Merge pull request #432 from presidentbeef/parse_all_of_gemfile_lock

Get all gem versions from Gemfile.lock

lib/brakeman/processors/gem_processor.rb

@@ -5,7 +5,7 @@ class Brakeman::GemProcessor < Brakeman::BaseProcessor
 
   def initialize *args
     super
-
+    @gem_name_version = /^\s*([-_+.A-Za-z0-9]+) \((\w(\.\w+)*)\)/
     @tracker.config[:gems] ||= {}
   end
 
@@ -13,9 +13,8 @@ class Brakeman::GemProcessor < Brakeman::BaseProcessor
     process src
 
     if gem_lock
-      get_rails_version gem_lock
-      get_json_version gem_lock
-      get_i18n_version gem_lock
+      process_gem_lock gem_lock
+      @tracker.config[:rails_version] = @tracker.config[:gems][:rails]
     elsif @tracker.config[:gems][:rails] =~ /(\d+.\d+.\d+)/
       @tracker.config[:rails_version] = $1
     end
@@ -48,24 +47,17 @@ class Brakeman::GemProcessor < Brakeman::BaseProcessor
 
     exp
   end
-  
-  # Supports .rc2 but not ~>, >=, or <=
-  def get_version name, gem_lock
-    if gem_lock =~ /\s#{name} \((\w(\.\w+)*)\)(?:\n|\r\n)/ 
-      $1
-    end 
-  end
-
-  def get_rails_version gem_lock
-    @tracker.config[:rails_version] = get_version("rails", gem_lock)
-  end
 
-  def get_json_version gem_lock
-    @tracker.config[:gems][:json] = get_version("json", gem_lock)
-    @tracker.config[:gems][:json_pure] = get_version("json_pure", gem_lock)
+  def process_gem_lock gem_lock
+    gem_lock.each_line do |line|
+      set_gem_version line
+    end
   end
 
-  def get_i18n_version gem_lock
-    @tracker.config[:gems][:i18n] = get_version("i18n", gem_lock)
+  # Supports .rc2 but not ~>, >=, or <=
+  def set_gem_version line
+    if line =~ @gem_name_version
+      @tracker.config[:gems][$1.to_sym] = $2
+    end
   end
 end

test/tests/brakeman.rb

@@ -205,10 +205,14 @@ class ConfigTests < Test::Unit::TestCase
 end
 
 class GemProcessorTests < Test::Unit::TestCase
-  FakeTracker = Struct.new(:config)
+  FakeTracker = Struct.new(:config, :options)
+
+  def assert_version version, name, msg = nil
+    assert_equal version, @tracker[:config][:gems][name], msg
+  end
 
   def setup 
-    @tracker = FakeTracker.new({}) 
+    @tracker = FakeTracker.new({}, {})
     @gem_processor = Brakeman::GemProcessor.new @tracker 
     @eol_representations = ["\r\n", "\n"] 
     @gem_locks = @eol_representations.inject({}) {|h, eol| 
@@ -216,13 +220,13 @@ class GemProcessorTests < Test::Unit::TestCase
     }
   end 
 
-  def test_get_version 
-    @gem_locks.each do |eol, gem_lock|      
-      assert_equal "4.3.1", @gem_processor.get_version("erubis", gem_lock), "Couldn't match gemlock with eol: #{eol}}"
-      assert_equal "3.2.1", @gem_processor.get_version("paperclip", gem_lock), "Couldn't match gemlock with eol: #{eol}"
-      assert_equal "3.2.1.rc2", @gem_processor.get_version("rails", gem_lock), "Couldn't match gemlock with eol: #{eol}"  
-      assert_equal "1.1", @gem_processor.get_version("simplecov", gem_lock), "Couldn't match gemlock with eol: #{eol}"
+  def test_gem_lock_parsing
+    @gem_locks.each do |eol, gem_lock|
+      @gem_processor.process_gems Sexp.new(:block), gem_lock
+      assert_version "4.3.1", :erubis, "Couldn't match gemlock with eol: #{eol}"
+      assert_version "3.2.1", :paperclip, "Couldn't match gemlock with eol: #{eol}"
+      assert_version "3.2.1.rc2", :rails, "Couldn't match gemlock with eol: #{eol}"  
+      assert_version "1.1", :simplecov, "Couldn't match gemlock with eol: #{eol}"
     end 
   end 
-
 end