jonkessler
commented
10 years ago I made a couple minor comments. If you could make those changes and squash your commits, I'll go ahead and merge. Thanks for the contribution!
Closed vaneyckt closed 10 years ago
jonkessler
commented
10 years ago I made a couple minor comments. If you could make those changes and squash your commits, I'll go ahead and merge. Thanks for the contribution!
vaneyckt
commented
10 years ago @jonkessler thanks for the comments. That should be good to go now :rocket:
vaneyckt
commented
10 years ago Hey again,
calling the runner directly (or with system() for that matter) causes stdout to be written to the command line (''Retrieving gem information', 'Retrieving vulnerability data', ...'). Such behavior is not in line with standard spec test behavior.
On top of that, calling the runner directly causes 'exit' to be called if a gem has a vulnerability. This causes the rspec test to fail with SystemExit instead of Rspec Failure.
I've changed the code to deal with both problems. It still requires shelling out though. Not sure how you feel about that.
jonkessler
commented
10 years ago Yeah, I was actually thinking about changing the runner so that it returns true/false rather than just exiting, which would fix that issue. I'm not too bothered by the stdout writing, to be honest, but I might add a flag to disable that output. In any case, we can always change it later. Thanks again.
Hi there,
thank you for this useful gem :). We've found that incorporating these kinds of tests into our rspec coverage is often the easiest way to incorporate such checks into an existing CI build process. The code here is nothing special, it just facilitates setting up such a thing as much as possible.