afdb1692a30960f69da57fcbe336db9a1a7ad6466e4660d0498fd1ae74749188241897d0d58e7f40f447f78c270
7
- data.tar.gz: 54ee313243314ce7605c7d794d955adbadb694288308248faaa1d8d5e7fb8a44b2b690a3d73430644bc3a0f3351ccf51fc7fadd742e23f72979d07fe022e367a
6
+ metadata.gz: 612bb1ace172feb56def6579fb54129b4adc8eed89f06509c2548f6505b7d52f1bb42e9b4278dee66c9a5d461217e440cab6cfb5428a66967ae0773169547b3a
7
+ data.tar.gz: 629aa69931ef24c367ddbf5ae59d6543127846524ae955b9f665532179e9c623638af6cf96a2d398560ec70d364fbd1ca8a5bfa2db0088de4bb289bb13911277
data/.travis.yml CHANGED
@@ -6,4 +6,3 @@ rvm:
6
6
  - 2.1.0
7
7
  - 2.1.1
8
8
  - rbx-2.2.6
9
- - jruby-1.7.11
data/ChangeLog.md CHANGED
@@ -1,3 +1,8 @@
1
+ ### mrjoy-0.3.6 / 2014-04-16
2
+
3
+ * Improve user experience when insecure sources -- but no insecure gem
4
+ versions -- are found.
5
+
1
6
  ### mrjoy-0.3.5 / 2014-04-16
2
7
 
3
8
  * Improve user experience when no vulnerability DB has been downloaded.
data/README.md CHANGED
@@ -21,16 +21,20 @@ Patch-level verification for [Bundler][bundler].
21
21
 
22
22
  ## Benefits of This Fork
23
23
 
24
- * **IMPORTANT**: At present, the upstream repository (v0.3.0) will tend to use
25
- an *older* vendored copy of the vulnerability database despite the user
26
- installing a local cache! As of v0.3.2, this fork is *not* susceptible to
27
- this problem. [Read here for more info.](https://github.com/rubysec/bundler-audit/issues/48)
28
- * Kept up to date with upstream frequently.
24
+ This fork is kept up to date with both `master` and relevant branches from
25
+ upstream frequently. In addition:
26
+
27
+ * **IMPORTANT**: At present, the upstream repository's master branch and
28
+ current gem release (v0.3.0) will tend to use an *older* vendored copy of the
29
+ vulnerability database despite the user installing a local cache! As of
30
+ v0.3.2, this fork is *not* susceptible to this problem.
31
+ [Read here for more info.](https://github.com/rubysec/bundler-audit/issues/48)
29
32
  * Simpler, more robust testing infrastructure for greater assurance of code
30
33
  quality, and easier contribution.
31
34
  * Simplified code (see CodeClimate results) to enable more easily reasoning
32
35
  about the code.
33
- * Improve the upstream version's excellent 95.82% C1 covde coverage to 100%.
36
+ * Emphasis on improving the upstream version's excellent 95.82% C0 code
37
+ coverage to as close to 100% as possible.
34
38
 
35
39
  ## Synopsis
36
40
 
@@ -42,28 +42,39 @@ module Bundler
42
42
  print_setup_instructions
43
43
  exit 1
44
44
  end
45
- vulnerable = false
46
45
 
47
46
  # attempt update the database before doing a scan
48
47
  scanner.database.update!
49
48
 
49
+ unpatched_versions = false
50
+ insecure_sources = false
50
51
  scanner.scan(:ignore => options.ignore) do |result|
51
- vulnerable = true
52
52
 
53
53
  case result
54
54
  when Scanner::InsecureSource
55
+ insecure_sources = true
55
56
  print_warning "Insecure Source URI found: #{result.source}"
56
57
  when Scanner::UnpatchedGem
58
+ unpatched_versions = true
57
59
  print_advisory result.gem, result.advisory
58
60
  end
59
61
  end
60
62
 
61
- if vulnerable
63
+ if unpatched_versions
62
64
  say "Unpatched versions found!", :red
63
- exit 1
64
65
  else
65
66
  say "No unpatched versions found", :green
66
67
  end
68
+
69
+ if insecure_sources
70
+ say "Insecure sources found!", :red
71
+ else
72
+ say "No insecure sources found", :green
73
+ end
74
+
75
+ if unpatched_versions || insecure_sources
76
+ exit 1
77
+ end
67
78
  end
68
79
 
69
80
  desc 'update', 'Updates the ruby-advisory-db'
@@ -20,6 +20,6 @@
20
20
  module Bundler
21
21
  module Audit
22
22
  # bundler-audit version
23
- VERSION = '0.3.5'
23
+ VERSION = '0.3.6'
24
24
  end
25
25
  end
@@ -77,7 +77,7 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
77
77
  it "should show the version and number of known advisories" do
78
78
  # It prints a name based on $0, so our wrapper mucks up the display in a
79
79
  # predictable way.
80
- subject.should match(/^wrapper\.rb #{Regexp.quote('0.3.4')} \(advisories: \d+\)/)
80
+ subject.should match(/^wrapper\.rb #{Regexp.quote(Bundler::Audit::VERSION)} \(advisories: \d+\)/)
81
81
  end
82
82
  end
83
83
 
@@ -111,6 +111,8 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
111
111
  Insecure Source URI found: git://github.com/rails/jquery-rails.git
112
112
  Insecure Source URI found: http://rubygems.org/
113
113
  }.strip)
114
+
115
+ subject.should include(%{Insecure sources found!})
114
116
  end
115
117
  end
116
118
 
@@ -129,7 +131,8 @@ if((version[0] == 1 && version[1] >= 9 && version[2] >= 3) || (version[0] >= 2))
129
131
  # We check the end of the output because a DB install/update "may" (
130
132
  # _will_, in the case of the test but _may_ in the real world) have been
131
133
  # performed.
132
- subject.strip.should =~ /No unpatched versions found\Z/
134
+ subject.should =~ /^No unpatched versions found$/
135
+ subject.should =~ /^No insecure sources found$/
133
136
  end
134
137
  else
135
138
  it "should notify us properly when everything is fine" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mrjoy-bundler-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.5
4
+ version: 0.3.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Postmodern