mrjoy-bundler-audit 0.3.5 → 0.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3960f49194360e5a5f36eec308bab61e5345e3bc
-  data.tar.gz: 65196e264e5b6d57fa4b614aabe3186bc21b3fdf
+  metadata.gz: efd968fefc4bf12f7a35f45ddd45f725a67e5e6e
+  data.tar.gz: 9e504d1ef5237d53857b8c97729661c9e4b73b9a
 SHA512:
-  metadata.gz: 234b6d8519148b7678e6054f254a0424ad5e8afdb1692a30960f69da57fcbe336db9a1a7ad6466e4660d0498fd1ae74749188241897d0d58e7f40f447f78c270
-  data.tar.gz: 54ee313243314ce7605c7d794d955adbadb694288308248faaa1d8d5e7fb8a44b2b690a3d73430644bc3a0f3351ccf51fc7fadd742e23f72979d07fe022e367a
+  metadata.gz: 612bb1ace172feb56def6579fb54129b4adc8eed89f06509c2548f6505b7d52f1bb42e9b4278dee66c9a5d461217e440cab6cfb5428a66967ae0773169547b3a
+  data.tar.gz: 629aa69931ef24c367ddbf5ae59d6543127846524ae955b9f665532179e9c623638af6cf96a2d398560ec70d364fbd1ca8a5bfa2db0088de4bb289bb13911277

data/.travis.yml

@@ -6,4 +6,3 @@ rvm:
   - 2.1.0
   - 2.1.1
   - rbx-2.2.6
-  - jruby-1.7.11

data/ChangeLog.md

@@ -1,3 +1,8 @@
+### mrjoy-0.3.6 / 2014-04-16
+
+* Improve user experience when insecure sources -- but no insecure gem
+  versions -- are found.
+
 ### mrjoy-0.3.5 / 2014-04-16
 
 * Improve user experience when no vulnerability DB has been downloaded.

data/README.md

@@ -21,16 +21,20 @@ Patch-level verification for [Bundler][bundler].
 
 ## Benefits of This Fork
 
-* **IMPORTANT**: At present, the upstream repository (v0.3.0) will tend to use
-  an *older* vendored copy of the vulnerability database despite the user
-  installing a local cache!  As of v0.3.2, this fork is *not* susceptible to
-  this problem.  [Read here for more info.](https://github.com/rubysec/bundler-audit/issues/48)
-* Kept up to date with upstream frequently.
+This fork is kept up to date with both `master` and relevant branches from
+upstream frequently.  In addition:
+
+* **IMPORTANT**: At present, the upstream repository's master branch and
+  current gem release (v0.3.0) will tend to use an *older* vendored copy of the
+  vulnerability database despite the user installing a local cache!  As of
+  v0.3.2, this fork is *not* susceptible to this problem.
+  [Read here for more info.](https://github.com/rubysec/bundler-audit/issues/48)
 * Simpler, more robust testing infrastructure for greater assurance of code
   quality, and easier contribution.
 * Simplified code (see CodeClimate results) to enable more easily reasoning
   about the code.
-* Improve the upstream version's excellent 95.82% C1 covde coverage to 100%.
+* Emphasis on improving the upstream version's excellent 95.82% C0 code
+  coverage to as close to 100% as possible.
 
 ## Synopsis
 

data/lib/bundler/audit/cli.rb

@@ -42,28 +42,39 @@ module Bundler
           print_setup_instructions
           exit 1
         end
-        vulnerable = false
 
         # attempt update the database before doing a scan
         scanner.database.update!
 
+        unpatched_versions = false
+        insecure_sources = false
         scanner.scan(:ignore => options.ignore) do |result|
-          vulnerable = true
 
           case result
           when Scanner::InsecureSource
+          insecure_sources = true
             print_warning "Insecure Source URI found: #{result.source}"
           when Scanner::UnpatchedGem
+            unpatched_versions = true
             print_advisory result.gem, result.advisory
           end
         end
 
-        if vulnerable
+        if unpatched_versions
           say "Unpatched versions found!", :red
-          exit 1
         else
           say "No unpatched versions found", :green
         end
+
+        if insecure_sources
+          say "Insecure sources found!", :red
+        else
+          say "No insecure sources found", :green
+        end
+
+        if unpatched_versions || insecure_sources
+          exit 1
+        end
       end
 
       desc 'update', 'Updates the ruby-advisory-db'

data/lib/bundler/audit/version.rb

@@ -20,6 +20,6 @@
 module Bundler
   module Audit
     # bundler-audit version
-    VERSION = '0.3.5'
+    VERSION = '0.3.6'
   end
 end

data/spec/integration_spec.rb

@@ -77,7 +77,7 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
     it "should show the version and number of known advisories" do
       # It prints a name based on $0, so our wrapper mucks up the display in a
       # predictable way.
-      subject.should match(/^wrapper\.rb #{Regexp.quote('0.3.4')} \(advisories: \d+\)/)
+      subject.should match(/^wrapper\.rb #{Regexp.quote(Bundler::Audit::VERSION)} \(advisories: \d+\)/)
     end
   end
 
@@ -111,6 +111,8 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
 Insecure Source URI found: git://github.com/rails/jquery-rails.git
 Insecure Source URI found: http://rubygems.org/
       }.strip)
+
+      subject.should include(%{Insecure sources found!})
     end
   end
 
@@ -129,7 +131,8 @@ if((version[0] == 1 && version[1] >= 9 && version[2] >= 3) || (version[0] >= 2))
       # We check the end of the output because a DB install/update "may" (
       # _will_, in the case of the test but _may_ in the real world) have been
       # performed.
-      subject.strip.should =~ /No unpatched versions found\Z/
+      subject.should =~ /^No unpatched versions found$/
+      subject.should =~ /^No insecure sources found$/
     end
 else
     it "should notify us properly when everything is fine" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mrjoy-bundler-audit
 version: !ruby/object:Gem::Version
-  version: 0.3.5
+  version: 0.3.6
 platform: ruby
 authors:
 - Postmodern