require 'spec_helper'

describe "CLI" do
  include Helpers

  let(:directory) { File.join('spec','bundle',bundle) }

  context "when auditing a vulnerable bundle" do
    let(:bundle)    { 'unpatched_gems' }

    it "should print advisory information for the vulnerable gems" do
      output = audit_in_directory "", directory, :fail => true
      # Doing this so we can get an exact count on the number of
      # vulnerabilities we should match with the regex below.
      vuln_count = output.split(/Name:/).length - 1 # Less one for the
                                                    # zero-width prefix before
                                                    # the first match.

      # Note the "{8,}" below indicates the minimum number of advisories that
      # we should see matches for -- as a particular version of code will never
      advisory_pattern = /(Name: [^\n]+
Version: \d+\.\d+\.\d+
Advisory: OSVDB-\d+
Criticality: (High|Medium)
URL: http:\/\/(direct\.|www\.)?osvdb\.org\/show\/osvdb\/\d+
Title: [^\n]+
Solution: upgrade to ((~>|=>|>=) \d+\.\d+\.\d+, )*((~>|=>|>=) \d+\.\d+\.\d+)[\s\n]*?){#{vuln_count}}/
      expect(vuln_count).to be >= 8 # As of 2013-11-04, this bundle turns up 8
                                    # vulns.  That could increase over time of
                                    # course.
      expect(output).to match(advisory_pattern)
      expect(output).to include("Unpatched versions found!")
    end
  end

  context "when auditing a bundle with ignored gems" do
    let(:bundle)    { 'unpatched_gems' }

    it "should not print advisory information for ignored gem" do
      output = audit_in_directory "-i OSVDB-89026", directory, :fail => true

      expect(output).to_not include("OSVDB-89026")
    end
  end

  context "when auditing a bundle with insecure sources" do
    let(:bundle)    { 'insecure_sources' }

    it "should print warnings about insecure sources" do
      output = audit_in_directory "", directory, :fail => true
      expect(output).to include(%{
Insecure Source URI found: git://github.com/rails/jquery-rails.git
Insecure Source URI found: http://rubygems.org/
      }.strip)
    end
  end


  context "when auditing a secure bundle" do
    let(:bundle)    { 'secure' }

    it "should print nothing when everything is fine" do
      output = audit_in_directory "", directory
      expect(output.strip).to eq "No unpatched versions found"
    end
  end
end