require 'spec_helper'

# class DependencyMockup
#   include Dawn::Kb::DependencyCheck

#   def initialize
#     message = "This is a mock"
#     super(
#       :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
#       :applies=>['sinatra', 'padrino', 'rails'],
#       :message=> message
#     )
#     # self.debug = true

#     self.safe_dependencies = [{:name=>'this_gem', :version=>['0.3.0', '1.3.3', '2.3.3', '2.4.2', '9.4.31.2']}]
#     self.save_major = true
#   end
# end


describe "The security check for gem dependency should" do
  before(:all) do
    @check = Dawn::Kb::DependencyCheck.new
    @check.kind=Dawn::KnowledgeBase::DEPENDENCY_CHECK
    @check.applies = ['sinatra', 'padrino', 'rails']
    @check.message = "This is a mock"
  end
  # let (:check) {Mockup.new}

  it "gives an unkown priority value" do
    expect(@check.priority).to eq("unknown")
  end

  it "gives the assigned priority value" do
    @check.priority = :critical
    expect(@check.priority).to eq("critical")
  end
  it "gives an unknown severity since no CVSS is provided and no severity is given" do
    expect(@check.severity).to  eq("unknown")
  end

  it "gives the severity level provided. No CVSS is here" do
    @check.severity = :critical
    expect(@check.severity).to  eq("critical")
  end

  it "fires if vulnerable 0.2.9 version is detected" do
    @check.dependencies = [{:name=>"this_gem", :version=>'0.2.9'}]
    expect(@check.vuln?).to    eq(true)
  end
  it "doesn't fire if not vulnerable 0.4.0 version is found" do
    @check.dependencies = [{:name=>"this_gem", :version=>'0.4.0'}]
    expect(@check.vuln?).to    eq(false)
  end

  it "fires if vulnerable 1.3.2 version is found" do
    @check.dependencies = [{:name=>"this_gem", :version=>'1.3.2'}]
    expect(@check.vuln?).to    eq(true)
  end

  it "doesn't fire if not vulnerable 1.4.2 version is found" do
    @check.dependencies = [{:name=>"this_gem", :version=>'1.4.2'}]
    expect(@check.vuln?).to    eq(false)
  end

  it "doesn't fires when a non vulnerable version is found and there is a fixed version with higher minor release but I asked to honor the minor version (useful with rails gem)" do
    @check.dependencies = [{:name=>"this_gem", :version=>'2.3.3'}]
    @check.save_minor = true
    expect(@check.vuln?).to    eq(false)
  end
  it "fires when a vulnerable version (2.3.2) is found even if I asked to save minors..." do
    @check.dependencies = [{:name=>"this_gem", :version=>'2.3.2'}]
    @check.save_minor = true
    expect(@check.vuln?).to    eq(true)

  end


end