New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make tests more resilient to changes in details of the output from `bundler-audit`. #52

merged 3 commits into from Dec 9, 2013


None yet
2 participants

MrJoy commented Dec 8, 2013

This will eliminate a large number of spurious test failures associated with particular gems having vulnerabilities discovered in them.

It won't help when a gem in the secure bundle becomes known to be vulnerable (and includes an update for exactly that situation), but it will help considerably reduce false-positives in the unpatched_gems tests.

MrJoy added some commits Sep 13, 2013

Make tests more resilient to updates in vulnerability data.
This should cause tests to fail when the format changes, but prevent
failures simply because a previously-not-known-to-be-vulnerable
version had a vulnerability discovered in it.

The caveat is that the `secure` bundle will still kvetch when one of
its gems comes up vulnerable, since it's expected to have ZERO
matches.  In that case, the relevant Gemfile/Gemfile.lock need to be
DRY up a bit.
While this code is more complex, it doesn't duplicate logic from

This comment has been minimized.


MrJoy commented Dec 8, 2013

Follow-up commit is to address the hoary-code issue you brought up before. I'm not sure this is less fugly, but it's at least DRYer...

postmodern added a commit that referenced this pull request Dec 9, 2013

Merge pull request #52 from MrJoy/make_tests_more_resilient2
Make tests more resilient to changes in details of the output from `bundler-audit`.

@postmodern postmodern merged commit cf70265 into rubysec:master Dec 9, 2013

1 check passed

default The Travis CI build passed

@MrJoy MrJoy deleted the MrJoy:make_tests_more_resilient2 branch Dec 10, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment