I just tried to clone and test the app locally and I found these issues:
$ git submodule update --init
error: Server does not allow request for unadvertised object c4fc78ecc3e02d9523d738662e6d6ed2140fed35
Fetched in submodule path 'data/ruby-mem-advisory-db', but it did not contain c4fc78ecc3e02d9523d738662e6d6ed2140fed35. Direct fetching of that commit failed.
When trying to run the tests I found this error:
$ bundle exec rake
cd spec/bundle/secure
unset BUNDLE_BIN_PATH BUNDLE_GEMFILE RUBYOPT && bundle install --path ../../../vendor/bundle
Fetching gem metadata from https://rubygems.org/.............
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...
Bundler could not find compatible versions for gem "bundler":
In Gemfile:
rails (~> 4.2.7.1) was resolved to 4.2.7.1, which depends on
bundler (>= 1.3.0, < 2.0)
Current Bundler version:
bundler (2.0.1)
This Gemfile requires a different version of Bundler.
Perhaps you need to update Bundler by running `gem install bundler`?
Could not find gem 'bundler (>= 1.3.0, < 2.0)', which is required by gem 'rails (~> 4.2.7.1)', in any of the sources.
rake aborted!
Command failed with status (6): [unset BUNDLE_BIN_PATH BUNDLE_GEMFILE RUBYO...]
/Users/etagwerker/Projects/fastruby/bundler-leak/Rakefile:45:in `block (4 levels) in <top (required)>'
/Users/etagwerker/Projects/fastruby/bundler-leak/Rakefile:44:in `block (3 levels) in <top (required)>'
/Users/etagwerker/Projects/fastruby/bundler-leak/Rakefile:43:in `each'
/Users/etagwerker/Projects/fastruby/bundler-leak/Rakefile:43:in `block (2 levels) in <top (required)>'
/Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/rake-12.3.3/exe/rake:27:in `<top (required)>'
/Users/etagwerker/.rvm/gems/ruby-2.5.1/bin/ruby_executable_hooks:24:in `eval'
/Users/etagwerker/.rvm/gems/ruby-2.5.1/bin/ruby_executable_hooks:24:in `<main>'
Tasks: TOP => default => spec => spec:bundle
(See full trace by running task with --trace)
I tried with bundle exec rspec spec and I found other errors:
$ bundle exec rspec spec
Bundler::Plumber::Advisory
load
#id
example at ./spec/advisory_spec.rb:34 (FAILED - 1)
#url
example at ./spec/advisory_spec.rb:39 (FAILED - 2)
#title
example at ./spec/advisory_spec.rb:44 (FAILED - 3)
#date
example at ./spec/advisory_spec.rb:49 (FAILED - 4)
#description
example at ./spec/advisory_spec.rb:54 (FAILED - 5)
YAML data not representing a hash
should raise an exception
#patched_versions
should all be Gem::Requirement objects (FAILED - 6)
should parse the versions (FAILED - 7)
#unaffected?
when passed a version that matches one unaffected version
should return true (FAILED - 8)
when passed a version that matches no unaffected version
should return false (FAILED - 9)
#patched?
when passed a version that matches one patched version
should return true (FAILED - 10)
when passed a version that matches no patched version
should return false (FAILED - 11)
#vulnerable?
when passed a version that matches one patched version
should return false (FAILED - 12)
when passed a version that matches no patched version
should return true (FAILED - 13)
when unaffected_versions is not empty
when passed a version that matches one unaffected version
should return false (FAILED - 14)
when passed a version that matches no unaffected version
should return true (FAILED - 15)
Bundler::Plumber
should have a VERSION constant
Bundler::Plumber::CLI
#update
not --quiet (the default)
when update succeeds
prints updated message
prints total advisory count
when update fails
prints failure message
exits with error status code
--quiet
when update succeeds
does not print any output
when update fails
prints failure message
exits with error status code
Bundler::Plumber::Database
path
it should be a directory
Cloning into '/Users/etagwerker/Projects/fastruby/bundler-leak/tmp/ruby-mem-advisory-db'...
done.
