require 'spec_helper'
describe "CLI" do
include Helpers
let(:command) do
File.expand_path('../bundle/wrapper.rb', __FILE__)
end
context "when auditing a bundle with unpatched gems" do
let(:bundle) { 'unpatched_gems' }
let(:directory) { File.join('spec','bundle',bundle) }
context "in default display mode" do
subject do
Dir.chdir(directory) { sh(command, :fail => true) }
end
it "should print a warning" do
subject.should include("Unpatched versions found!")
end
it "should print advisory information for the vulnerable gems" do
advisory_pattern = /(Name: [^\n]+
Version: \d+.\d+.\d+
Advisory: OSVDB-\d+
Criticality: (High|Medium)
URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
Title: [^\n]*?
Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
expect(subject).to match(advisory_pattern)
expect(subject).to include("Unpatched versions found!")
end
end
context "in verbose display mode" do
subject do
Dir.chdir(directory) { sh(command + " --verbose", :fail => true) }
end
it "should print a warning" do
subject.should include("Unpatched versions found!")
end
it "should print advisory information for the vulnerable gems" do
advisory_pattern = /(Name: [^\n]+
Version: \d+.\d+.\d+
Advisory: OSVDB-\d+
Criticality: (High|Medium)
URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
Description:
(( .*?)?\n)+
Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
expect(subject).to match(advisory_pattern)
expect(subject).to include("Unpatched versions found!")
end
end
end
context "when displaying bundler-audit version" do
let(:bundle) { 'unpatched_gems' }
let(:directory) { File.join('spec','bundle',bundle) }
let(:command) do
File.expand_path('../bundle/wrapper.rb', __FILE__) + " version"
end
subject do
# Ignoring failure here as bundle-audit version seems to return a
# non-zero status, and
Dir.chdir(directory) { sh(command, :fail => false) }
end
it "should show the version and number of known advisories" do
# It prints a name based on $0, so our wrapper mucks up the display in a
# predictable way.
subject.should match(/^wrapper\.rb #{Regexp.quote(Bundler::Audit::VERSION)} \(advisories: \d+\)/)
end
end
context "when auditing a bundle with ignored gems" do
let(:bundle) { 'unpatched_gems' }
let(:directory) { File.join('spec','bundle',bundle) }
let(:command) do
File.expand_path('../bundle/wrapper.rb', __FILE__) + " -i OSVDB-89026"
end
subject do
Dir.chdir(directory) { sh(command, :fail => true) }
end
it "should not print advisory information for ignored gem" do
subject.should_not include("OSVDB-89026")
end
end
context "when auditing a bundle with insecure sources" do
let(:bundle) { 'insecure_sources' }
let(:directory) { File.join('spec','bundle',bundle) }
subject do
Dir.chdir(directory) { sh(command, :fail => true) }
end
it "should print warnings about insecure sources" do
subject.should include(%{
Insecure Source URI found: git://github.com/rails/jquery-rails.git
Insecure Source URI found: http://rubygems.org/
}.strip)
subject.should include(%{Insecure sources found!})
end
end
context "when auditing a secure bundle" do
let(:bundle) { 'secure' }
let(:directory) { File.join('spec','bundle',bundle) }
subject do
Dir.chdir(directory) { sh(command) }
end
it "should notify us properly when everything is fine" do
# We check the end of the output because a DB install/update "may" (
# _will_, in the case of the test but _may_ in the real world) have been
# performed.
subject.should =~ /^No unpatched versions found$/
subject.should =~ /^No insecure sources found$/
end
end
end