Skip to content

Commit e579488

Browse files
maxjacobsonmaxjacobson
committed
Bump database
Also made some tweaks to the test to try and make it a little easier to figure out what changed. It's still a little tricky but hopefully more helpful now.
1 parent a4888cf commit e579488

File tree

5 files changed

+37
-14
lines changed

5 files changed

+37
-14
lines changed

DATABASE_VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
Mon Aug 14 10:13:11 EDT 2017
1+
Tue Jan 30 11:08:21 EST 2018

spec/cc/engine/bundler_audit/analyzer_spec.rb

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,7 @@ module CC::Engine::BundlerAudit
2424

2525
issues = analyze_directory(directory, engine_config_path: path)
2626

27-
expected_issues("unpatched_versions").each do |expected_issue|
28-
expect(issues).to include(expected_issue)
29-
end
27+
expect(expected_issues("unpatched_versions")).to be_present_in(issues)
3028
end
3129
end
3230

@@ -36,9 +34,7 @@ module CC::Engine::BundlerAudit
3634

3735
issues = analyze_directory(directory, engine_config_path: path)
3836

39-
expected_issues("insecure_sources").each do |expected_issue|
40-
expect(issues).to include(expected_issue)
41-
end
37+
expect(expected_issues("insecure_sources")).to be_present_in(issues)
4238
end
4339
end
4440

@@ -48,9 +44,7 @@ module CC::Engine::BundlerAudit
4844

4945
issues = analyze_directory(directory, engine_config_path: path)
5046

51-
expected_issues("alphanumeric_versions").each do |expected_issue|
52-
expect(issues).to include(expected_issue)
53-
end
47+
expect(expected_issues("alphanumeric_versions")).to be_present_in(issues)
5448
end
5549
end
5650

spec/fixtures/unpatched_versions/issues.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -278,7 +278,7 @@
278278
],
279279
"check_name": "Insecure Dependency",
280280
"content": {
281-
"body": "**Advisory**: CVE-2015-7578\n\n**URL**: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI\n\n**Solution**: upgrade to ~> 1.0.3"
281+
"body": "**Advisory**: CVE-2015-7578\n\n**URL**: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI\n\n**Solution**: upgrade to >= 1.0.3"
282282
},
283283
"description": "Possible XSS vulnerability in rails-html-sanitizer",
284284
"fingerprint": "b344012bca53e8faaafbf0f943776ea0",
@@ -299,7 +299,7 @@
299299
],
300300
"check_name": "Insecure Dependency",
301301
"content": {
302-
"body": "**Advisory**: CVE-2015-7580\n\n**URL**: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI\n\n**Solution**: upgrade to ~> 1.0.3"
302+
"body": "**Advisory**: CVE-2015-7580\n\n**URL**: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI\n\n**Solution**: upgrade to >= 1.0.3"
303303
},
304304
"description": "Possible XSS vulnerability in rails-html-sanitizer",
305305
"fingerprint": "10818805098b10f2fe6e181f0961445c",
@@ -341,7 +341,7 @@
341341
],
342342
"check_name": "Insecure Dependency",
343343
"content": {
344-
"body": "**Advisory**: CVE-2016-4658\n\n**URL**: https://github.com/sparklemotion/nokogiri/issues/1615\n\n**Solution**: upgrade to >= 1.7.1"
344+
"body": "**Advisory**: CVE-2016-4658\n\n**Criticality**: High\n\n**URL**: https://github.com/sparklemotion/nokogiri/issues/1615\n\n**Solution**: upgrade to >= 1.7.1"
345345
},
346346
"description": "Nokogiri gem contains several vulnerabilities in libxml2 and libxslt",
347347
"location": {
@@ -352,7 +352,7 @@
352352
}
353353
},
354354
"remediation_points": 5000000,
355-
"severity": "normal",
355+
"severity": "critical",
356356
"type": "Issue",
357357
"fingerprint": "7cb910edbbeae3af56dcd8e4b7546bca"
358358
},

spec/spec_helper.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,5 @@
44
require "pry"
55

66
require "cc/engine/bundler_audit"
7+
8+
require "support/be_present_in_helper"

spec/support/be_present_in_helper.rb

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
module BePresentInHelper
2+
def find_missing(expected_set, actual_set)
3+
expected_set.select { |expected_set_member| !actual_set.include?(expected_set_member) }
4+
end
5+
6+
def find_extra(expected_set, actual_set)
7+
actual_set.select { |actual_set_member| !expected_set.include?(actual_set_member) }
8+
end
9+
10+
RSpec::Matchers.define :be_present_in do |actual_set|
11+
match do |expected_set|
12+
find_missing(expected_set, actual_set).none?
13+
end
14+
15+
failure_message do |expected_set|
16+
missing = find_missing(expected_set, actual_set).map { |issue| issue["description"] }
17+
extra = find_extra(expected_set, actual_set)
18+
extra_description = extra.map { |issue| issue["description"] }
19+
20+
"Expected these issues to be present, but they weren't: \n#{missing.join("\n")}.\n\nFurther, these issues were present, but not expected (which is OK, but you could expect them if you want to): \n#{extra_description.join("\n")}\n\nFull JSON for the extra ones, in case you want to copy them into the expectation: \n#{JSON.pretty_generate(extra)}"
21+
end
22+
end
23+
end
24+
25+
RSpec.configure do |conf|
26+
conf.include(BePresentInHelper)
27+
end

0 commit comments

Comments
 (0)