Timestamp:
[master 801ba71] Dummy commit.
fatal: ambiguous argument 'HEAD~20': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
should prefer the user repo, iff it's as up to date, or more up to date than the vendored one (FAILED - 16)
update!
Cloning into '/Users/etagwerker/Projects/fastruby/bundler-leak/tmp/ruby-mem-advisory-db'...
done.
should create the USER_PATH path as needed
Cloning into '/Users/etagwerker/Projects/fastruby/bundler-leak/tmp/ruby-mem-advisory-db'...
done.
HEAD is now at 231688a Merge pull request #4 from rubymem/add-leaky-gems-missing-fields
should create the repo, then update it given multple successive calls.
#initialize
when given no arguments
should default path to path
when given a directory
should set #path
when given an invalid directory
should raise an ArgumentError
#check_gem
when given a block
should yield every advisory affecting the gem (FAILED - 17)
when given no block
should return an Enumerator
#size
should eq 0
#advisories
should return a list of all advisories.
#to_s
should return the Database path
#inspect
should produce a Ruby-ish instance descriptor
CLI
when auditing a bundle with unpatched gems
should print a warning (FAILED - 18)
should print advisory information for the vulnerable gems (FAILED - 19)
when auditing a secure bundle
should print nothing when everything is fine (FAILED - 20)
update
when advisories update successfully
should print status
Bundler::Plumber::Scanner
#scan
should yield results (FAILED - 21)
when not called with a block
should return an Enumerator (FAILED - 22)
when auditing a bundle with unpatched gems
should match unpatched gems to their advisories (FAILED - 23)
when the :ignore option is given
should ignore the specified advisories (FAILED - 24)
when auditing a secure bundle
should print nothing when everything is fine (FAILED - 25)
Failures:
1) Bundler::Plumber::Advisory load #id
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:33:in `block (4 levels) in <top (required)>'
# ./spec/advisory_spec.rb:34:in `block (4 levels) in <top (required)>'
2) Bundler::Plumber::Advisory load #url
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:38:in `block (4 levels) in <top (required)>'
# ./spec/advisory_spec.rb:39:in `block (4 levels) in <top (required)>'
3) Bundler::Plumber::Advisory load #title
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:43:in `block (4 levels) in <top (required)>'
# ./spec/advisory_spec.rb:44:in `block (4 levels) in <top (required)>'
4) Bundler::Plumber::Advisory load #date
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:48:in `block (4 levels) in <top (required)>'
# ./spec/advisory_spec.rb:49:in `block (4 levels) in <top (required)>'
5) Bundler::Plumber::Advisory load #description
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:53:in `block (4 levels) in <top (required)>'
# ./spec/advisory_spec.rb:54:in `block (4 levels) in <top (required)>'
6) Bundler::Plumber::Advisory load #patched_versions should all be Gem::Requirement objects
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:67:in `block (4 levels) in <top (required)>'
# ./spec/advisory_spec.rb:70:in `block (4 levels) in <top (required)>'
7) Bundler::Plumber::Advisory load #patched_versions should parse the versions
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:67:in `block (4 levels) in <top (required)>'
# ./spec/advisory_spec.rb:76:in `block (4 levels) in <top (required)>'
8) Bundler::Plumber::Advisory#unaffected? when passed a version that matches one unaffected version should return true
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:87:in `block (4 levels) in <top (required)>'
9) Bundler::Plumber::Advisory#unaffected? when passed a version that matches no unaffected version should return false
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:95:in `block (4 levels) in <top (required)>'
10) Bundler::Plumber::Advisory#patched? when passed a version that matches one patched version should return true
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:105:in `block (4 levels) in <top (required)>'
