integration_spec.rb in mrjoy-bundler-audit-0.3.1

- old
+ new
@@ -1,81 +1,67 @@
 require 'spec_helper'
 
 describe "CLI" do
   include Helpers
 
-  let(:command) do
-    File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit'))
-  end
+  let(:directory) { File.join('spec','bundle',bundle) }
 
-  context "when auditing a bundle with unpatched gems" do
+  context "when auditing a vulnerable bundle" do
     let(:bundle)    { 'unpatched_gems' }
-    let(:directory) { File.join('spec','bundle',bundle) }
 
-    subject do
-      Dir.chdir(directory) { sh(command, :fail => true) }
-    end
-
-    it "should print a warning" do
-      subject.should include("Unpatched versions found!")
-    end
-
     it "should print advisory information for the vulnerable gems" do
+      output = audit_in_directory "", directory, :fail => true
+      # Doing this so we can get an exact count on the number of
+      # vulnerabilities we should match with the regex below.
+      vuln_count = output.split(/Name:/).length - 1 # Less one for the
+                                                    # zero-width prefix before
+                                                    # the first match.
+
+      # Note the "{8,}" below indicates the minimum number of advisories that
+      # we should see matches for -- as a particular version of code will never
       advisory_pattern = /(Name: [^\n]+
-Version: \d+.\d+.\d+
+Version: \d+\.\d+\.\d+
 Advisory: OSVDB-\d+
 Criticality: (High|Medium)
-URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
-Title: [^\n]*?
-Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
-
-      expect(subject).to match(advisory_pattern)
-      expect(subject).to include("Unpatched versions found!")
+URL: http:\/\/(direct\.|www\.)?osvdb\.org\/show\/osvdb\/\d+
+Title: [^\n]+
+Solution: upgrade to ((~>|=>|>=) \d+\.\d+\.\d+, )*((~>|=>|>=) \d+\.\d+\.\d+)[\s\n]*?){#{vuln_count}}/
+      expect(vuln_count).to be >= 8 # As of 2013-11-04, this bundle turns up 8
+                                    # vulns.  That could increase over time of
+                                    # course.
+      expect(output).to match(advisory_pattern)
+      expect(output).to include("Unpatched versions found!")
     end
   end
 
   context "when auditing a bundle with ignored gems" do
     let(:bundle)    { 'unpatched_gems' }
-    let(:directory) { File.join('spec','bundle',bundle) }
 
-    let(:command) do
-      File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit -i OSVDB-89026'))
-    end
+    it "should not print advisory information for ignored gem" do
+      output = audit_in_directory "-i OSVDB-89026", directory, :fail => true
 
-    subject do
-      Dir.chdir(directory) { sh(command, :fail => true) }
+      expect(output).to_not include("OSVDB-89026")
     end
-
-    it "should not print advisory information for ignored gem" do
-      subject.should_not include("OSVDB-89026")
-    end
   end
 
   context "when auditing a bundle with insecure sources" do
     let(:bundle)    { 'insecure_sources' }
-    let(:directory) { File.join('spec','bundle',bundle) }
 
-    subject do
-      Dir.chdir(directory) { sh(command, :fail => true) }
-    end
-
     it "should print warnings about insecure sources" do
-      subject.should include(%{
+      output = audit_in_directory "", directory, :fail => true
+      expect(output).to include(%{
 Insecure Source URI found: git://github.com/rails/jquery-rails.git
 Insecure Source URI found: http://rubygems.org/
       }.strip)
     end
   end
 
+
   context "when auditing a secure bundle" do
     let(:bundle)    { 'secure' }
-    let(:directory) { File.join('spec','bundle',bundle) }
 
-    subject do
-      Dir.chdir(directory) { sh(command) }
-    end
-
     it "should print nothing when everything is fine" do
-      subject.strip.should == "No unpatched versions found"
+      output = audit_in_directory "", directory
+      expect(output.strip).to eq "No unpatched versions found"
     end
   end
 end