Modified ci check to use binstubs or bundle exec if bunstub doesn't exist

[knovoselic]

Correct way to run rake in rails 4 app is to use binstubs. If spring is configured this also means that rake will load faster. If binstub for rake (bin/rake) doesn't exist, bundle exec rake will be used instead.

[coveralls]

Coverage increased (+0.0%) to 98.65% when pulling 9ac45a666db69046bec63a123f5ad75ee2051444 on knovoselic:use_binstubs_or_bundle_exec into 6840a5eed38f4b88d27b0b4c158dbaf522750899 on jish:master.

[mpapis]

-1 using bin/ is not safe.

[mpapis]

if you want to load bundler use rubygemsbundled gem or stop using bundler and do the same with rubygems and single environment variable

[knovoselic]

@mpapis I agree about bundle exec, I haven't thought this through. But why is using bin/ not safe?

[mpapis]

Check http://niczsoft.com/2013/10/please-hack-my-rails/

[knovoselic]

@mpapis thanks. Running bin/rake isn't the same as adding bin to you $PATH. The only way that it can be exploited is if someone is going to commit malicious script into the repo, or am I missing something?

[mpapis]

malicious code is the only concern here, it's no difference if bin/ is in PATH or not, running scripts from there requires extra caution and should not be done in automated way

as for my earlier email instead of rubygemsbundled I meant rubgems-bundler - which makes this pull request obsolete as proper behaviour is achieved without any changes to pre-commit.

[knovoselic]

Ok, thanks, I'll checkout rubygems-bundler.