11) Bundler::Plumber::Advisory#patched? when passed a version that matches no patched version should return false
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:113:in `block (4 levels) in <top (required)>'
12) Bundler::Plumber::Advisory#vulnerable? when passed a version that matches one patched version should return false
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:123:in `block (4 levels) in <top (required)>'
13) Bundler::Plumber::Advisory#vulnerable? when passed a version that matches no patched version should return true
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:27:in `block (2 levels) in <top (required)>'
# ./spec/advisory_spec.rb:131:in `block (4 levels) in <top (required)>'
14) Bundler::Plumber::Advisory#vulnerable? when passed a version that matches no patched version when unaffected_versions is not empty when passed a version that matches one unaffected version should return false
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:135:in `block (5 levels) in <top (required)>'
# ./spec/advisory_spec.rb:141:in `block (6 levels) in <top (required)>'
15) Bundler::Plumber::Advisory#vulnerable? when passed a version that matches no patched version when unaffected_versions is not empty when passed a version that matches no unaffected version should return true
Failure/Error: data = YAML.load_file(path)
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db/gems/therubyracer/336.yml
# ./spec/advisory_spec.rb:135:in `block (5 levels) in <top (required)>'
# ./spec/advisory_spec.rb:149:in `block (6 levels) in <top (required)>'
16) Bundler::Plumber::Database path should prefer the user repo, iff it's as up to date, or more up to date than the vendored one
Failure/Error: expect(Bundler::Plumber::Database.path).to eq Bundler::Plumber::Database::VENDORED_PATH
expected: "/Users/etagwerker/Projects/fastruby/bundler-leak/data/ruby-mem-advisory-db"
got: "/Users/etagwerker/Projects/fastruby/bundler-leak/tmp/ruby-mem-advisory-db"
(compared using ==)
# ./spec/database_spec.rb:33:in `block (3 levels) in <top (required)>'
17) Bundler::Plumber::Database#check_gem when given a block should yield every advisory affecting the gem
Failure/Error: expect(advisories).not_to be_empty
expected `[].empty?` to return false, got true
# ./spec/database_spec.rb:98:in `block (4 levels) in <top (required)>'
18) CLI when auditing a bundle with unpatched gems should print a warning
Failure/Error: expect(subject).to include("Vulnerabilities found!")
expected "/Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `read': No suc...in `load'\n\tfrom /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `<main>'\n" to include "Vulnerabilities found!"
Diff:
@@ -1,2 +1,12 @@
-Vulnerabilities found!
+/Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `read': No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/unpatched_gems/Gemfile.lock (Errno::ENOENT)
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `initialize'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/cli.rb:41:in `new'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/cli.rb:41:in `check'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundle-leak:10:in `<top (required)>'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `load'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `<main>'
# ./spec/integration_spec.rb:19:in `block (3 levels) in <top (required)>'
19) CLI when auditing a bundle with unpatched gems should print advisory information for the vulnerable gems
Failure/Error: expect(subject).to match(advisory_pattern)
expected "/Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `read': No suc...in `load'\n\tfrom /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `<main>'\n" to match /(Name: [^\n]+
Version: \d+.\d+.\d+
URL: https?:\/\/(www\.)?.+
Title: [^\n]*?
Solution: remove or disable this gem until a patch is available!)+/
Diff:
@@ -1,6 +1,12 @@
-/(Name: [^\n]+
-Version: \d+.\d+.\d+
-URL: https?:\/\/(www\.)?.+
-Title: [^\n]*?
