Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/bundler/audit/cli.rb
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ def check(dir=Dir.pwd)
exit 1
end

report = scanner.report(ignore: options.ignore)
report = scanner.report(ignore: options[:ignore], verbose: options[:verbose])

output = if options[:output]
File.new(options[:output],'w')
Expand Down
5 changes: 5 additions & 0 deletions lib/bundler/audit/scanner.rb
Original file line number Diff line number Diff line change
Expand Up @@ -224,11 +224,16 @@ def scan_specs(options={})
config.ignore
end

seen = Set.new

@lockfile.specs.each do |gem|
@database.check_gem(gem) do |advisory|
is_ignored = ignore.intersect?(advisory.identifiers.to_set)
next if is_ignored

reportable = options[:verbose] || seen.add?([gem.name, gem.version, advisory.id])
next unless reportable

yield Results::UnpatchedGem.new(gem,advisory)
end
end
Expand Down
6 changes: 6 additions & 0 deletions spec/bundle/unpatched_gems/Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ GEM
activesupport (= 3.2.10)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activerecord (3.2.10-aarch64-linux-gnu)
Comment thread
simi marked this conversation as resolved.
activemodel (= 3.2.10)
activesupport (= 3.2.10)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activesupport (3.2.10)
i18n (~> 0.6)
multi_json (~> 1.0)
Expand All @@ -23,6 +28,7 @@ GEM
PLATFORMS
ruby
x86_64-linux
aarch64-linux-gnu

DEPENDENCIES
activerecord (= 3.2.10)
Expand Down
20 changes: 20 additions & 0 deletions spec/scanner_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,26 @@
end
end

context "when there is more than one platform per gem" do
context "when '--verbose' is passed as an option to the cli" do
subject { super().scan(verbose: true).to_a }

it "should report one vulnerability per gem regardless of duplications" do
unpatched_gems = subject.map { |r| [r.gem.name, r.gem.version, r.advisory.id] }
expect(unpatched_gems.size).to be > unpatched_gems.uniq.size
end
end

context "when '--verbose' is not passed as an option to the cli" do
subject { super().scan.to_a }

it "should deduplicate the report" do
unpatched_gems = subject.map { |r| [r.gem.name, r.gem.version, r.advisory.id] }
expect(unpatched_gems.size).to eq(unpatched_gems.uniq.size)
end
end
end

context "when the :ignore option is given" do
subject { super().scan(ignore: ['CVE-2013-0156']) }

Expand Down
Loading