spec/advisory_spec.rb in mrjoy-bundler-audit-0.1.4 vs spec/advisory_spec.rb in mrjoy-bundler-audit-0.2.1
- old
+ new
@@ -3,22 +3,28 @@
require 'bundler/audit/advisory'
describe Bundler::Audit::Advisory do
let(:root) { Bundler::Audit::Database::PATH }
let(:gem) { 'actionpack' }
- let(:path) { File.join(root,gem,"OSVDB-89026.yml") }
- let(:cve) { YAML.load(File.read(path))['cve'] }
+ let(:id) { 'OSVDB-84243' }
+ let(:path) { File.join(root,gem,"#{id}.yml") }
let(:an_unaffected_version) do
- YAML.load(File.read(path))['unaffected_versions'].first.sub(/^.*?(~>|>=|>|=)\s+/, '')
+ YAML.
+ load(File.read(path))['unaffected_versions'].
+ map { |item| item.split(/\s*,\s*/) }.
+ flatten.
+ select { |ver| ver =~ /^(~>|>=|=|<=)/ }.
+ first.
+ sub(/^.*?(~>|>=|=|<=)\s+/, '')
end
describe "load" do
let(:data) { YAML.load_file(path) }
subject { described_class.load(path) }
- its(:cve) { should == cve }
+ its(:id) { should == id }
its(:url) { should == data['url'] }
its(:title) { should == data['title'] }
its(:cvss_v2) { should == data['cvss_v2'] }
its(:description) { should == data['description'] }
@@ -56,13 +62,10 @@
its(:criticality) { should == :high }
end
end
describe "#unaffected?" do
- let(:gem) { 'activerecord' }
- let(:path) { File.join(root,gem,"OSVDB-82403.yml") }
-
subject { described_class.load(path) }
context "when passed a version that matches one unaffected version" do
let(:version) { Gem::Version.new(an_unaffected_version) }
@@ -90,11 +93,11 @@
subject.patched?(version).should be_true
end
end
context "when passed a version that matches no patched version" do
- let(:version) { Gem::Version.new('3.1.9') }
+ let(:version) { Gem::Version.new('2.9.0') }
it "should return false" do
subject.patched?(version).should be_false
end
end
@@ -110,19 +113,16 @@
subject.vulnerable?(version).should be_false
end
end
context "when passed a version that matches no patched version" do
- let(:version) { Gem::Version.new('3.1.9') }
+ let(:version) { Gem::Version.new('2.9.0') }
it "should return true" do
subject.vulnerable?(version).should be_true
end
context "when unaffected_versions is not empty" do
- let(:gem) { 'activerecord' }
- let(:path) { File.join(root,gem,"OSVDB-82403.yml") }
-
subject { described_class.load(path) }
context "when passed a version that matches one unaffected version" do
let(:version) { Gem::Version.new(an_unaffected_version) }