-Solution: remove or disable this gem until a patch is available!)+/
+/Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `read': No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/unpatched_gems/Gemfile.lock (Errno::ENOENT)
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `initialize'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/cli.rb:41:in `new'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/cli.rb:41:in `check'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
+ from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundle-leak:10:in `<top (required)>'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `load'
+ from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `<main>'
# ./spec/integration_spec.rb:29:in `block (3 levels) in <top (required)>'
20) CLI when auditing a secure bundle should print nothing when everything is fine
Failure/Error: raise "FAILED #{command}\n#{result}" if $?.success? == !!options[:fail]
RuntimeError:
FAILED /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak
/Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `read': No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/secure/Gemfile.lock (Errno::ENOENT)
from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/scanner.rb:61:in `initialize'
from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/cli.rb:41:in `new'
from /Users/etagwerker/Projects/fastruby/bundler-leak/lib/bundler/plumber/cli.rb:41:in `check'
from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
from /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundle-leak:10:in `<top (required)>'
from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `load'
from /Users/etagwerker/Projects/fastruby/bundler-leak/bin/bundler-leak:3:in `<main>'
# ./spec/spec_helper.rb:12:in `block in sh'
# /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/bundler-2.0.1/lib/bundler.rb:313:in `block in with_clean_env'
# /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/bundler-2.0.1/lib/bundler.rb:562:in `with_env'
# /Users/etagwerker/.rvm/gems/ruby-2.5.1/gems/bundler-2.0.1/lib/bundler.rb:313:in `with_clean_env'
# ./spec/spec_helper.rb:10:in `sh'
# ./spec/integration_spec.rb:39:in `block (4 levels) in <top (required)>'
# ./spec/integration_spec.rb:39:in `chdir'
# ./spec/integration_spec.rb:39:in `block (3 levels) in <top (required)>'
# ./spec/integration_spec.rb:43:in `block (3 levels) in <top (required)>'
21) Bundler::Plumber::Scanner#scan should yield results
Failure/Error: File.read(File.join(@root,gemfile_lock))
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/unpatched_gems/Gemfile.lock
# ./spec/scanner_spec.rb:9:in `new'
# ./spec/scanner_spec.rb:9:in `block (3 levels) in <top (required)>'
# ./spec/scanner_spec.rb:14:in `block (3 levels) in <top (required)>'
22) Bundler::Plumber::Scanner#scan when not called with a block should return an Enumerator
Failure/Error: File.read(File.join(@root,gemfile_lock))
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/unpatched_gems/Gemfile.lock
# ./spec/scanner_spec.rb:9:in `new'
# ./spec/scanner_spec.rb:9:in `block (3 levels) in <top (required)>'
# ./spec/scanner_spec.rb:21:in `block (4 levels) in <top (required)>'
23) Bundler::Plumber::Scanner when auditing a bundle with unpatched gems should match unpatched gems to their advisories
Failure/Error: File.read(File.join(@root,gemfile_lock))
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/unpatched_gems/Gemfile.lock
# ./spec/scanner_spec.rb:29:in `new'
# ./spec/scanner_spec.rb:29:in `block (3 levels) in <top (required)>'
# ./spec/scanner_spec.rb:31:in `block (3 levels) in <top (required)>'
# ./spec/scanner_spec.rb:34:in `block (3 levels) in <top (required)>'
24) Bundler::Plumber::Scanner when auditing a bundle with unpatched gems when the :ignore option is given should ignore the specified advisories
Failure/Error: File.read(File.join(@root,gemfile_lock))
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/unpatched_gems/Gemfile.lock
# ./spec/scanner_spec.rb:29:in `new'
# ./spec/scanner_spec.rb:29:in `block (3 levels) in <top (required)>'
# ./spec/scanner_spec.rb:40:in `block (4 levels) in <top (required)>'
# ./spec/scanner_spec.rb:43:in `block (4 levels) in <top (required)>'
25) Bundler::Plumber::Scanner when auditing a secure bundle should print nothing when everything is fine
Failure/Error: File.read(File.join(@root,gemfile_lock))
Errno::ENOENT:
No such file or directory @ rb_sysopen - /Users/etagwerker/Projects/fastruby/bundler-leak/spec/bundle/secure/Gemfile.lock
# ./spec/scanner_spec.rb:53:in `new'
# ./spec/scanner_spec.rb:53:in `block (3 levels) in <top (required)>'
# ./spec/scanner_spec.rb:55:in `block (3 levels) in <top (required)>'
# ./spec/scanner_spec.rb:58:in `block (3 levels) in <top (required)>'
Finished in 4.01 seconds (files took 0.2112 seconds to load)
46 examples, 25 failures
Failed examples:
rspec ./spec/advisory_spec.rb:34 # Bundler::Plumber::Advisory load #id
rspec ./spec/advisory_spec.rb:39 # Bundler::Plumber::Advisory load #url
rspec ./spec/advisory_spec.rb:44 # Bundler::Plumber::Advisory load #title
rspec ./spec/advisory_spec.rb:49 # Bundler::Plumber::Advisory load #date
rspec ./spec/advisory_spec.rb:54 # Bundler::Plumber::Advisory load #description
rspec ./spec/advisory_spec.rb:69 # Bundler::Plumber::Advisory load #patched_versions should all be Gem::Requirement objects
rspec ./spec/advisory_spec.rb:75 # Bundler::Plumber::Advisory load #patched_versions should parse the versions
rspec ./spec/advisory_spec.rb:86 # Bundler::Plumber::Advisory#unaffected? when passed a version that matches one unaffected version should return true
rspec ./spec/advisory_spec.rb:94 # Bundler::Plumber::Advisory#unaffected? when passed a version that matches no unaffected version should return false
rspec ./spec/advisory_spec.rb:104 # Bundler::Plumber::Advisory#patched? when passed a version that matches one patched version should return true
rspec ./spec/advisory_spec.rb:112 # Bundler::Plumber::Advisory#patched? when passed a version that matches no patched version should return false
rspec ./spec/advisory_spec.rb:122 # Bundler::Plumber::Advisory#vulnerable? when passed a version that matches one patched version should return false
rspec ./spec/advisory_spec.rb:130 # Bundler::Plumber::Advisory#vulnerable? when passed a version that matches no patched version should return true
rspec ./spec/advisory_spec.rb:140 # Bundler::Plumber::Advisory#vulnerable? when passed a version that matches no patched version when unaffected_versions is not empty when passed a version that matches one unaffected version should return false
rspec ./spec/advisory_spec.rb:148 # Bundler::Plumber::Advisory#vulnerable? when passed a version that matches no patched version when unaffected_versions is not empty when passed a version that matches no unaffected version should return true
rspec ./spec/database_spec.rb:17 # Bundler::Plumber::Database path should prefer the user repo, iff it's as up to date, or more up to date than the vendored one
rspec ./spec/database_spec.rb:91 # Bundler::Plumber::Database#check_gem when given a block should yield every advisory affecting the gem
rspec ./spec/integration_spec.rb:18 # CLI when auditing a bundle with unpatched gems should print a warning
rspec ./spec/integration_spec.rb:22 # CLI when auditing a bundle with unpatched gems should print advisory information for the vulnerable gems
rspec ./spec/integration_spec.rb:42 # CLI when auditing a secure bundle should print nothing when everything is fine
rspec ./spec/scanner_spec.rb:11 # Bundler::Plumber::Scanner#scan should yield results
rspec ./spec/scanner_spec.rb:20 # Bundler::Plumber::Scanner#scan when not called with a block should return an Enumerator
rspec ./spec/scanner_spec.rb:33 # Bundler::Plumber::Scanner when auditing a bundle with unpatched gems should match unpatched gems to their advisories
rspec ./spec/scanner_spec.rb:42 # Bundler::Plumber::Scanner when auditing a bundle with unpatched gems when the :ignore option is given should ignore the specified advisories
rspec ./spec/scanner_spec.rb:57 # Bundler::Plumber::Scanner when auditing a secure bundle should print nothing when everything is fine
Coverage report generated for RSpec to /Users/etagwerker/Projects/fastruby/bundler-leak/coverage. 307 / 373 LOC (82.31%) covered.
It seems that I'm missing something when setting up the project locally.
It might be a good idea to have a ./bin/setup which makes sure that the dev environment is properly setup.
I just tried to clone and test the app locally and I found these issues:
When trying to run the tests I found this error:
I tried with
bundle exec rspec spec
and I found other errors:It seems that I'm missing something when setting up the project locally.
It might be a good idea to have a
./bin/setup
which makes sure that the dev environment is properly setup.